Configuration manual
Dell PowerConnect W-AirWave 7.4 | Configuration Guide Configuration Reference | 55
Termination EAP-Type
PEAP
0 Specify EAP-PEAP termination.
802.1x authentication based on PEAP with MS-CHAPv2 provides both computer and
user authentication. If a user attempts to log in without the computer being
authenticated first, the user is placed into a more limited “guest” user role.
Windows domain credentials are used for computer authentication, and the user’s
Windows login and password are used for user authentication. A single user sign-on
facilitates both authentication to the wireless network and access to the Windows
server resources.
Termination Inner EAP-
Type MSCHAPv2
No Enable or disable this setting. You can enable caching of user credentials on the
controller as a backup to an external authentication server. The EAP-Microsoft
Challenge Authentication Protocol version 2 (MS-CHAPv2), described in RFC 2759, is
widely supported by Microsoft clients.
Termination Inner EAP-
Type GTC
No Enable or disable GTC. EAP-Generic Token Card (GTC): Described in RFC 2284, this EAP
method permits the transfer of unencrypted usernames and passwords from client to
server. The main uses for EAP-GTC are one-time token cards such as SecureID and the
use of LDAP or RADIUS as the user authentication server.
You can also enable caching of user credentials on the controller as a backup to an
external authentication server.
Token Caching Disabled Specify whether EAP token caching is enabled or disabled.
Token Caching Period
(1-240 hrs)
24 Specify token caching, in hours. The supported range is from 1 to 240 hours.
CA-Certificate Type the CA certificate imported into the controller.
Server-Certificate Specify a server certificate. The list of available certificates is taken from the computer
certificate store on which IAS is running. In this case, a self-signed certificate was
generated by the local certificate authority and installed on the IAS system. On each
wireless client device, the local certificate authority is added as a trusted certificate
authority, thus allowing this certificate to be trusted.
TLS Guest Access No Specify if TLS authentication supports guest users.
User-level authentication is performed by an external RADIUS server using PPP EAP-
TLS. In this scenario, client and server certificates are mutually authenticated during
the EAP-TLS exchange. During the authentication, the controller encapsulates EAP-TLS
messages from the client into RADIUS messages and forwards them to the server.
TLS Guest Role ap-role Specify the TLS authentication role that will support guests. This setting requires a
policy enforcement firewall license.
Ignore EAPOL-START
After Authentication
No Enable or disable this setting.
EAP authentication starts with a EAPOL-start frame that is sent by the wireless client to
the AP. Upon reception of such a frame, the AP responds back to the wireless client
with an EAP-Identify-Request and also does internal resource allocation. Attackers can
use this vulnerability by sending a lot of EAPOL-start frames to the Access point, either
by spoofing the MAC address or by emulating wireless clients. This forces the AP to
allocate increasing resource and eventually bringing it down. Enable this setting to
reduce the risk.
Handle EAPOL-Logoff No Specify whether authentication should manage logoff activity.
Ignore EAP ID During
Negotiation
No Specify whether EAP should be ignored during authentication.
WPA-Fast-Handover No In the 802.1x Authentication profile, the WPA fast handover feature allows certain WPA
clients to use a pre-authorized PMK, significantly reducing handover interruption.
Check with the manufacturer of your handset to see if this feature is supported. This
feature is disabled by default.
Table 9 Profiles > AAA > 802.1x Auth Profile Settings (Continued)
Field Default Description