Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-3200

281

282

283

284

285

286

287

288

289

290

285 | BranchController Config for Controllers Dell Networking W-Series ArubaOS 6.4.x| User Guide

Clients Authentication Methods

VPN clients l PAP with an external authentication server

l CN lookup with an external authentication server

VIA and other VPN clients PAP method and CN lookup

Wireless Internet Service Provider

roaming (WISPr) clients

PAP

In this initial release, the external authentication server can be either a RADIUS server or an LDAP server.

Supported Key Reply Attributes

The following key reply attributes are supported:

l ARUBA_NAMED_VLAN

l ARUBA_NO_DHCP_FINGERPRINT

l ARUBA_ROLE

l ARUBA_VLAN

l MS_TUNNEL_MEDIUM_TYPE

l MS_TUNNEL_PRIVATE_GROUP_ID

l MS_TUNNEL_TYPE

l PW_SESSION_TIMEOUT

l PW_USER_NAME

Support Restrictions

The authentication survivability feature has the following support restrictions:

l The Survival Server cache database is station-based (thus, the MAC address is the key), so authentication

survivability is not supported for any station with a zero MAC address.

l For a client using EAP-TLS, you must install the issuer certificate of the Survival Server certificate as a

TrustedCA certificate in the client station.

l For an 802.1X client using EAP-TLS that does not terminate at the controller, the issuer certificate for the

client certificate must be imported as a TrustedCA or an intermediateCA certificate at the controller—just as

the same certificate must be installed at the terminating External RADIUS server.

l The Survival Server does not support the Online Certificate Status Protocol (OCSP) nor the Certificate

Revocation List (CRL) for EAP-TLS.

l Authentication survivability will not activate if Authentication Server Dead Time is configured as 0.

To configure Authentication Server Dead Time, on the controller, navigate to:Configuration > SECURITY >

Authentication > Advanced > Authentication Timers > Authentication ServerDeadTime (min).

Administrative Functions

This section describes the scenarios that illustrate the functionality that the authentication survivability feature

provides. For more information, see:

l Branch Deployment Features on page 283