Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-3200

321

322

323

324

325

326

327

328

329

330

Dell Networking W-Series ArubaOS 6.4.x| User Guide 802.1X Authentication | 326

Chapter 12

802.1X Authentication

802.1X is an Institute of Electrical and Electronics Engineers (IEEE) standard that provides an authentication

framework for WLANs. 802.1x uses the Extensible Authentication Protocol (EAP) to exchange messages during

the authentication process. The authentication protocols that operate inside the 802.1X framework that are

suitable for wireless networks include EAP-Transport Layer Security (EAP-TLS), Protected EAP (PEAP), and EAP-

Tunneled TLS (EAP-TTLS). These protocols allow the network to authenticate the client while also allowing the

client to authenticate the network.

This chapter describes the following topics:

l Understanding 802.1X Authentication on page 326

l Configuring 802.1X Authentication on page 329

l Sample Configurations on page 338

l Performing Advanced Configuration Options for 802.1X on page 354

Other types of authentication not discussed in this section can be found in the following sections of this guide:

l Captive portal authentication: Configuring Captive Portal Authentication Profiles on page 385

l VPN authentication: Planning a VPN Configuration on page 411

l MAC authentication: Configuring MAC-Based Authentication on page 279

l Stateful 802.1X, stateful NTLM, and WISPr authentication: Stateful and WISPr Authentication on page 358

Understanding 802.1X Authentication

802.1x authentication consists of three components:

l The supplicant, or client, is the device attempting to gain access to the network. You can configure the Dell

user-centric network to support 802.1x authentication for wired usersa wireless users.

l The authenticator is the gatekeeper to the network and permits or denies access to the supplicants.

l The Dell controller acts as the authenticator, relaying information between the authentication server and

supplicant. The EAP type must be consistent between the authentication server and supplicant, and is

transparent to the controller.

The authentication server provides a database of information required for authentication, and informs the

authenticator to deny or permit access to the supplicant.

The 802.1X authentication server is typically an EAP-compliant Remote Access Dial-In User Service (RADIUS)

server which can authenticate either users (through passwords or certificates) or the client computer.

An example of an 802.1X authentication server is the Internet Authentication Service (IAS) in Windows (see

technet.microsoft.com/en-us/library/cc759077(WS.10).aspx).

In Dell user-centric networks, you can terminate the 802.1x authentication on the controller. The controller

passes user authentication to its internal database or to a “backend” non-802.1X server. This feature, also

called AAA FastConnect, is useful for deployments where an 802.1X EAP-compliant RADIUS server is not

available or required for authentication.

Supported EAP Types

Following is the list of supported EAP types: