Users Guide
329 | 802.1X Authentication Dell Networking W-Series ArubaOS 6.4.x| User Guide
Configuring 802.1X Authentication
On the controller, use the following steps to configure a wireless network that uses 802.1x authentication:
1. Configure the VLANs to which the authenticated users will be assigned. See Network Configuration
Parameters on page 164.
2. Configure policies and roles. You can specify a default role for users who are successfully authenticated
using 802.1X. You can also configure server derivation rules to assign a user role based on attributes
returned by the authentication server; server-derived user roles take precedence over default roles. For
more information about policies and roles, see Roles and Policies on page 438.
The Policy Enforcement Firewall Virtual Private Network (PEFV) module provides identity-based security for wired and
wireless users and must be installed on the controller. The stateful firewall allows user classification based on user
identity, device type, location, and time of day to provide differentiated access for different classes of users. For
information about obtaining and installing licenses, see Software Licenses on page 146.
3. Configure the authentication server(s) and server group. The server can be an 802.1X RADIUS server or, if
you use AAA FastConnect, a non-802.1X server or the controller’s internal database. If you use EAP-GTC
within a PEAP tunnel, configure an LDAP or RADIUS server as the authentication server (see Authentication
Servers on page 249). If you use EAP-TLS, import server and CA certificates on the controller (see
Configuring and Using Certificates with AAA FastConnect on page 335).
4. Configure the AAA profile:
n Select the 802.1X default user role.
n Select the server group you previously configured for the 802.1x authentication server group.
5. Configure the 802.1X authentication profile. See In the WebUI on page 349.
6. Configure the virtual AP profile for an AP group or for a specific AP:
n Select the AAA profile you previously configured.
n In the SSID profile, configure the WLAN for 802.1X authentication.
For details on how to complete the above steps, see Sample Configurations on page 338.
In the WebUI
This section describes how to create and configure a new instance of an 802.1X authentication profile in the
WebUI or the CLI.
1. Navigate to the Configuration > Security > Authentication > L2 Authentication page.
2. In the Profiles list, select 802.1X Authentication Profile.
3. Enter a name for the profile, then click Add.
4. Click Apply.
5. In the Profiles list, select the 802.1X authentication profile you just created.
6. Change the settings described in Table 68 as desired, then click Apply.
The 802.1X authentication profile configuration settings are divided into two tabs—Basic and Advanced.
The Basic tab displays only those configuration settings that often need to be adjusted to suit a specific
network. The Advanced tab shows all configuration settings, including settings that do not need frequent
adjustment or should be kept at their default values. If you change a setting on one tab, then click and
display the other tab without saving your configuration, that setting will revert to its previous value.