Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-3200

321

322

323

324

325

326

327

328

329

330

Parameter Description

Basic 802.1x Authentication Settings

Max authentication

failures

Number of times a user can try to log in with wrong credentials

after which the user is blacklisted as a security threat. Set to 0

to disable blacklisting, otherwise enter a non-zero integer to

blacklist the user after the specified number of failures.

Range: 0-5 failures.

Default: 0 failure.

NOTE: This option may require a license.

Enforce Machine

Authentication

Select the Enforce Machine Authentication option to require

machine authentication. This option is also available on the Basic settings tab.

NOTE: This option may require a license.

Machine

Authentication:

Default Machine Role

Default role assigned to the user after completing only machine authentication.

The default role for this setting is the “guest” role.

Machine

Authentication:

Default User Role

Default role assigned to the user after 802.1x authentication. The default role for

this setting is the “guest” role.

Reauthentication Select the Reauthentication checkbox to force the client to do a 802.1X

reauthentication after the expiration of the default timer for reauthentication.

(The default value of the timer is 24 hours.) If the user fails to reauthenticate

with valid credentials, the state of the user is cleared. If derivation rules are used

to classify 802.1x-authenticated users, then the reauthentication timer per role

overrides this setting.

This option is disabled by default.

Termination Select the Termination checkbox to allow 802.1X authentication to terminate on

the controller. This option is disabled by default.

Termination EAP-Type If you enable termination, click either EAP-PEAP or EAP-TLS to select a Extensible

Authentication Protocol (EAP) method.

Termination Inner

EAP-Type

If you use EAP-PEAP as the EAP method, specify one of the following

inner EAP types:

l eap-gtc: Described in RFC 2284, this EAP method permits the transfer of

unencrypted usernames and passwords from client to server. The main uses

for EAP-GTC are one-time token cards such as SecureID and the use of LDAP

or RADIUS as the user authentication server. You can also enable caching of

user credentials on the controller as a backup to an external authentication

server.

l eap-mschapv2: Described in RFC 2759, this EAP method is widely supported

Table 68: 802.1x Authentication Profile Basic WebUI Parameters

Dell Networking W-Series ArubaOS 6.4.x | User Guide 802.1X Authentication | 330