Users Guide
335 | 802.1X Authentication Dell Networking W-Series ArubaOS 6.4.x| User Guide
In the CLI
The following command configures settings for an 802.1X authentication profiles. Individual parameters are
described in the previous table.
(host)(config) #aaa authentication dot1x {<profile>|countermeasures}
Configuring and Using Certificates with AAA FastConnect
The controller supports 802.1x authentication using digital certificates for AAA FastConnect.
l Server Certificate—A server certificate installed in the controller verifies the authenticity of the controller for
802.1x authentication. Dell controllers ship with a demonstration digital certificate. Until you install a
customer-specific server certificate in the controller, this demonstration certificate is used by default for all
secure HTTP connections (such as the WebUI and captive portal) and AAA FastConnect. This certificate is
included primarily for the purposes of feature demonstration and convenience, and is not intended for
long-term use in production networks. Users in a production environment are urged to obtain and install a
certificate issued for their site or domain by a well-known certificate authority (CA). You can generate a
Certificate Signing Request (CSR) on the controller to submit to a CA. For information on how to generate a
CSR and how to import the CA-signed certificate into the controller, see Managing Certificates on page 878.
l Client Certificates—Client certificates are verified on the controller (the client certificate must be signed by a
known CA) before the username is checked on the authentication server. To use client certificate
authentication for AAA FastConnect, you need to import the following certificates into the controller (see
Importing Certificates on page 881):
n Controller’s server certificate
n CA certificate for the CA that signed the client certificates
In the WebUI
1. Navigate to the Configuration > Security > Authentication > L2 Authentication page.
2. In the Profiles list, select 802.1x Authentication Profile.
3. Select the default 802.1x authentication profile from the drop-down list to display configuration
parameters.
4. In the Basic tab, select Termination.
5. Select the Advanced Tab.
6. In the Server-Certificate field, select the server certificate imported into the controller.
7. In the CA-Certificate field, select the CA certificate imported into the controller.
8. Click Save As. Enter a name for the 802.1x authentication profile.
9. Click Apply.
In the CLI
(host)(config) #aaa authentication dot1x <profile>
termination enable
server-cert <certificate>
ca-cert <certificate>
Configuring User and Machine Authentication
When a Windows device boots, it logs onto the network domain using a machine account. Within the domain,
the device is authenticated before computer group policies and software settings can be executed; this process
is known as machine authentication. Machine authentication ensures that only authorized devices are allowed
on the network.