Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-3200

331

332

333

334

335

336

337

338

339

340

339 | 802.1X Authentication Dell Networking W-Series ArubaOS 6.4.x| User Guide

n guest

n system administrators

The examples show how to configure using the WebUI and CLI commands.

Configuring Authentication with an 802.1X RADIUS Server

l An EAP-compliant RADIUS server provides the 802.1X authentication. The RADIUS server administrator

must configure the server to support this authentication. The administrator must also configure the server

to all communications with the Dell controller.

l The authentication type is WPA. From the 802.1X authentication exchange, the client and the controller

derive dynamic keys to encrypt data transmitted on the wireless network.

l 802.1x authentication based on PEAP with MS-CHAPv2 provides both computer and user authentication. If

a user attempts to log in without the computer being authenticated first, the user is placed into a more

limited “guest” user role.

Windows domain credentials are used for computer authentication, and the user’s Windows login and

password are used for user authentication. A single user sign-on facilitates both authentication to the

wireless network and access to the Windows server resources.

802.1X Configuration for IAS and Windows Clients on page 1153 describes how to configure the Microsoft Internet

Authentication Server and Windows XP wireless client to operate with the controller configuration shown in this

section.

Configuring Roles and Policies

You can create the following policies and user roles for:

l Student

l Faculty

l Guest

l Sysadmin

l Computer

Creating the Student Role and Policy

The student policy prevents students from using telnet, POP3, FTP, SMTP, SNMP, or SSH to the wired portion

of the network. The student policy is mapped to the student user role.

In the WebUI

1. Navigate to the Configuration > Security > Access Control > Policies page. Select Add to add the

student policy.

2. For Policy Name, enter student.

3. For Policy Type, select IPv4 Session.

4. Under Rules, select Add to add rules for the policy.

a. Under Source, select user.

b. Under Destination, select alias.

The following step defines an alias representing all internal network addresses. Once defined,

you can use the alias for other rules and policies.

c. Under the alias selection, click New. For Destination Name, enter Internal Network. Click Add to add a

rule. For Rule Type, select network. For IP Address, enter 10.0.0.0. For Network Mask/Range, enter