Users Guide
52 | Configuration Reference Dell PowerConnect W-AirWave 7.4 | Configuration Guide
In Dell PowerConnect W user-centric networks, you can terminate the 802.1x authentication on the controller.
The controller passes user authentication to its internal database or to a “backend” non-802.1x server. This
feature, also called “AAA FastConnect,” is useful for deployments where an 802.1x EAP-compliant RADIUS
server is not available or required for authentication.
Perform these steps to configure an 802.1X Auth profile.
1. Select Profiles > AAA > 802.1x Auth in the navigation pane. The details page summarizes the current
profiles of this type.
2. Select the Add button to create a new 802.1x Auth profile, or click the pencil icon next to an existing profile
to edit. Complete the settings as described in Table 9:
Table 9 Profiles > AAA > 802.1x Auth Profile Settings
Field Default Description
General Settings
Folder Top Set the folder with which the profile is associated. The drop-down menu displays all
folders available for association with the profile.
Name Blank Enter the name of the profile.
Other Settings
Max Authentication
Failures
0 Number of times a user can try to login with wrong credentials after which the user will
be blacklisted as a security threat.
Set to 0 to disable blacklisting, otherwise enter a non-zero integer to blacklist the user
after the specified number of failures.
This setting requires a wireless intrusion protection license.
Enforce Machine
Authentication
No (For Windows environments only) Select this option to enforce machine authentication
before user authentication. If selected, either the Machine Authentication Default Role
or the User Authentication Default Role is assigned to the user, depending on which
authentication is successful.
This setting requires a policy enforcement firewall license.
Machine
Authentication: Default
Machine Role
ap-role Select the default role to be assigned to the user after completing machine
authentication.
Machine
Authentication Cache
Timeout
(1-1000 hrs)
24 When a Windows device boots, it logs onto the network domain using a machine
account. Within the domain, the device is authenticated before computer group policies
and software settings can be executed; this process is known as machine
authentication. Machine authentication ensures that only authorized devices are
allowed on the network.
You can configure 802.1x for both user and machine authentication (select the Enforce
Machine Authentication option described in Table 51 on page 272). This tightens the
authentication process further since both the device and user need to be authenticated.
When you enable machine authentication, there are two additional roles you can define
in the 802.1x authentication profile:
Machine authentication default machine role
Machine authentication default user role
While you can select the same role for both options, you should define the roles as per
the polices that need to be enforced. Also, these roles can be different from the 802.1x
authentication default role configured in the AAA profile.
With machine authentication enabled, the assigned role depends upon the success or
failure of the machine and user authentications. In certain cases, the role that is
ultimately assigned to a client can also depend upon attributes returned by the
authentication server or server derivation rules configured on the controller.
This setting requires a policy enforcement firewall license.