Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances

111

112

113

114

115

116

117

118

119

120

Dell Networking W-ClearPass Deployment Guide Preparing for 802.1X Wireless Authentication with Active Directory | 119

Chapter 4

Preparing for 802.1X Wireless Authentication with Active Directory

This chapter includes the following information:

l About 802.1X Authentication

l What Is AAA?

l Walking Through an 802.1X Authentication Scenario

l Configuring 802.1X Wireless Authentication with Active Directory

l Troubleshooting 802.1X Configuration Issues

About 802.1X Authentication

This section contains the following information:

l Introducing 802.1X

l 802.1X Authentication Components

Introducing 802.1X

This chapter describes how to configure 802.1X wireless authentication with Active Directory in a Dell network.

802.1X is an IEEE standard and a method for authenticating the identity of a user before providing network

access to the user. 802.1X provides an authentication mechanism to devices that need to attach to a wireless

LAN or a wired LAN.

RADIUS (Remote Authentication Dial In User Service) is a protocol that provides centralized authentication,

authorization, and accounting management (for details, see What Is AAA? on page 121).

For authentication purpose, the wireless client can associate with a network access server (NAS) or a RADIUS

client. W-ClearPass is a RADIUSserver. The wireless client can pass data traffic only after successful 802.1X

authentication.

l 802.1X offers the capability to permit or deny network connectivity based on the identity of the end user

or device.

l 802.1X enables port-based access control using authentication. An 802.1X-enabled port can be

dynamically enabled or disabled based on the identity of the user or device that connects to it.

Before authentication, the identity of the endpoint is unknown and all traffic is blocked. After authentication,

the identity of the endpoint is known and all traffic from that endpoint is allowed.

802.1X Authentication Components

802.1x authentication consists of three components—a supplicant, an authenticator, and an authentication

server (see Figure 109).

l The supplicant, or client, is the device attempting to gain access to the network. You can configure the user-

centric network to support 802.1x authentication for wired users as well as wireless users.

l The authenticator is the gatekeeper to the network and permits or denies access to the supplicants.

The Mobility Controller acts as the authenticator, relaying information between the authentication/W-

ClearPass server and the supplicant. The EAP type must be consistent between the authentication server

and supplicant and is transparent to the mobility controller.