Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances

121

122

123

124

125

126

127

128

129

130

Table 19: Description of the 802.1X Authentication Processes

Authentication

Process

Description

RADIUS Access-

Request

The Network Access Server (NAS) sends a RADIUS access request to Policy

Manager, which then evaluates the request and identifies RADIUS connection

control attributes.

2 Service Categorization

Based on the RADIUSconnection control attributes identified by Policy Manager,

the request will be categorized into a Policy Manager service.

3 Authentication Method

Policy Manager attempts to authenticate the user (in order of priority) using the

authentication method defined in the Policy Manager service.

4 Authentication Source

After negotiating an authentication method with the user, Policy Manager

authenticates the user (in order of priority) against the authentication sources

defined in the Policy Manager service.

5 Role Mapping

Any roles defined in role-mapping policies or automatically assigned by Policy

Manager based on several sources of information, including RADIUS connection

control attributes, authentication sources, or authorization attributes.

6 Enforcement Policy

An enforcement policy is a way to organize enforcement profiles and apply

them to users or Policy Manager roles. Based on the enforcement policy

assigned to the role, enforcement profiles are applied to the service request.

7 Enforcement Profile

Enforcement profiles are the building blocks that control network access and

define types of access. Multiple enforcement profiles can be used in an

enforcement policy.

For a detailed description of the EAP-PEAP-MSCHAPV2 process, refer to EAP-PEAP MSCHAPv2 Handshake

Exchange Summary on page 191.

Creating the 802.1X Wireless Service

The 802.1X Wireless Service provides a method for wireless end-hosts connecting through an 802.1X wireless

access device or mobility controller, with authentication using IEEE 802.1X and with service rules customized

for Mobility Controllers.

This W-ClearPass 802.1X template guides you through the following tasks:

l Selecting an Active Directory Authentication Source.

This guide assumes that the Active Directory Authentication Source has already been configured. For

details, see Preparing for Active Directory Authentication.

l Selecting a Mobility Controller.

This guide assumes that the mobility controller to be used for 802.1X authentication has already been

configured. For details, see Preparing the Mobility Controller for W-ClearPass PolicyManager Integration.

l Creating an Enforcement Policy for Active Directory-based attributes.

The procedure for creating an Enforcement Policy is described in this section.

Dell Networking W-ClearPass Deployment Guide Preparing for 802.1X Wireless Authentication with Active Directory | 123