Manualshelf

Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances
121122123124125126127128129130
128 | Preparing for 802.1X Wireless Authentication with Active Directory Dell Networking W-ClearPass Deployment Guide
Walking Through an 802.1X Authentication Scenario
This section shows the for 802.1X authentication traffic flow for wireless and wired authentication scenarios
and provides a typical example of the 802.1X authentication process.
802.1X Wireless Authentication Traffic Flow
Figure 118 shows the flow of traffic for 802.1X authentication using Active Directory.
Figure 118 Traffic flow for 802.1X Wireless Authentication with Active Directory
Walking Through the 802.1X Authentication Process
Let's use an example to walk through the authentication process as illustrated in Figure 118.
1. A Sales Department employee connects to the Dell wireless network from his laptop and an 802.1X EAP-
PEAP authentication process begins automatically.
EAP-PEAP (Protected Extensible Authentication Protocol) is the protocol used to communicate between the
client and the network device, in this case, a mobility controller.
2. The client's authentication request is sent to the mobility controller.
3. When the mobility controller receives the authentication request, it sends a RADIUS access-request packet
to the W-ClearPass Policy Manager server with the encrypted username and password.
RADIUS is the protocol that network access device (NAD) authenticators use to communicate with the W-
ClearPass server in order to look up the information in the RADIUS database, which in this example is Active
Directory.
4. The W-ClearPass Policy Manager server checks the Active Directory database for a matching username and
password.
The communication between the W-ClearPass Policy Manager server and Active Directory is via NTLM (NT
LAN Manager) for authentication in conjunction with LDAP (Lightweight Directory Access Protocol) for
search and directory lookup.
n If there is not a match, the W-ClearPass Policy Manager server sends an access-reject message to the
mobility controller.
n If there is a match, the W-ClearPass Policy Manager server sends an access-accept message to the
mobility controller, and the user is granted access to the network.
User Role Attribute Information
The W-ClearPass Policy Manager server can also send attribute information about the user (for example, User
Role) to the mobility controller. In this example, the server uses the User Role attribute, which indicates that
the user is in the Sales Department.