Manualshelf

Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances
171172173174175176177178179180
172 | Mobility Access Switch Configuration for 802.1X Authentication Dell Networking W-ClearPass Deployment Guide
Using the CLI
To use the CLI to configure certificates with authentication termination:
aaa authentication dot1x <profile>
termination enable
server-cert <certificate>
ca-cert <certificate>
Configuring 802.1X Authentication with Machine Authentication
This section contains the following information:
l About Machine Authentication
l Enabling the Enforce Machine Authentication Option
l Role Assignment with Machine Authentication Enabled
l VLAN Assignments
l Authentication with an 802.1x RADIUS Server
l Examples of Common 802.1X Configuration Tasks Via the CLI
About Machine Authentication
When a Windows device boots, it logs onto the network domain using a machine account. Within the domain,
the device is authenticated before computer group policies and software settings can be executed; this process
is known as machine authentication. Machine authentication ensures that only authorized devices are allowed
on the network.
Enabling the Enforce Machine Authentication Option
You can configure 802.1X authentication for both user and machine authentication (for Windows
environments only). This strengthens the authentication process further since both the device and user need
to be authenticated.
Select the Enforce Machine Authentication option to enforce machine authentication before user
authentication.
When selected, either the Machine Authentication Default Role or the User Authentication Default
Role is assigned to the user, depending on which authentication is successful. This option is disabled by
default.
This option may require a Policy Enforcement Firewall Next Generation (PEFNG) or Policy Enforcement Firewall
Module (PEFV) license.
To enable Enforce Machine Authentication:
1. On the mobility controller, navigate to the Configuration > SECURITY > Authentication > L2
Authentication page.
2. In the Profiles list, expand the 802.1x Authentication list and select the 802.1X Authentication profile of
interest.
The selected 802.1X Authentication Profile is displayed.