Concept Guide
164 | Authentication and User Management Dell Networking W-Series Instant 6.5.1.0-4.3.1.0 | User Guide
2. In the Edit <profile-name> or the New WLAN window, ensure that all required WLAN and VLAN
attributes are defined, and then click Next.
3. On the Security tab, specify the following parameters for the Enterprise security level:
a. Select any of the following options from the Key management drop-down list.
l WPA-2 Enterprise
l WPA Enterprise
l Both (WPA-2 & WPA)
l Dynamic WEP with 802.1X
4. If you do not want to use a session key from the RADIUS server to derive pairwise unicast keys, set Session
Key for LEAP to Enabled.
5. To terminate the EAP portion of 802.1X authentication on the W-IAP instead of the RADIUS server, set
Termination to Enabled.
By default, for 802.1X authentication, the client conducts an EAP exchange with the RADIUS server, and the
W-IAP acts as a relay for this exchange. When Termination is enabled, the W-IAP by itself acts as an
authentication server and terminates the outer layers of the EAP protocol, only relaying the innermost layer
to the external RADIUS server.
6. Specify the type of authentication server to use and configure other required parameters. You can also
configure two different authentication servers to function as primary and backup servers when
Termination is enabled. For more information on RADIUSauthentication configuration parameters, see
Configuring an External Server for Authentication on page 151.
7. Click Next to define access rules, and then click Finish to apply the changes.
In the CLI
To configure 802.1X authentication for a wireless network:
(Instant AP)(config)# wlan ssid-profile <name>
(Instant AP)(SSID Profile <name>)# type {<Employee>|<Voice>}
(Instant AP)(SSID Profile <name>)# opmode {wpa2-aes|wpa-tkip|wpa-tkip,wpa2-aes|dynamic-wep}
(Instant AP)(SSID Profile <name>)# leap-use-session-key
(Instant AP)(SSID Profile <name>)# termination
(Instant AP)(SSID Profile <name>)# auth-server <server1>
(Instant AP)(SSID Profile <name>)# auth-server <server2>
(Instant AP)(SSID Profile <name>)# radius-reauth-interval <minutes>
(Instant AP)(SSID Profile <name>)# auth-survivability
(Instant AP)(SSID Profile <name>)# exit
(Instant AP)(config)# auth-survivability cache-time-out <hours>
(Instant AP)(config)# end
(Instant AP)# commit apply
Configuring 802.1X Authentication for Wired Profiles
You can configure 802.1X authentication for a wired profile in the Instant UI or the CLI.
In the Instant UI
To enable 802.1X authentication for a wired profile:
1. Click the Wired link under More in the main window. The Wired window is displayed.
2. Click New under Wired Networks to create a new network or select an existing profile for which you want
to enable 802.1X authentication and then click Edit.
3. In the New Wired Network or the Edit Wired Network window, ensure that all the required Wired and
VLAN attributes are defined, and then click Next.
4. On the Security tab, select Enabled from the 802.1X authentication drop-down list.