Dell PowerConnect W-Airwave W-Airwave 7.2 Configuration Guide - Page 58

Table 9 Profiles > AAA > 802.1x Auth Profile Settings (Continued) Field Default Description Unicast Key Rotation No Enable or disable unicast key rotation, and define the related settings on this page for unicast key rotation time and interval if this field is enabled. Reauthentication No Enable or disable reauthentication. Although reauthentication and rekey timers are configurable on a per-SSID basis, an 802.1x transaction during a call can affect voice quality. If a client is on a call, 802.1x reauthentication and rekey are disabled by default until the call is completed. You disable or re-enable the "voice aware" feature in the 802.1x authentication profile. Opportunistic Key Yes Caching Enable or disable opportunistic key caching (also configured in the 802.1x Authentication profile). This supports WPA2 clients. Validate PMKID No Define whether PMKID authentication should be validated. Use Session Key No Specify whether a client session should use a security key. Use Static Key No The IEEE 802.1x authentication standard allows for the use of keys that are dynamically generated on a per-client basis, or as a static key that is the same on all devices in the network). Define whether to use a static key with this setting. xSec MTU (1024 - 1500 Bytes) 1300 bytes Define the maximum transmission unit size in bytes. Termination No Select this option to terminate 802.1x authentication on the controller. Termination EAP-Type No TLS Specify if the EAP termination type is TLS. Termination EAP-Type 0 PEAP Specify EAP-PEAP termination. 802.1x authentication based on PEAP with MS-CHAPv2 provides both computer and user authentication. If a user attempts to log in without the computer being authenticated first, the user is placed into a more limited "guest" user role. Windows domain credentials are used for computer authentication, and the user's Windows login and password are used for user authentication. A single user sign-on facilitates both authentication to the wireless network and access to the Windows server resources. Termination Inner EAP- No Type MSCHAPv2 Enable or disable this setting. You can enable caching of user credentials on the controller as a backup to an external authentication server. The EAP-Microsoft Challenge Authentication Protocol version 2 (MS-CHAPv2), described in RFC 2759, is widely supported by Microsoft clients. Termination Inner EAP- No Type GTC Enable or disable GTC. EAP-Generic Token Card (GTC): Described in RFC 2284, this EAP method permits the transfer of unencrypted usernames and passwords from client to server. The main uses for EAP-GTC are one-time token cards such as SecureID and the use of LDAP or RADIUS as the user authentication server. You can also enable caching of user credentials on the controller as a backup to an external authentication server. Token Caching Disabled Specify whether EAP token caching is enabled or disabled. Token Caching Period 24 (1-240 hrs) Specify token caching, in hours. The supported range is from 1 to 240 hours. CA-Certificate Type the CA certificate imported into the controller. Server-Certificate Specify a server certificate. The list of available certificates is taken from the computer certificate store on which IAS is running. In this case, a self-signed certificate was generated by the local certificate authority and installed on the IAS system. On each wireless client device, the local certificate authority is added as a trusted certificate authority, thus allowing this certificate to be trusted. 58 | Dell PowerConnect W Configuration Reference Dell PowerConnect W AirWave 7.2 | Configuration Guide