Dell PowerConnect W-Airwave W-Airwave 7.2 Configuration Guide - Page 59

Profiles > Advanced Authentication, 1x Auth, AAA Profiles, Advanced Authentication, pencil, Details

Get Dell PowerConnect W-Airwave PDF manuals and user guides View all Dell PowerConnect W-Airwave manuals
Add to My Manuals
Save this manual to your list of manuals

Page 59 highlights

Table 9 Profiles > AAA > 802.1x Auth Profile Settings (Continued) Field Default Description TLS Guest Access No Specify if TLS authentication supports guest users. User-level authentication is performed by an external RADIUS server using PPP EAPTLS. In this scenario, client and server certificates are mutually authenticated during the EAP-TLS exchange. During the authentication, the controller encapsulates EAP-TLS messages from the client into RADIUS messages and forwards them to the server. TLS Guest Role ap-role Specify the TLS authentication role that will support guests. This setting requires a policy enforcement firewall license. Ignore EAPOL-START No After Authentication Enable or disable this setting. EAP authentication starts with a EAPOL-start frame that is sent by the wireless client to the AP. Upon reception of such a frame, the AP responds back to the wireless client with an EAP-Identify-Request and also does internal resource allocation. Attackers can use this vulnerability by sending a lot of EAPOL-start frames to the Access point, either by spoofing the MAC address or by emulating wireless clients. This forces the AP to allocate increasing resource and eventually bringing it down. Enable this setting to reduce the risk. Handle EAPOL-Logoff No Specify whether authentication should manage logoff activity. Ignore EAP ID During No Negotiation Specify whether EAP should be ignored during authentication. WPA-Fast-Handover No In the 802.1x Authentication profile, the WPA fast handover feature allows certain WPA clients to use a pre-authorized PMK, significantly reducing handover interruption. Check with the manufacturer of your handset to see if this feature is supported. This feature is disabled by default. Disable Rekey and No Reauthentication for Clients on Call Although reauthentication and rekey timers are configurable on a per-SSID basis, an 802.1x transaction during a call can affect voice quality. If a client is on a call, 802.1x reauthentication and rekey are disabled by default until the call is completed. You disable or re-enable the "voice aware" feature in the 802.1x authentication profile. This setting requires a voice service license. Select Add or Save. The added or edited 802.1x Auth profile appears on the AAA Profiles page, and on the 802.1x Auth details page. Profiles > Advanced Authentication In Advanced Authentication, you can apply timers and DNS query intervals. Follow these steps to configure an Advanced Authentication profile. 1. Select Profiles > AAA > Advanced Authentication. The details page summarizes the current profiles of this type. 2. Select the Add button to create a new Advanced Authentication profile, or click the pencil icon next to an existing profile to edit. The Details page appears. Complete the settings as described in Table 10: Table 10 Profiles > AAA > Advanced Authentication Profile Settings Field Default Description General Settings Folder Name Top Blank Set the folder with which the profile is associated. The drop-down menu displays all folders available for association with the profile. Enter the name of the Advanced Authentication profile. Dell PowerConnect W AirWave 7.2 | Configuration Guide Dell PowerConnect W Configuration Reference | 59

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
Dell PowerConnect W AirWave 7.2
| Configuration Guide
Dell PowerConnect W Configuration Reference
|
59
Select
Add
or
Save
.
The added or edited
802.1x Auth
profile appears on the
AAA Profiles
page, and on the
802.1x
Auth
details page.
Profiles > Advanced Authentication
In Advanced Authentication, you can apply timers and DNS query intervals. Follow these steps to configure an
Advanced Authentication profile.
1.
Select
Profiles > AAA > Advanced Authentication
. The details page summarizes the current profiles of this
type.
2.
Select the
Add
button to create a new
Advanced Authentication
profile, or click the
pencil
icon next to an
existing profile to edit. The
Details
page appears. Complete the settings as described in
Table 10
:
TLS Guest Access
No
Specify if TLS authentication supports guest users.
User-level authentication is performed by an external RADIUS server using PPP EAP-
TLS. In this scenario, client and server certificates are mutually authenticated during
the EAP-TLS exchange. During the authentication, the controller encapsulates EAP-TLS
messages from the client into RADIUS messages and forwards them to the server.
TLS Guest Role
ap-role
Specify the TLS authentication role that will support guests. This setting requires a
policy enforcement firewall license.
Ignore EAPOL-START
After Authentication
No
Enable or disable this setting.
EAP authentication starts with a EAPOL-start frame that is sent by the wireless client to
the AP. Upon reception of such a frame, the AP responds back to the wireless client
with an EAP-Identify-Request and also does internal resource allocation. Attackers can
use this vulnerability by sending a lot of EAPOL-start frames to the Access point, either
by spoofing the MAC address or by emulating wireless clients. This forces the AP to
allocate increasing resource and eventually bringing it down. Enable this setting to
reduce the risk.
Handle EAPOL-Logoff
No
Specify whether authentication should manage logoff activity.
Ignore EAP ID During
Negotiation
No
Specify whether EAP should be ignored during authentication.
WPA-Fast-Handover
No
In the 802.1x Authentication profile, the WPA fast handover feature allows certain WPA
clients to use a pre-authorized PMK, significantly reducing handover interruption.
Check with the manufacturer of your handset to see if this feature is supported. This
feature is disabled by default.
Disable Rekey and
Reauthentication for
Clients on Call
No
Although reauthentication and rekey timers are configurable on a per-SSID basis, an
802.1x transaction during a call can affect voice quality. If a client is on a call, 802.1x
reauthentication and rekey are disabled by default until the call is completed. You
disable or re-enable the “voice aware” feature in the 802.1x authentication profile. This
setting requires a voice service license.
Table 10
Profiles > AAA > Advanced Authentication Profile Settings
Field
Default
Description
General Settings
Folder
Top
Set the folder with which the profile is associated. The drop-down menu displays all
folders available for association with the profile.
Name
Blank
Enter the name of the Advanced Authentication profile.
Table 9
Profiles > AAA > 802.1x Auth Profile Settings
(Continued)
Field
Default
Description