Dell PowerConnect W-Airwave W-Airwave 7.2 Configuration Guide - Page 59
Profiles > Advanced Authentication, 1x Auth, AAA Profiles, Advanced Authentication, pencil, Details
View all Dell PowerConnect W-Airwave manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 59 highlights
Table 9 Profiles > AAA > 802.1x Auth Profile Settings (Continued) Field Default Description TLS Guest Access No Specify if TLS authentication supports guest users. User-level authentication is performed by an external RADIUS server using PPP EAPTLS. In this scenario, client and server certificates are mutually authenticated during the EAP-TLS exchange. During the authentication, the controller encapsulates EAP-TLS messages from the client into RADIUS messages and forwards them to the server. TLS Guest Role ap-role Specify the TLS authentication role that will support guests. This setting requires a policy enforcement firewall license. Ignore EAPOL-START No After Authentication Enable or disable this setting. EAP authentication starts with a EAPOL-start frame that is sent by the wireless client to the AP. Upon reception of such a frame, the AP responds back to the wireless client with an EAP-Identify-Request and also does internal resource allocation. Attackers can use this vulnerability by sending a lot of EAPOL-start frames to the Access point, either by spoofing the MAC address or by emulating wireless clients. This forces the AP to allocate increasing resource and eventually bringing it down. Enable this setting to reduce the risk. Handle EAPOL-Logoff No Specify whether authentication should manage logoff activity. Ignore EAP ID During No Negotiation Specify whether EAP should be ignored during authentication. WPA-Fast-Handover No In the 802.1x Authentication profile, the WPA fast handover feature allows certain WPA clients to use a pre-authorized PMK, significantly reducing handover interruption. Check with the manufacturer of your handset to see if this feature is supported. This feature is disabled by default. Disable Rekey and No Reauthentication for Clients on Call Although reauthentication and rekey timers are configurable on a per-SSID basis, an 802.1x transaction during a call can affect voice quality. If a client is on a call, 802.1x reauthentication and rekey are disabled by default until the call is completed. You disable or re-enable the "voice aware" feature in the 802.1x authentication profile. This setting requires a voice service license. Select Add or Save. The added or edited 802.1x Auth profile appears on the AAA Profiles page, and on the 802.1x Auth details page. Profiles > Advanced Authentication In Advanced Authentication, you can apply timers and DNS query intervals. Follow these steps to configure an Advanced Authentication profile. 1. Select Profiles > AAA > Advanced Authentication. The details page summarizes the current profiles of this type. 2. Select the Add button to create a new Advanced Authentication profile, or click the pencil icon next to an existing profile to edit. The Details page appears. Complete the settings as described in Table 10: Table 10 Profiles > AAA > Advanced Authentication Profile Settings Field Default Description General Settings Folder Name Top Blank Set the folder with which the profile is associated. The drop-down menu displays all folders available for association with the profile. Enter the name of the Advanced Authentication profile. Dell PowerConnect W AirWave 7.2 | Configuration Guide Dell PowerConnect W Configuration Reference | 59