Dell W-Series 228 Instant 6.5.1.0-4.3.1.0 User Guide - Page 145
Supported EAP Authentication Frameworks, Captive Portal Authentication
View all Dell W-Series 228 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 145 highlights
Captive Portal Authentication Captive portal authentication is used for authenticating guest users. For more information on captive portal authentication, see Captive Portal for Guest Access on page 113. MAC Authentication with Captive Portal Authentication You can enforce MAC authentication for captive portal clients. For more information on configuring a W-IAP to use MAC authentication with captive portal authentication, see Configuring MAC Authentication with Captive Portal Authentication on page 170. 802.1X Authentication with Captive Portal Role This authentication mechanism allows you to configure different captive portal settings for clients on the same SSID. For example, you can configure an 802.1X SSID and create a role for captive portal access, so that some of the clients using the SSID derive the captive portal role. You can configure rules to indicate access to external or internal captive portal, or none. For more information on configuring captive portal roles for an SSID with 802.1X authentication, see Configuring Captive Portal Roles for an SSID on page 134. WISPr Authentication Wireless Internet Service Provider roaming (WISPr) authentication allows the smart clients to authenticate on the network when they roam between wireless Internet service providers, even if the wireless hotspot uses an Internet Service Provider (ISP) with whom the client may not have an account. If a hotspot is configured to use WISPr authentication in a specific ISP and a client attempts to access the Internet at that hotspot, the WISPr AAA server configured for the ISP authenticates the client directly and allows the client to access the network. If the client only has an account with a partner ISP, the WISPr AAA server forwards the client's credentials to the partner ISP's WISPr AAA server for authentication. When the client is authenticated on the partner ISP, it is also authenticated on the hotspot's own ISP as per their service agreements. The W-IAP assigns the default WISPr user role to the client when the client's ISP sends an authentication message to the W-IAP. For more information on WISPr authentication, see Configuring WISPr Authentication on page 171. Supported EAP Authentication Frameworks The following EAP authentication frameworks are supported in the Instant network: l EAP-TLS-The Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) method supports the termination of EAP-TLS security using the internal RADIUS server . The EAP-TLS requires both server and certification authority (CA) certificates installed on the W-IAP. The client certificate is verified on the VC (the client certificate must be signed by a known CA) before the username is verified on the authentication server. l EAP-TTLS (MS-CHAPv2)-The Extensible Authentication Protocol-Tunneled Transport Layer Security (EAPTTLS) method uses server-side certificates to set up authentication between clients and servers. However, the actual authentication is performed using passwords. l EAP-PEAP (MS-CHAPv2)-EAP-PEAP is an 802.1X authentication method that uses server-side public key certificates to authenticate clients with server. The PEAP authentication creates an encrypted SSL/TLS tunnel between the client and the authentication server. Exchange of information is encrypted and stored in the tunnel ensuring the user credentials are kept secure. l LEAP-Lightweight Extensible Authentication Protocol (LEAP) uses dynamic WEP keys for authentication between the client and authentication server. Dell Networking W-Series Instant 6.5.1.0-4.3.1.0 | User Guide Authentication and User Management | 145