Configuring 802.1X Authentication
802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. is a method for authenticating the identity of a user before providing network access. Aruba Central supports internal RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. server and external RADIUS server for 802.1X authentication.
To configure 802.1X authentication for the switch, complete the following steps:
- In the
- To select a switch group in the filter:
- Set the filter to a group containing at least one switch.
The dashboard context for the group is displayed. - Under , click > .
- Click the icon to view the switch configuration dashboard.
- Set the filter to a group containing at least one switch.
- To select a switch in the filter:
- Set the filter to or a group containing at least one switch.
- Under
A list of switches is displayed in the view. , click > . - Click a switch under
The dashboard context for the switch is displayed. . - Under
The tabs to configure the switch is displayed. , click .
app, select one of the following options: - To select a switch group in the filter:
- Click > . The Authentication page is displayed.
- Expand the accordion.
- To enable 802.1x Authentication at group level in the group context, slide the toggle switch to on position.
- In the
If you select EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication. or CHAPChallenge Handshake Authentication Protocol. CHAP is an authentication scheme used by PPP servers to validate the identity of remote clients., you must configure the RADIUS server.
The Port Settings table displays the number of ports and the parameters configured for the ports.
from the drop-down, select either or . - Select one or more ports for which you want to enable 802.1X authentication, and click the edit icon.
The Edit Ports Selected window is displayed. - Select from the drop-down.
- Configure the following parameters.
Table 1: Configuring 802.1X Authentication
Name
Description
Value The maximum number of clients to allow on the port.
Default: 0
The VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. to use for an unauthorized client.
Default:0
The VLAN to use for an authorized client.
Default: 0
The time (in seconds) that the switch enforces on a client to re-authenticate. The client remains authenticated while the re-authentication occurs. When set to 0, re-authentication is disabled.
Default: 300 seconds
The time (in seconds) when cached re-authentication is allowed on the port.
Default: 0
The time (in seconds) that the switch enforces for an implicit logoff.
Default: 300 seconds
The time (in seconds) during which the port does not try to acquire a supplicant. The period begins after the last attempt authorized by the max-requests parameter fails.
Default: 60 seconds
The time (in seconds) the port waits to retransmit the next EAPOL PDUPower Distribution Unit or Protocol Data Unit. Power Distribution Unit is a device that distributes electric power to the networking equipment located within a data center. Protocol Data Unit contains protocol control Information that is delivered as a unit among peer entities of a network. during an authentication session.
Default: 30 seconds
The time (in seconds) that the switch waits for a server response to an authentication request
Default: 300 seconds
The time (in seconds) that the switch waits for a supplicant response to an EAP request. If the supplicant does not respond within the configured time frame, the session times out.
Default: 300 seconds
- Click .