266| 802.1X Authentication AOS-W 6.5.3.x| User Guide
Parameter Description
Validate PMKID This parameter instructs the switch to check the pairwise master key (PMK) ID
sent by the client. When you enable this option, the client must send a PMKID in
the associate or reassociate frame to indicate that it supports OKC or PMK
caching; otherwise, full 802.1X authentication takes place.
NOTE: This feature is optional, since most clients that support OKC and PMK
caching do not send the PMKID in their association request.
Use Session Key Select the Use Session Key option to use the RADIUS session key as the unicast
WEP key. This option is disabled by default.
Use Static Key Select the Use Static Key option to use a static key as the unicast/multicast WEP
key. This option is disabled by default.
xSec MTU Set the maximum transmission unit (MTU) for frames using the xSec protocol.
Range: 1024-1500 bytes.
Default: 1300 bytes.
Token Caching If you select EAP-GTC as the inner EAP method, you can select the Token Caching
checkbox to enable the switch to cache the username and password of each
authenticated user. The switch continues to reauthenticate users with the remote
authentication server. However, if the authentication server is unavailable, the
switch will inspect its cached credentials to reauthenticate users.
This option is disabled by default.
Token Caching Period If you select EAP-GTC as the inner EAP method, you can specify the timeout
period, in hours, for the cached information. The default value is 24 hours.
CA-Certificate Click the CA-Certificate drop-down list and select a certificate for client
authentication. The CA certificate needs to be loaded in the switch before it will
appear on this list.
Server-Certificate Click the Server-Certificate drop-down list and select a server certificate the
switch will use to authenticate itself to the client.
TLS Guest Access Select TLS Guest Access to enable guest access for EAP-TLS users with valid
certificates. This option is disabled by default.
TLS Guest Role Click the TLS Guest Role drop-down list and select the default user role for EAP-
TLS guest users. This option may require a license.
Ignore EAPOL-START
after authentication
Select Ignore EAPOL-START after authentication to ignore EAPOL-START
messages after authentication. This option is disabled by default.
Handle EAPOL-Logoff Select Handle EAPOL-Logoff to enable handling of EAPOL-LOGOFF messages.
This option is disabled by default.
Ignore EAP ID during
negotiation
Select Ignore EAP ID during negotiation to ignore EAP IDs during negotiation.
This option is disabled by default.
Table 72: 802.1X Authentication Profile Basic WebUI Parameters
To Next Page
Loading...