Parameter Description
WPA-Fast-Handover Select this option to enable WPA-fast-handover on phones that support this
feature. WAP fast-handover is disabled by default.
Disable rekey and
reauthentication for
clients on call
This feature disables rekey and reauthentication for VoWLAN clients. It is disabled
by default, meaning that rekey and reauthentication is enabled.
NOTE: This option may require a license This option may require a license.
Check certificate
common name against
AAA server
If you use client certificates for user authentication, enable this option to verify
that the certificate's common name exists in the server. This parameter is
enabled by default in the default-cap and default-rap VPN profiles, and disabled by
default on all other VPN profiles.
Table 72: 802.1X Authentication Profile Basic WebUI Parameters
In the CLI
The following command configures settings for an 802.1X authentication profiles. Individual parameters are
described in the previous table.
(h
ost
)(c
onfi
g)
#a
aa
aut
hen
tic
ati
on
dot
1x
{<p
rof
ile
>|c
oun
ter
meas
ure
s}
Configuring and Using Certificates with AAA FastConnect
The switch supports 802.1X authentication using digital certificates for AAA FastConnect.
n Server Certificate—A server certificate installed in the switch verifies the authenticity of the switch for
802.1X authentication. Alcatel-Lucent switches ship with a demonstration digital certificate. Until you install
a customer-specific server certificate in the switch, this demonstration certificate is used by default for all
secure HTTP connections (such as the WebUI and captive portal) and AAA FastConnect. This certificate is
included primarily for the purposes of feature demonstration and convenience, and is not intended for
long-term use in production networks. Users in a production environment are urged to obtain and install a
certificate issued for their site or domain by a well-known certificate authority (CA). You can generate a
Certificate Signing Request (CSR) on the switch to submit to a CA. For information on how to generate a CSR
and how to import the CA-signed certificate into the switch, see Managing Certificates on page 854.
n Client Certificates—Client certificates are verified on the switch (the client certificate must be signed by a
known CA) before the username is checked on the authentication server. To use client certificate
authentication for AAA FastConnect, you need to import the following certificates into the switch (see
Importing Certificates on page 857):
l Switch’s server certificate
l CA certificate for the CA that signed the client certificates
In the WebUI
1. Navigate to the Configuration > Security > Authentication > L2 Authentication page.
2. In the Profiles list, select 802.1X Authentication Profile.
3. Select the default 802.1X authentication profile from the drop-down list to display configuration
parameters.
4. In the Basic tab, select Termination.
5. Select the Advanced Tab.
6. In the Server-Certificate field, select the server certificate imported into the switch.
7. In the CA-Certificate field, select the CA certificate imported into the switch.
8. Click Save As. Enter a name for the 802.1X authentication profile.
AOS-W 6.5.3.x | User Guide 802.1X Authentication | 267
To Next Page
Loading...