virtual-ap WLAN-01_first-floor
ap-group second-floor
virtual-ap WLAN-01_second-floor
Configuring Authentication with the Switch’s Internal Database
In the following example:
n The switch’s internal database provides user authentication.
n The authentication type is WPA. From the 802.1X authentication exchange, the client and the switch derive
dynamic keys to encrypt data transmitted on the wireless network.
Configuring the Internal Database
Configure the internal database with the username, password, and role (student, faculty, or sysadmin) for each
user. There is a default internal server group that includes the internal database. For the internal server
group, configure a server derivation rule that assigns the role to the authenticated client.
In the WebUI
1. Navigate to the Configuration > Security > Authentication > Servers page.
2. In the Servers list, select Internal DB.
3. Under Users, click Add User to add users.
4. For each user, enter a username and password.
5. Select a role for each user (if a role is not specified, the default role is guest).
6. Select the expiration time for the user account in the internal database.
7. Click Apply.
In the CLI
Use the privileged mode in the CLI to configure users in the switch’s internal database.
(host)(config) #local-userdb add username <user> password <password>
Configuring a Server Rule
In the WebUI
1. Navigate to the Configuration > Security > Authentication > Servers page.
2. Select Server Group to display the Server Group list.
3. Select the internal server group.
4. Under Server Rules, click New to add a server derivation rule.
a. For Condition, enter Role.
b. Select value-of from the drop-down list.
c. Select Set Role from the drop-down list.
d. Click Add.
5. Click Apply.
In the CLI
(host)(config) #aaa server-group internal
set role condition Role value-of
AOS-W 6.5.3.x | User Guide 802.1X Authentication | 281
To Next Page
Loading...