EasyManua.ls Logo

Alcatel-Lucent AOS-W 6.5.3.x - Page 282

Alcatel-Lucent AOS-W 6.5.3.x
1160 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
282| 802.1X Authentication AOS-W 6.5.3.x| User Guide
Configuring 802.1X Authentication
An AAA profile specifies the 802.1X authentication profile and 802.1X server group to be used for
authenticating clients for a WLAN. The AAA profile also specifies the default user role for 802.1X
authentication.
For this example, you enable both 802.1X authentication and termination on the switch.
In the WebUI
1. Navigate to the Configuration > Security > Authentication > L2 Authentication page. In the profiles
list, select 802.1X Authentication Profile.
a. In the Instance list, enter dot1x, then click Add.
b. Select the dot1x profile you just created.
c. Select Termination.
The defaults for EAP Method and Inner EAP Method are EAP-PEAP and EAP-MSCHAPv2, respectively.
d. Click Apply.
2. Select the AAA Profiles tab.
a. In the AAA Profiles Summary, click Add to add a new profile.
b. Enter aaa_dot1x, then click Add.
c. Select the aaa_dot1x profile you just created.
d. For 802.1X Authentication Default Role, select faculty.
e. Click Apply.
3. In the Profiles list (under the aaa_dot1x profile you just created), select 802.1X Authentication Profile.
a. Select the dot1x profile from the 802.1X Authentication Profile drop-down list.
b. Click Apply.
4. In the Profiles list (under the aaa_dot1x profile you just created), select 802.1X Authentication Server
Group.
a. Select the internal server group.
b. Click Apply.
In the CLI
(host)(config) #aaa authentication dot1x dot1x
termination enable
(host)(config) #aaa profile aaa_dot1x
d>ot1x-default-role student
authentication-dot1x dot1x
d>ot1x-server-group internal
Configuring VLANs
In this example, wireless clients are assigned to either VLAN 60 or 61 while guest users are assigned to VLAN
63. VLANs 60 and 61 split users into smaller IP subnetworks, improving performance by decreasing broadcast
traffic. The VLANs are internal to the Alcatel-Lucent switch only and do not extend into other parts of the wired
network. The clients’ default gateway is the Alcatel-Lucent switch, which routes traffic out to the 10.1.1.0
subnetwork.

Table of Contents