EasyManua.ls Logo

Alcatel-Lucent AOS-W 6.5.3.x - Performing Advanced Configuration Options for 802.1 X; Application Single Sign-On Using L2 Authentication

Alcatel-Lucent AOS-W 6.5.3.x
1160 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Performing Advanced Configuration Options for 802.1X
This section describes advanced configuration options for 802.1X authentication.
Configuring Reauthentication with Unicast Key Rotation
When enabled, unicast and multicast keys are updated after each reauthorization. It is a best practice to
configure the time intervals for reauthentication, multicast key rotation, and unicast key rotation to be at least
15 minutes. Ensure that these intervals are mutually prime, and the factor of the unicast key rotation interval
and the multicast key rotation interval is less than the reauthentication interval.
Unicast key rotation depends upon both the AP/switch and wireless client behavior. It is known that some wireless
NICs have issues with unicast key rotation.
The following is an example of the parameters you can configure for reauthentication with unicast and
multicast key rotation:
n Reauthentication: Enabled
n Reauthentication Time Interval: 6011 Seconds
n Multicast Key Rotation: Enabled
n Multicast Key Rotation Time Interval: 1867 Seconds
n Unicast Key Rotation: Enabled
n Unicast Key Rotation Time Interval: 1021 Seconds
In the WebUI
1. Navigate to the Configuration > Security > Authentication > L2 Authentication page.
2. Select 802.1X Authentication Profile, then select the name of the profile you want to configure.
3. Select the Advanced tab. Enter the following values:
l Reauthentication Interval: 6011
l Multicast Key Rotation Time Interval: 1867
l Unicast Key Rotation Time Interval: 1021
l Multicast Key Rotation: (select)
l Unicast Key Rotation: (select)
l Reauthentication: (select)
4. Click Apply.
In the CLI
(host)(config) #aaa authentication dot1x profile
reauthentication
timer reauth-period 6011
unicast-keyrotation
timer ukey-rotation-period 1021
multicast-keyrotation
timer mkey-rotation-period 1867
Application Single Sign-On Using L2 Authentication
This feature allows single sign-on (SSO) for different web-based applications using Layer 2 authentication
information. Single sign-on for web-based application uses Security Assertion Markup Language (SAML), which
happens between the web service provider and an identity provider (IDP) that the web server trusts. A request
AOS-W 6.5.3.x | User Guide 802.1X Authentication | 287

Table of Contents