Alcatel-Lucent AOS-W 6.5.3.x

To Next Page

To Previous Page

440| Virtual APs AOS-W 6.5.3.x| User Guide

Parameter Description

Enforce DHCP When you select this option, clients must obtain an IP using DHCP

before they are allowed to associate to an AP. Enable this option

when you create a user rule that assigns a specific role or VLAN

based upon the client device’s type. For details, see Working with

User-Derived VLANs on page 388.

NOTE: If a client is removed from the user table by the “Logon user

lifetime” AAA timer, then that client will not be able to send traffic

until it renews it’s DHCP.

NOTE: Enforce DHCP is available on the switch for APs configured

for tunnel or decrypt-tunnel forwarding mode only.

PAN firewalls Integration Requires IP mapping at Palo Alto Networks firewalls. For details, see

Palo Alto Networks Firewall Integration on page 689.

Open SSID RADIUS Accounting

Initiates RADIUS accounting as soon as the user associates to an

Open SSID without any authentication.

NOTE: Do not enable this parameter for wired users. If enabled, the

switch sends RADIUS accounting packets for unauthenticated wired

users.

Table 104: AAA Profile Parameters

7. In the profiles list, select the AAA profile to expand the list of other profiles associated with that AAAprofile.

8. Click 802.1X Authentication. The 802.1X Authentication Profile appears.

a. Click the 802.1X Authentication Profile drop-down list and select an authentication profile to

associate with your AAAprofile.

b. Click Apply.

9. Click 802.1X Authentication Server Group. The 802.1X Authentication Server Group appears.

a. Click the 802.1X Authentication Server Group drop-down list and select the server group to

associate with your AAA profile.

b. Click Apply.

10.Click MAC Authentication. The MAC Authentication Profile appears.

a. Click the MAC Authentication Profile drop-down list and select a MAC authentication profile to

associate with your AAAprofile.

b. Click Apply.

11.Click MAC Authentication Server Group. The MAC Authentication Server Group appears.

a. Click the MAC Authentication Server Group drop-down list and select the MAC server group to

associate with your AAA profile.

b. Click Apply.

12.Click RADIUS Authentication Server Group. The RADIUS Authentication Server Group appears.

a. Click the RADIUS Authentication Server Group drop-down list and select the MAC server group to

associate with your AAA profile.

b. Click Apply.

Configuring an AAAProfile in the CLI

(host)(config) #aaa authentication dot1x <profile>

(host)(config) #aaa profile <profile>

Alcatel-Lucent AOS-W 6.5.3.x - Page 440

Table of Contents