76 | Aruba Configuration Reference AirWave Wireless Management Suite | Configuration Guide
Table 17 Aruba Configuration > Profiles > AAA > 802.1x Auth Profile Settings
Field Default Description
General Settings
Folder Top Use this field to set and display the folder with which the profile is
associated. The drop-down menu displays all folders available for
association with the profile.
Folders provide a way to organize the visibility of device parameters that is
separate from the configuration groups of devices. Using folders, you can
view basic statistics about device, and define which users have visibility to
which device parameters.
Name Blank Enter the name of the profile.
Other Settings
Max Authentication
Failures
0 Number of times a user can try to login with wrong credentials after which
the user will be blacklisted as a security threat.
Set to 0 to disable blacklisting, otherwise enter a non-zero integer to
blacklist the user after the specified number of failures.
This setting requires a wireless intrusion protection license.
Enforce Machine
Authentication
No (For Windows environments only) Select this option to enforce machine
authentication before user authentication. If selected, either the Machine
Authentication Default Role or the User Authentication Default Role is
assigned to the user, depending on which authentication is successful.
This setting requires a policy enforcement firewall license.
Machine
Authentication:
Default Machine
Role
ap-role Select the default role to be assigned to the user after completing machine
authentication.
Machine
Authentication
Cache Timeout
(1-1000 hrs)
24 When a Windows device boots, it logs onto the network domain using a
machine account. Within the domain, the device is authenticated before
computer group policies and software settings can be executed; this
process is known as machine authentication. Machine authentication
ensures that only authorized devices are allowed on the network.
You can configure 802.1x for both user and machine authentication (select
the Enforce Machine Authentication option described in Table 51 on page
272). This tightens the authentication process further since both the device
and user need to be authenticated.
Role Assignment with Machine Authentication Enabled
When you enable machine authentication, there are two additional roles
you can define in the 802.1x authentication profile:
z Machine authentication default machine role
z Machine authentication default user role
While you can select the same role for both options, you should define the
roles as per the polices that need to be enforced. Also, these roles can be
different from the 802.1x authentication default role configured in the AAA
profile.
With machine authentication enabled, the assigned role depends upon the
success or failure of the machine and user authentications. In certain
cases, the role that is ultimately assigned to a client can also depend upon
attributes returned by the authentication server or server derivation rules
configured on the controller.
This setting requires a policy enforcement firewall license.
Blacklist on
Machine
Authentication
Failure
No Define whether the user is blacklisted upon authentication failure.
This setting requires a policy enforcement firewall license.
To Next Page
Loading...
