Dell PowerConnect W-Airwave Configuration Manual

Also see for PowerConnect W-Airwave: User guide User guide Manual Manual Quick start guide

Contents

80 | Aruba Configuration Reference AirWave Wireless Management Suite | Configuration Guide3. Click Add or Save. The added or edited 802.1x Auth profile appears on the AAA Profiles page, and on the802.1x Auth details page.Profiles > AAA > Stateful NTLM AuthWhen the user logs off or shuts down the client machine, this profile allows the user to remain in theauthenticated role until the user ages out. Aging out means the user has sent no traffic for the amount oftime specified for the Timeout parameter of this profile.The Stateful NT LAN Manager (NTLM) Authentication profile requires that you specify the followingcomponents:z a server group that includes the servers performing NTLM authenticationz a default role to be assigned to authenticated users.The Wireless Internet Service Provider roaming (WISPr) protocol allows users to roam between serviceproviders. A RADIUS server is used to authenticate subscriber credentials.For details on defining a Windows server used for NTLM authentication, refer to “Security > Server Groups> Windows” on page 156.Perform these steps to configure a Stateful NTLM Auth profile.1. Click Profiles > AAA > Stateful NTLM Auth in the Aruba Navigation pane. The details page summarizes thecurrent profiles of this type.2. Click the Add button to create a new Stateful NTLM Auth profile, or click the pencil icon next to an existingprofile to edit that profile. The Details page appears. Complete the settings as described in Table 18:Ignore EAPOL-START AfterAuthenticationNo Enable or disable this setting.EAP authentication starts with a EAPOL-start frame that is sent by thewireless client to the AP. Upon reception of such a frame, the AP respondsback to the wireless client with an EAP-Identify-Request and also doesinternal resource allocation. Attackers can use this vulnerability by sendinga lot of EAPOL-start frames to the Access point, either by spoofing theMAC address or by emulating wireless clients. This forces the AP toallocate increasing resource and eventually bringing it down. Enable thissetting to reduce the risk.Handle EAPOL-LogoffNo Specify whether authentication should manage logoff activity.Ignore EAP IDDuring NegotiationNo Specify whether EAP should be ignored during authentication.WPA-Fast-HandoverNo In the 802.1x Authentication profile, the WPA fast handover feature allowscertain WPA clients to use a pre-authorized PMK, significantly reducinghandover interruption. Check with the manufacturer of your handset to seeif this feature is supported. This feature is disabled by default.Disable Rekey andReauthenticationfor Clients on CallNo Although reauthentication and rekey timers are configurable on a per-SSIDbasis, an 802.1x transaction during a call can affect voice quality. If a clientis on a call, 802.1x reauthentication and rekey are disabled by default untilthe call is completed. You disable or re-enable the “voice aware” feature inthe 802.1x authentication profile. This setting requires a voice servicelicense.Table 17 Aruba Configuration > Profiles > AAA > 802.1x Auth Profile Settings (Continued)Field Default Description