Specifications
OmniAccess Reference: AOS-W System Reference
92 Part 031652-00 May 2005
Default Role – If a client is identified by MAC address, and the authentication
server does not provide role information, the default role will be given to the
client.
Authentication Failure Threshold for Station Blacklisting – If a station fails
MAC address authentication by this number of times in a row, the station will
be “blacklisted” and will not be allowed to associate to the network. Enter 0 to
disable blacklisting.
Authentication Servers – An ordered list of authentication servers to be used
when VPN clients attempt to authenticate. The authentication server should
be populated with MAC addresses, with no separating characters, in the field
normally used for usernames. Passwords should also be the MAC address
with no separating characters.
The equivalent CLI configuration for the example above is:
aaa mac-authentication mode enable
aaa mac-authentication default-role "guest"
aaa mac-authentication auth-server Internal
aaa mac-authentication max-authentication-failures 0
Stateful 802.1x
Third-party Access Points
When third-party access points are used in the network, and those third-party
access points act as 802.1x authenticators, AOS-W provides the ability to
intercept communication between the AP and the authentication server in
order to learn username information and apply appropriate role and traffic
policies. This assumes that the Alcatel switch is located in the data path
between the third-party AP and the authentication server. To configure stateful
802.1x, navigate to
Configuration > Security > Authentication Methods > Stateful
802.1x
, as shown in the figure below.