Specifications
802.1x Solution Cookbook 253
Chapter 11
Advanced Attributes
One of the principles in this network is that the Alcatel switch will restrict
network access privileges based on the group membership of the computer or
user. In order for this to work, the Alcatel switch must be told to which group
the user belongs. This is accomplished using RADIUS attributes. To configure
these attributes, select the Advanced tab from the policy profile.
An attribute called “Class” has been added here. The Alcatel switch has been
configured to interpret the “Class” attribute and use it to determine group
membership. The example above is for the “Wireless-Computers” policy, and
upon successful completion will return the “Class” attribute to the Alcatel
switch containing the value “computer”.
The “Wireless-Student” policy for example will return a RADIUS attribute
called “Class” containing the value “student” upon successful completion.
Microsoft Windows XP Client Configuration
Client configuration should be automatic through group policy updates
described above. However, client configuration can also be done manually
through Windows XP’s built-in “Wireless Zero Configuration” service.
Windows will connect to preferred networks in the order in which they appear
in this list.
By clicking “Advanced”, the “Networks to access” screen is displayed. This
screen determines what types of wireless networks can be accessed. By
default, Windows will connect to any type of wireless network. In the
configuration at the left, Windows has been configured to connect only with
Access Points.
Sets up general network properties for the ESSID.
z The ESSID name is “Wireless LAN-01”.
z Open authentication should be used.
z The encryption type is WEP
z Each client will use a dynamically-generated WEP key that will be automat-
ically derived during the 802.1x process.
z The network is not ad-hoc – APs are required to be used.
Sets up 802.1x authentication parameters for the ESSID.
z Enables 802.1x