Specifications
Authentication Server Configuration 361
Chapter 16
Specify the authentication server.
AP/Server Configuration for Stateful 802.1x
When stateful 802.1x authentication is used with third-party APs, a list of
those APs must be maintained. The list is automatically generated when
configuring 802.1x stateful authentication through Web UI (Web Interface).
However, for legacy support it may be done manually through the CLI.
Define the configuration. This must contain all the elements shown in the
example below.
Role Mapping
SSID Role Mapping
Enter the user-rule sub-mode in the CLI.
Specify the rule for assigning a role based on the client SSID
Encryption Type Role Mapping
Enter the user-rule sub-mode in the CLI.
Specify the rule for assigning a role based on the client SSID
(Alcatel) (config) #aaa stateful-authentication dot1x auth-server
(Alcatel) (config) #aaa stateful-authentication dot1x ap-config foo
ap-ipaddr 192.168.150.1 radius-server-name rad2-radius-server key
fooword
3
(Alcatel) (config) #aaa derivation-rules user
(Alcatel) (user-rule) #
(Alcatel) (user-rule) #set role condition essid equals foo
set-value foo-user
(Alcatel) (config) #aaa derivation-rules user
(Alcatel) (user-rule) #
(Alcatel) (user-rule) #set role condition encryption-type equals
open set-value foo-user
1
2
1
2