Reference Guide
23 | aaa authentication dot1x Dell PowerConnect ArubaOS 6.0 Command Line Interface | Reference Guide
inner-eap-type
eap-gtc|eap-
mschapv2
When EAP-PEAP is the EAP method, one of the following inner EAP
types is used:
EAP-Generic Token Card (GTC): Described in RFC 2284, this EAP
method permits the transfer of unencrypted usernames and
passwords from client to server. The main uses for EAP-GTC are one-
time token cards such as SecureID and the use of LDAP or RADIUS
as the user authentication server. You can also enable caching of
user credentials on the controller as a backup to an external
authentication server.
EAP-Microsoft Challenge Authentication Protocol version 2 (MS-
CHAPv2): Described in RFC 2759, this EAP method is widely supported
by Microsoft clients.
eap-gtc/
eap-
mschapv2
eap-mschap
v2
token-caching-
period <hours>
If you select EAP-GTC as the inner EAP method, you can specify the
timeout period, in hours, for the cached information.
(any) 24 hours
timer Sets timer options for 802.1x authentication:
idrequest-
period
<seconds>
Interval, in seconds, between identity request retries. 1-65535 30 seconds
mkey-rotation-
period
<seconds>
Interval, in seconds, between multicast key rotation. 60-864000 1800 seconds
quiet-period
<seconds>
Interval, in seconds, following failed authentication. 1-65535 30 seconds
reauth-period
<seconds>
Interval, in seconds, between reauthentication attempts, or specify
server to use the server-provided reauthentication period.
60-864000 86400
seconds
(1 day)
ukey-rotation-
period
<seconds>
Interval, in seconds, between unicast key rotation. 60-864000 900 seconds
wpa-groupkey
-delay
<milliseconds>
Interval, in milliseconds, between unicast and multicast key
exchanges.
0-2000 0 ms
(no delay)
wpa-key-period
<milliseconds>
Interval, in milliseconds, between each WPA key exchange. 1000-5000 3000 ms
wpa2-key-delay
<milliseconds>
Set the delay between EAP-Success and unicast key exchange. 1-2000 0 ms
(no delay)
tls-guest-access Enables guest access for EAP-TLS users with valid certificates. — disabled
tls-guest-role
<role>
User role assigned to EAP-TLS guest.
NOTE: This parameter requires the PEFNG license.
— guest
unicast-
keyrotation
Enables unicast key rotation. — disabled
use-session-key Use RADIUS session key as the unicast WEP key. — disabled
use-static-key Use static key as the unicast/multicast WEP key. — disabled
validate-pmkid This parameter instructs the controller to check the pairwise master
key (PMK) ID sent by the client. When this option is enabled, the
client must send a PMKID in the associate or reassociate frame to
indicate that it supports OKC or PMK caching; other
wise, full 802.1x
authentication takes place. (This feature is optional, since most
clients that support OKC and PMK caching do not send the PMKID in
their association request.)
— disabled
Parameter Description Range Default