Concept Guide
144 | Authentication and User Management Dell Networking W-Series Instant 6.5.1.0-4.3.1.0 | User Guide
l Captive Portal Authentication
l MAC Authentication with Captive Portal Authentication
l 802.1X Authentication with Captive Portal Role
l WISPr Authentication
802.1X Authentication
802.1X is an IEEE standard that provides an authentication framework for WLANs. The 802.1X standard uses
the Extensible Authentication Protocol (EAP) to exchange messages during the authentication process. The
authentication protocols that operate inside the 802.1X framework include EAP-Transport Layer Security (EAP-
TLS), Protected EAP (PEAP), and EAP-Tunneled TLS (EAP-TTLS). These protocols allow the network to
authenticate the client while also allowing the client to authenticate the network. For more information on EAP
authentication framework supported by the W-IAPs, see Supported EAP Authentication Frameworks on page
145.
The 802.1X authentication method allows a W-IAP to authenticate the identity of a user before providing
network access to the user. The Remote Authentication Dial In User Service (RADIUS) protocol provides
centralized authentication, authorization, and accounting management. For authentication purpose, the
wireless client can associate to a network access server (NAS) or RADIUS client such as a wireless W-IAP. The
wireless client can pass data traffic only after a successful 802.1X authentication.
For more information on configuring a W-IAP to use 802.1X authentication, see Configuring 802.1X
Authentication for a Network Profile on page 163.
MAC Authentication
MAC authentication is used for authenticating devices based on their physical MAC addresses. MAC
authentication requires that the MAC address of a machine matches a manually defined list of addresses. This
authentication method is not recommended for scalable networks and the networks that require stringent
security settings. For more information on configuring a W-IAP to use MAC authentication, see Configuring
MAC Authentication for a Network Profile on page 166.
MAC Authentication with 802.1X Authentication
This authentication method has the following features:
l MAC authentication precedes 802.1X authentication—The administrators can enable MAC authentication
for 802.1X authentication. MAC authentication shares all the authentication server configurations with
802.1X authentication. If a wireless or wired client connects to the network, MAC authentication is
performed first. If MAC authentication fails, 802.1X authentication does not trigger. If MAC authentication
is successful, 802.1X authentication is attempted. If 802.1X authentication is successful, the client is
assigned an 802.1X authentication role. If 802.1X authentication fails, the client is assigned a deny-all role
or mac-auth-only role.
l MAC authentication only role—Allows you to create a mac-auth-only role to allow role-based access rules
when MAC authentication is enabled for 802.1X authentication. The mac-auth-only role is assigned to a
client when the MAC authentication is successful and 802.1X authentication fails. If 802.1X authentication
is successful, the mac-auth-only role is overwritten by the final role. The mac-auth-only role is primarily
used for wired clients.
l L2 authentication fall-through—Allows you to enable the l2-authentication-fallthrough mode. When
this option is enabled, the 802.1X authentication is allowed even if the MAC authentication fails. If this
option is disabled, 802.1X authentication is not allowed. The l2-authentication-fallthrough mode is
disabled by default.
For more information on configuring a W-IAP to use MAC as well as 802.1X authentication, see Configuring
MAC Authentication with 802.1X Authentication on page 168.