398| AccessPoints ( APs) DellPowerConnect W- Series ArubaOS 6.2 | User Guide
lMAC authentication profile—Defines parameters for MAC address authentication, including upper-o r lower-
case MAC string, the diameterformat in t hest ring,and the maximum numbero fauthenticati on failuresbefore a
useri s blacklisted. For additional information, see "Configuringthe MAC Authentication Profile" on page 189.
lCaptiveport al authentication profile—This profiledi rectsclients to a web page that requires them to entera
usernameand password before being granted access to the network. This profile defines login wait ti mes,t he
URLs for login and welcome pages, and managest he defaultuser role for authenticated captive portal clients.
You can also set the maximum number of authentication failures allowedper user before that user is blacklisted.
This profile includesa reference to a Server groupprofile. For complete information on configuring a Captive
portal authentication profile, referto Captive Portal Authentication on page 233.
lWISPRauthentication profile—WISPr authentication allows a “smart client” t o authenticate on the network
whent hey roam between WirelessI nternetService P roviders,even i f the wireless hotspot uses an ISP for which
the client may not have an account. For more information on configuring WISPr authentication, see
"ConfiguringWISPr Authenticatio n"on page 225.
l802.1x authentication profile—Defines default user roles for machineo r 802.1x authentication, and parameters
for 8021.x termination and failedauthenticati on attempts. For a list of the basic parameters in the 802.1x
authentication profile, referto 802.1X Authentication o n page 192
lRADIUS server profile—Identifies the IP address of a RADIUS server and sets R ADIUS server parameters such
as authentication and accounting ports and the maximum allowed numberof authentication retries. For a list of
the parametersin the RA DIUS profile,refer to "Configuring a RADIUS Server" on page 169
lLDAP server profile—Defines an external LDAP authentication servert hat processes requests from the
controller.This profile specifies the authentication and accounting ports used by the server, as well as
administrator passwords, filtersand keys for server access. For a list of the parameters in the LDAP profile, refer
to "Configuringan LDAP Server"o n page1 72
lTACACS server profile—Specifies the TCP port used by the server, the timeout period for a TACACS+
request,and the maximum number of allowedretries per user. For a list of the parameters in the TACACS
profile,refer to "Configuring a TACACS+ Server" on page 173
lServer group—Thisprofile manages groups of servers for specific types of authentication. Server Groups identify
individual authentication servers and let you create rules for clients based on attributes returned for the client by
the serverduring authentication. For additi onali nformation on configuringserver rules, see "Configuring Server-
Derivation Rules" on page 182
lVPNA uthentication profile—This profile identifies the default role for authenticated VPN clients and also
referencesa server group. It also provides a separate VPN AAA authentication for a terminating remote AP
(default-rap)and a campus AP (default-CAP). If you want t o simultaneously deployvario us combinations of a
VPN client, RAP-psk, RAP-certs and CAP on the same controller, see Table 76.
lManagement authentication profile—Enables ordi sablesmanagement authentication, and identifies the default
rolefor authenticated managementclients. This profilealso referencesa server group. For more information on
configuringa management authentication profile, see "Management Authentication Profile Parameters" on page
634.
lWired authentication profile—This profile merely referencesan AAA profile to be used for wired authentication.
See "SecuringWired Clients" on page 672.
lStateful 802.1x authentication Profile—Enables or disables 802.1x authentication for clients on non-DellAPs,
and definest he defaultrole for those users once they are authenticated. This profile also referencesa server group
to be used for authentication. For details on configuring stateful authentication, see "Statefuland WISPr
Authentication" on page 221.
lStateful Kerberos Authentication— Use stateful Kerberos authentication to configure a controllerto monitor
the Kerberos authentication messages between a client and a Windows authentication server. If the client
successfullyauthenticates via an Kerberos authentication server, the controller can recognizet hat the clienthas