Dell 6.2 Securing Wireless Clie nts

671| Advanced Security DellPowerConnect W- Series ArubaOS 6.2 | User Guide

protocol during8 02.1x exchangeswi th the controller.(Dell controllers support 802.1x for both wired and wireless

clients.) Upon successfulclient authentication, an xSec tunnel is established between the controllerand the client.

The authenticated client is placed into a configured VLAN, which determines the client’s DHCP server, IP address,

and Layer-2co nnection.For wireless xSec clients, the VLAN is the user VLAN co nfiguredfor the WLAN. For wired

xSecc lientsand wireless xSec clients that connect to the controllert hrougha non-Dell AP, the VLAN is a

designated xSecVLA N.The VLAN c analso be derived from configuredR ADIUS server-derivationrules or from

Vendor-SpecificA ttributes (VSAs). Once an xSec tunnelis established, a DHCP server assigns the xSec client an IP

addressfrom the address pool on the VLAN to w hicht heclient i s assigned.All traffic between the client and the

controlleris then encrypted.

The followingsect ions describe how to configure xSec on the controller for wireless and wired clients.

Securing Wireless Clie nts

The followingare the basi c steps for configuring the controllerfor xSec wireless clients:

1. Co nfigurethe user VLAN to which the authenticated clients will be assigned. See Network Configuration

Parameters on page 108 for more information.

2. Co nfigurethe user role for the authenticated xSecc lients.See Roles and Po licies on page 296for information.

3. Co nfigurethe server group that will be used to authenticate clients using 802.1x. See Authentication Servers on

page 168 for more information

4. Co nfigurethe AAA profile to specify the 802.1x default user role.Specify the 802.1x authenticati on servergroup.

NOTE:You can configure the 802.1x authentication profile if necessary. See 802.1X Authentication on page 192 for more

information.

5. Co nfigurethe virtual AP profile for the WLAN. Specify the previously-configureduser VLAN. Only xSec clients

will beallowed to connect to the WLAN and non-xSecco nnectionsare dropped.

a. Specify the previously-configuredAAA profile.

b. Configure the SSID profile with xSec as the authentication.

6. I nstalland set up the Odyssey Client on the wireless client.

Figure2 76 is an example network wherea wireless xSec client is assigned to the user VLAN 20 and the user role

“employee” upons uccessful802.1x authenticati on.V LAN 1 includes the port on the controllerthat connects to t he

wired networko nw hicht heA P is installed. (APs can connect to the controller across eithera Layer-2 or Layer-3

network.)

Figure 276: Wireless xSec Client Example

The followingsecti ons describehow to use the WebUI or CLI to configure the AAA profile and virtual AP profile

for this example.Other chapters in this manual describe the configurationof the user role, VLAN, authentication

serversand server group, and 802.1x authentication profile.

In the WebUI

1. N avigate to the Configuration > Security > Authentication > AAA Profiles page.

a. To create a new AAA profile, click Add in the AAA Profiles Summary.

b. Enter a name for the profile (forexample, xsec-wireless), and click Add.

c. To configure theA AA profile, click on thenewly-created profile name.