Table of Contents
Advertisement
b)
c)
d)
Optional. Use the commands included in the Row Management drop-down list to
2.
change the order of rules, add new blank rules, clear rule data, or delete a rule, etc.
Remember, the BSC evaluates rules in the order in which they are listed here on the
New Transparent 802.1X server page.
Select the default user role from the Default role drop-down list. The selected default
3.
role is the role the BSC assigns the user if none of rules is true.
Alternatively, select an LDAP/Active Directory authentication server from the Using
LDAP/Active Directory Server drop-down list to resume rules checking using the rules
configured for the selected LDAP/Active Directory authentication server.
Location
Optional. Specify the user location from which the Transparent 802.1X authentication
request must originate by selecting a defined user location from the Location drop-down
menu. If a user location is specified, the authentication request will not be attempted if the
request does not come from that location.
Notes
Optional. Enter a meaningful description for the Transparent 802.1X authentication
server in the Notes field.
Saving the
Click Save to store the information to the BSC database or Save and create another to
settings
continue to define external Transparent 802.1x authentication servers. You may be
prompted to restart the BSC. We recommend that you do not restart the BSC until you
have completely finished configuring the BSC for use in your network.
The BSC Internal 802.1x Authentication Server
802.1x is an IEEE standard that enables authentication and key management for LANs.
Although originally designed as a port authentication scheme for wired networks, it has
recently been applied to address some of the security issues surrounding wireless LANs.
802.1x uses the Extensible Authentication Protocol (EAP) as a framework for
authentication, allowing it to leverage a variety of existing EAP methods and
authentication servers.
TTLS (Tunneled Transport Layer Security Protocol), PEAP (Protected Extensible
Authentication Protocol) and FAST (Flexible Authentication via Secure Tunneling Protocol)
pass inner authentication credentials through an encrypted tunnel. Thus, the outer
protocol (PEAP/TTLS/FAST) must first be terminated by the BSC's 802.1x authentication
server in order for the BSC to learn the user's identity for role placement.
Both PEAP and TTLS support a wide range of inner authentication protocols such as MS-
CHAPv2, PAP, and Tokens. When using 802.1x with PEAP or TTLS, Access Points should
be configured with the BSC as their RADIUS server. The BSC will then terminate the PEAP
BlueSecure™ Controller Setup and Administration Guide
•
RFC822 - Use for TLS EAP methods only. This is the Subject Alternative Name
(RFC822) which may be contained in the user's TLS certificate.
•
You can also enter RADIUS attributes here for matching.
Select the appropriate logic operator (equal to, not equal to, starts with, ends
with, contains, or [is a role]) from the Logic drop-down list.
Enter the appropriate Value to check against the specified attribute.
Select the role to assign to the user if the rule evaluates as true and the user is
authenticated from the Role drop-down list.
See "Defining User Roles to Enforce Network Usage Policies" on page 8-2 to
define a new role available for selection in the drop-down list.
Alternatively, you can select the Create New... option to open a window that
enables you to define a new role. After you save the role information, you are
returned to the Transparent 802.1X server page where you can select the role
from the drop-down list.
The BSC Internal 802.1x Authentication Server
6-19
Advertisement
Table of Contents
