Profiles > Aaa > Stateful Ntlm Auth - Dell PowerConnect W-Airwave Configuration Manual

Table 17 Aruba Configuration > Profiles > AAA > 802.1x Auth Profile Settings (Continued)
Field
Ignore EAPOL-
START After
Authentication
Handle EAPOL-
Logoff
Ignore EAP ID
During Negotiation
WPA-Fast-
Handover
Disable Rekey and
Reauthentication
for Clients on Call
3. Click
802.1x Auth
Profiles > AAA > Stateful NTLM Auth
When the user logs off or shuts down the client machine, this profile allows the user to remain in the
authenticated role until the user ages out. Aging out means the user has sent no traffic for the amount of
time specified for the
The Stateful NT LAN Manager (NTLM) Authentication profile requires that you specify the following
components:
a server group that includes the servers performing NTLM authentication
a default role to be assigned to authenticated users.
The Wireless Internet Service Provider roaming (WISPr) protocol allows users to roam between service
providers. A RADIUS server is used to authenticate subscriber credentials.
For details on defining a Windows server used for NTLM authentication, refer to
> Windows" on
Perform these steps to configure a
1. Click
current profiles of this type.
2. Click the
profile to edit that profile. The
80 | Aruba Configuration Reference
Default
No
No
No
No
No
Add Save
or . The added or edited
details page.
Timeout
parameter of this profile.
page 156.
Profiles > AAA > Stateful NTLM Auth
Add
button to create a new
Description
Enable or disable this setting.
EAP authentication starts with a EAPOL-start frame that is sent by the
wireless client to the AP. Upon reception of such a frame, the AP responds
back to the wireless client with an EAP-Identify-Request and also does
internal resource allocation. Attackers can use this vulnerability by sending
a lot of EAPOL-start frames to the Access point, either by spoofing the
MAC address or by emulating wireless clients. This forces the AP to
allocate increasing resource and eventually bringing it down. Enable this
setting to reduce the risk.
Specify whether authentication should manage logoff activity.
Specify whether EAP should be ignored during authentication.
In the 802.1x Authentication profile, the WPA fast handover feature allows
certain WPA clients to use a pre-authorized PMK, significantly reducing
handover interruption. Check with the manufacturer of your handset to see
if this feature is supported. This feature is disabled by default.
Although reauthentication and rekey timers are configurable on a per-SSID
basis, an 802.1x transaction during a call can affect voice quality. If a client
is on a call, 802.1x reauthentication and rekey are disabled by default until
the call is completed. You disable or re-enable the "voice aware" feature in
the 802.1x authentication profile. This setting requires a voice service
license.
802.1x Auth
profile appears on the
Stateful NTLM Auth
profile.
Aruba Navigation
in the
Stateful NTLM Auth
Details
page appears. Complete the settings as described in
AirWave Wireless Management Suite | Configuration Guide
AAA Profiles
"Security > Server Groups
pane. The details page summarizes the
pencil
profile, or click the
page, and on the
icon next to an existing
Table 18: