Users Guide
289 | BranchController Config for Controllers Dell Networking W-Series ArubaOS 6.4.x| User Guide
The external authentication server can be either a RADIUS server or an LDAP server.
Table 58: 802.1X Client Authentication Using EAP_TLS with CNLookup
When Authentication Servers Are Available
When Authentication Servers Are Not
Available
l If the query succeeds, the associated access credential
with a returned indicator of EXIST, plus the Key Reply
attributes, are stored in the Survival Server database.
l If the query fails, the associated access credential and
Key Reply attributes associated with the Query method
(if they exist) are deleted from the Survival Server
database.
When there is no available in-service server in the
associated server group, the Survival Server
performs CN lookup for 802.1X clients for which
termination is enabled at the controller using EAP-
TLS.
The Survival Server returns previously stored Key
Reply attributes as long as the client with the EXIST
indicator is in the Survival Server database.
Authentication for MAC Address-Based Clients
This section describes the authentication procedures for MAC address-based clients, both when the branch's
authentication servers are available and when they are not available. When the authentication servers are not
available, the Survival Server takes over the handling of authentication requests.
Table 59: MAC-Based Client Authentication Using PAP
When Authentication Servers Are Available
When Authentication Servers Are Not
Available
l If authentication succeeds, the associated access
credential, along with an encrypted SHA-1 hash of the
password and Key Reply attributes, are stored in the
Survival Server database.
l If authentication fails, the associated access credential
and Key Reply attributes associated with the PAP
method (if they exist) are deleted from the Survival
Server database.
When there is no available in-service server in the
associated server group, the Survival Server
authenticates the MAC-based authentication client
using PAP.
The Survival Server returns previously stored Key
Reply attributes as long as the client with the EXIST
indicator is in the Survival Server database.
Authentication for WISPr Clients
This section describes the authentication procedures for Wireless Internet Service Provider roaming (WISPr)
clients, both when the branch's authentication servers are available and when they are not available. When the
authentication servers are not available, the Survival Server takes over the handling of authentication requests.
The external authentication server can be either a RADIUS server or an LDAP server.