Performing Advanced Configuration Options for 802.1X

This section describes advanced configuration options for 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication.

Configuring Reauthentication with Unicast Key Rotation

When enabled, unicast and multicast keys are updated after each reauthorization. It is a best practice to configure the time intervals for reauthentication, multicast key rotation, and unicast key rotation to be at least 15 minutes. Ensure that these intervals are mutually prime, and the factor of the unicast key rotation interval and the multicast key rotation interval is less than the reauthentication interval. Unicast key rotation depends upon both the AP or managed device and wireless client behavior. It is known that some wireless NICs have issues with unicast key rotation.

The following is an example of the parameters you can configure for reauthentication with unicast and multicast key rotation:

  • Reauthentication: Enabled
  • Reauthentication Time Interval: 6011 Seconds
  • Multicast Key Rotation: Enabled
  • Multicast Key Rotation Time Interval: 1867 Seconds
  • Unicast Key Rotation: Enabled
  • Unicast Key Rotation Time Interval: 1021 Seconds

The following procedure describes how to configure re-authentication with unicast key rotation:

  1. In the Managed Network node hierarchy, navigate to the Configuration > Authentication > L2 Authentication tab.
  2. Select 802.1X Authentication and select the name of the profile you want to configure.
  3. Enter the following values:
    1. Reauthentication Interval: 6011
    2. Multicast Key Rotation Time Interval: 1867
    3. Unicast Key Rotation Time Interval: 1021
    4. Multicast Key Rotation: (select)
    5. Unicast Key Rotation: (select)
    6. Reauthentication: (select)
  4. Click Submit.
  5. Click Pending Changes.
  6. In the Pending Changes window, select the check box and click Deploy changes.

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands configure re-authentication with unicast key rotation:

(host) [mynode] (config) #aaa authentication dot1x profile

reauthentication

timer reauth-period 6011

unicast-keyrotation

timer ukey-rotation-period 1021

multicast-keyrotation

timer mkey-rotation-period 1867