Partager via


2.2.2.1 Message Syntax for XML-Based Wired Profiles

An XML-based WLAN profile is packed as a single XML string that is constructed according to the XML schema (XSD) as specified in Appendix A section 6.4.<15>

OneXEnabled: A Boolean value that specifies whether the network supports the IEEE 802.1X authentication protocol so domain clients can use it. If set to TRUE, the security element MUST contain a child element OneX, formed according to the XML schema (XSD) as specified in Appendix A section 6.5.

OneXEnforced: A Boolean value that specifies whether the domain clients use IEEE 802.1X authentication protocol to authenticate with the network. If it is set to FALSE and IEEE 802.1X authentication fails, clients will fall back to unauthenticated access.

heldPeriod: This value MUST be defined in accordance with the HeldPeriod parameter, as specified in [IEEE802.1X].

authPeriod: This value MUST be defined in accordance with the AuthPeriod parameter, as specified in [IEEE802.1X].

startPeriod: This value MUST be defined as the StartPeriod parameter, as specified in [IEEE802.1X].

maxStart: This value MUST be defined in accordance with the MaxStart parameter, as specified in [IEEE802.1X].

maxAuthFailures: The number of times the wired connection component on the domain client attempts IEEE 802.1X authentication in spite of failures.

supplicantMode: Specifies the transmission behavior of the EAPOL-Start message for domain clients when they authenticate to a WLAN using IEEE 802.1X. This value MUST be one of the following:

  • inhibitTransmission: EAPOL-Start messages are not sent.

  • includeLearning: Client determines when to send EAPOL-Start messages based on network capability; an EAPOL-Start message is sent if needed.

  • compliant: Transmit per IEEE 802.1X. An EAPOL-Start message is sent upon association to initiate the IEEE 802.1X authentication process.

authMode: The way in which the domain client uses computer or user credentials while performing IEEE 802.1X authentication. This value MUST be one of the following:

  • machineOrUser: When users are not logged on to the domain computer, IEEE 802.1X authentication is performed using the computer credentials. After a user logs on to the computer, authentication is performed using the user credentials. When a user logs off the computer, authentication is performed with the computer credentials.

  • machine: Authentication is always to be performed by using the computer credentials. User authentication is never performed.

  • user: When users are not logged on to the domain computer, IEEE 802.1X authentication is performed using the computer credentials. After a user logs on to the computer, authentication is maintained with the computer credentials. If a user failed to connect to the network previously, IEEE 802.1X authentication is performed using the user credentials.

  • guest: The domain client performs IEEE 802.1X authentication with guest credentials.

EAPConfig: The EAP configuration used by the domain client while performing IEEE 802.1X authentication, as specified in [RFC3748]. The content of this element is specified in section 2.2.3.2.