194CHAPTER 7: AAA COMMANDS

„bonded — Enables Bonded Auth™ (bonded authentication). When this feature is enabled, MSS authenticates the user only if the machine the user is on has already been authenticated.

„protocol — Protocol used for authentication. Specify one of the following:

„eap-md5— Extensible Authentication Protocol (EAP) with message-digest algorithm 5. For wired authentication clients:

Uses challenge-response to compare hashes

Provides no encryption or integrity checking for the connection

„eap-tls— EAP with Transport Layer Security (TLS):

Provides mutual authentication, integrity-protected negotiation, and key exchange

Requires X.509 public key certificates on both sides of the connection

Provides encryption and integrity checking for the connection Cannot be used with RADIUS server authentication

„peap-mschapv2— Protected EAP (PEAP) with Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP-V2). For wireless clients:

Uses TLS for encryption and data integrity checking and server-side authentication

Provides MS-CHAP-V2 mutual authentication

Only the server side of the connection needs a certificate.

The wireless client authenticates using TLS to set up an encrypted session. Then MS-CHAP-V2 performs mutual authentication using the specified AAA method.

„pass-through— MSS sends all the EAP protocol processing to a RADIUS server.

EAP-MD5 does not work with Microsoft wired authentication clients.

„method1, method2, method3, method4 — At least one and up to four

methods that MSS uses to handle authentication. Specify one or more of the following methods in priority order. MSS applies multiple methods in the order you enter them.

Page 194
Image 194
3Com 3CRWX440095A, 3CRWX120695A manual AAA Commands