196CHAPTER 7: AAA COMMANDS

However, if local appears first, followed by a RADIUS server group, MSS overrides any failed searches in the local WX database and sends an authentication request to the server group.

If the user does not support 802.1X, MSS attempts to perform MAC authentication for the user. In this case, if the switch’s configuration contains a set authentication mac command that matches the SSID the user is attempting to access and the user’s MAC address, MSS uses the method specified by the command. Otherwise, MSS uses local MAC authentication by default.

If the username does not match an authentication rule for the SSID the user is attempting to access, MSS uses the fallthru authentication type configured for the SSID, which can be last-resort, web (for WebAAA), or none.

Examples — The following command configures EAP-TLS authentication in the local WX database for SSID mycorp and 802.1X client Geetha:

WX4400# set authentication dot1x ssid mycorp Geetha eap-tls local

success: change accepted.

The following command configures PEAP-MS-CHAP-V2 authentication at RADIUS server groups sg1 through sg3 for all 802.1X clients at example.com who want to access SSID examplecorp:

WX4400# set authentication dot1x ssid examplecorp *@example.com peap-mschapv2 sg1 sg2 sg3 success: change accepted.

See Also

„clear authentication dot1x on page 168

„display aaa on page 180

„set authentication admin on page 189

„set authentication console on page 191

„set authentication last-resorton page 197

„set authentication mac on page 199

„set authentication web on page 201

„set service-profileauth-fallthruon page 301

Page 196
Image 196
3Com 3CRWX440095A, 3CRWX120695A manual Success change accepted