202CHAPTER 7: AAA COMMANDS

„server-group-name— Uses the defined group of RADIUS servers for authentication. You can enter up to four names of existing RADIUS server groups as methods.

RADIUS servers cannot be used with the EAP-TLS protocol.

For more information, see “Usage.”

Defaults — By default, authentication is unconfigured for all clients with network access through MAP ports or wired authentication ports on the WX switch. Connection, authorization, and accounting are also disabled for these users.

Access — Enabled.

History —Introduced in MSS Version 3.0.

Usage — You can configure different authentication methods for different groups of users by “globbing.” (For details, see “User Globs” on page 24.)

You can configure a rule either for wireless access to an SSID, or for wired access through a WX switch’s wired authentication port. If the rule is for wireless access to an SSID, specify the SSID name or specify any to match on all SSID names. If the rule is for wired access, specify wired instead of an SSID name.

If you specify multiple authentication methods in the set authentication web command, MSS applies them in the order in which they appear in the command, with these results:

If the first method responds with pass or fail, the evaluation is final.

If the first method does not respond, MSS tries the second method, and so on.

However, if local appears first, followed by a RADIUS server group, MSS overrides any failed searches in the local WX database and sends an authentication request to the server group.

MSS uses a WebAAA rule only under the following conditions:

The client is not denied access by 802.1X or does not support 802.1X.

The client’s MAC address does not match a MAC authentication rule.

Page 202
Image 202
3Com 3CRWX440095A, 3CRWX120695A manual AAA Commands