240CHAPTER 7: CONFIGURING WIRELESS PARAMETERS

„Uses challenge-response to compare hashes.

„Provides no encryption or integrity checking for the connection.

The EAP-MD5 option does not work with Microsoft wired authentication clients.

„PEAP Offload—Protected EAP with Microsoft Challenge Handshake Authentication Protocol Version 2 (MS-CHAP-V2). Select this protocol for wireless clients.

„Uses TLS for encryption and data integrity checking.

„Provides MS-CHAP-V2 mutual authentication.

„Only the server side of the connection needs a certificate.

„Local EAP-TLS—EAP with TLS.

„Provides mutual authentication, integrity-protected negotiation, and key exchange.

„Requires X.509 public key certificates on both sides of the connection.

„Provides encryption and integrity checking for the connection.

„Cannot be used with RADIUS server authentication (requires user information to be in the switch’s local database)

„External RADIUS Server—No protocol is used by the WX. The switch sends the authentication traffic to a RADIUS server for EAP processing.

If you select PEAP, the EAP Sub-Protocol is MS-CHAPV2. For other protocols, the EAP Sub-Protocol is None.

Other access types do not use EAP.

AAAMethods (RADIUS Server Groups and the Local User Database) In addition to user globs or MAC address globs, access rules specify AAA methods, which can be one or both of the following:

„RADIUS server group—Named set of RADIUS servers.

„LOCAL—Switch’s local user database.

You can select both a server group and LOCAL. The switch tries the methods in the order they appear in the list, starting with the one at the top.

Page 240
Image 240
3Com 3CRWXR10095A, 3CRWX120695A WXR100, WX4400 3CRWX440095A WX1200 manual „ Local EAP-TLS-EAP with TLS