AAA Commands 197

protocol

method1

method2

method3

method4

Protocol used for authentication. Specify one of the following:

eap-md5—Extensible Authentication Protocol (EAP) with message-digest algorithm 5. For wired authentication clients:

Uses challenge-response to compare hashes

Provides no encryption or integrity checking for the connection

Note: The eap-md5option does not work with Microsoft wired authentication clients.

eap-tls—EAP with Transport Layer Security (TLS):

Provides mutual authentication, integrity-protected negotiation, and key exchange

Requires X.509 public key certificates on both sides of the connection

Provides encryption and integrity checking for the connection

Cannot be used with RADIUS server authentication (requires user information to be in the switch’s local database)

peap-mschapv2—Protected EAP (PEAP) with Microsoft Challenge Handshake Authentication Protocol version 2 (MS- CHAP-V2). For wireless clients:

Uses TLS for encryption and data integrity checking and server-side authentication

Provides MS-CHAP-V2 mutual authentication

Only the server side of the connection needs a certificate.

The wireless client authenticates using TLS to set up an encrypted session. Then MS-CHAP-V2 performs mutual authentication using the specified AAA method.

pass-through—WSS Software sends all the EAP protocol processing to a RADIUS server.

At least one and up to four methods that WSS Software uses to handle authentication. Specify one or more of the following methods in priority order. WSS Software applies multiple methods in the order you enter them.

A method can be one of the following:

local—Uses the local database of usernames and user groups on the WSS for authentication.

server-group-name—Uses the defined group of RADIUS servers for authentication. You can enter up to four names of existing RADIUS server groups as methods.

RADIUS servers cannot be used with the EAP-TLS protocol.

For more information, see “Usage.”

Nortel WLAN—Security Switch 2300 Series Command Line Reference

Page 197
Image 197
Nortel Networks 2300 Series manual Protocol Method1 Method2 Method3 Method4