Configuring AAA for Network Users 473

Enabling PEAP-MS-CHAP-V2 Authentication

The following example illustrates how to enable local PEAP-MS-CHAP-V2 authentication for all 802.1X network users. This example includes local usernames, passwords, and membership in a VLAN. This example includes one username and an optional attribute for session-timeout in seconds. Because the WSS switch requires a certificate for authentication, configuration of a self-signed certificate is shown.

1To set authentication for all 802.1X users of SSID thiscorp, type the following command:

23x0# set authentication dot1x ssid thiscorp * peap-mschapv2 local

2To add user Natasha to the local database on the WSS switch, type the following command:

23x0# set user Natasha password moon

3To assign Natasha to a VLAN named red, type the following command:

23x0# set user Natasha attr vlan-name red

4To assign Natasha a session timeout value of 1200 seconds, type the following command:

23x0# set user Natasha attr session-timeout 1200

5To generate a public-private key pair and a self-signed EAP certificate, type the following commands:

23x0# crypto generate key eap 1024 key pair generated

23x0# crypto generate self-signed eap Country Name: US

State Name: CA

Locality Name: campus1

Organizational Name: Example

Organizational Unit: IT

Common Name: WSS33

Email Address: admin@example.com

Unstructured Name: wiring closet 22

6Save the configuration:

WSS-20save config

success: configuration saved.

(For information about encryption keys and certificates, see “Managing Keys and Certificates,” on page 379.)

Nortel WLAN Security Switch 2300 Series Configuration Guide

Page 473
Image 473
Nortel Networks 2300 manual Enabling PEAP-MS-CHAP-V2 Authentication, 23x0# set user Natasha password moon