634 Configuring communication with RADIUS

NN47250-500 (Version 03.01)

Figure 36. Wireless Client, AP, WSS, and RADIUS Servers

In the example shown in Figure 36, the following events occur:
1The wireless user (client) requests an IEEE 802.11 association from the AP .
2After the AP creates the association, the WSS sends an Extensible Authentication Protocol
(EAP) identity request to the client.
3The client sends an EAP identity response.
4From the EAP response, the WSS gets the client’s username. The WSS then searches its AAA
configuration, attempting to match the client's username against the user wildcards in the AAA
configuration.
When a match is found, the methods specified by the matching AAA command in the WSS
configuration file indicate how the client is to be authenticated, either locally on the WSS, or
via a RADIUS server group.
5If the client does not support 802.1X, WSS Software attempts to perform MAC authentication
for the client instead. In this case, if the switchs configuration contains a set authentication
mac command that matches the client’s MAC address, WSS Software uses the method
specified by the command. Otherwise, WSS Software uses local MAC authentication by
default.
(For information about MAC client authentication, see “Configuring MAC authentication and
authorization” on page 565.)
WSS
with local
database
Wireless
connection
Wired
connection(s)
AP 2AP 1
RADIUS Server 1
RADIUS Server 2
1
3
2
4
Client (with laptop)
Client (with laptop)
Client (with PDA)
840-9502-0021