3com 3CRWX120695A WXR100 User Manual
240
C
HAPTER
7: C
ONFIGURING
W
IRELESS
P
ARAMETERS
Uses challenge-response to compare hashes.
Provides no encryption or integrity checking for the connection.
The EAP-MD5 option does not work with Microsoft wired authentication
clients.
clients.
PEAP Offload—Protected EAP with Microsoft Challenge Handshake
Authentication Protocol Version 2 (MS-CHAP-V2). Select this protocol
for wireless clients.
Authentication Protocol Version 2 (MS-CHAP-V2). Select this protocol
for wireless clients.
Uses TLS for encryption and data integrity checking.
Provides MS-CHAP-V2 mutual authentication.
Only the server side of the connection needs a certificate.
Local EAP-TLS—EAP with TLS.
Provides mutual authentication, integrity-protected negotiation,
and key exchange.
and key exchange.
Requires X.509 public key certificates on both sides of the
connection.
connection.
Provides encryption and integrity checking for the connection.
Cannot be used with RADIUS server authentication (requires user
information to be in the switch’s local database)
information to be in the switch’s local database)
External RADIUS Server—No protocol is used by the WX. The
switch sends the authentication traffic to a RADIUS server for EAP
processing.
switch sends the authentication traffic to a RADIUS server for EAP
processing.
If you select PEAP, the EAP Sub-Protocol is MS-CHAPV2. For other
protocols, the EAP Sub-Protocol is None.
protocols, the EAP Sub-Protocol is None.
Other access types do not use EAP.
AAA Methods (RADIUS Server Groups and the Local User
Database)
Database)
In addition to user globs or MAC address globs, access rules
specify AAA methods, which can be one or both of the following:
RADIUS server group—Named set of RADIUS servers.
LOCAL—Switch’s local user database.
You can select both a server group and LOCAL. The switch tries the
methods in the order they appear in the list, starting with the one at
the top.
methods in the order they appear in the list, starting with the one at
the top.