3com WX2200 3CRWX220095A User Manual
AAA Tools for Network Users
443
You can use the local database or RADIUS servers for MAC access as well.
If you use RADIUS servers, make sure you configure the password for the
MAC address user as 3Com. (This is the default authorization password.
To change it, see “Changing the MAC Authorization Password for
RADIUS” on page 459.)
If you use RADIUS servers, make sure you configure the password for the
MAC address user as 3Com. (This is the default authorization password.
To change it, see “Changing the MAC Authorization Password for
RADIUS” on page 459.)
AAA Rollover Process
A WX switch attempts AAA methods in the order in which they are
entered in the configuration:
entered in the configuration:
1 The first AAA method in the list is used unless that method results in an
error. If the method results in a pass or fail, the result is final and the WX
tries no other methods.
tries no other methods.
2 If the WX switch receives no response from the first AAA method, it tries
the second method in the list.
3 If the WX switch receives no response from the second AAA method, it
tries the third method. This evaluation process is applied to all methods in
the list.
the list.
If a AAA rule specifies local as a secondary AAA method, to be used if the
RADIUS servers are unavailable, and MSS authenticates a client with the
local method, MSS starts again at the beginning of the method list when
attempting to authorize the client. This can cause unexpected delays
during client processing and can cause the client to time out before
completing logon.
RADIUS servers are unavailable, and MSS authenticates a client with the
local method, MSS starts again at the beginning of the method list when
attempting to authorize the client. This can cause unexpected delays
during client processing and can cause the client to time out before
completing logon.
Local Override Exception
The one exception to the operation described in “AAA Rollover Process”
takes place if the local database is the first method in the list and is
followed by a RADIUS server group method. If the local method fails to
find a matching username entry in the local database, the WX switch tries
the next RADIUS server group method. This exception is referred to as
local override.
takes place if the local database is the first method in the list and is
followed by a RADIUS server group method. If the local method fails to
find a matching username entry in the local database, the WX switch tries
the next RADIUS server group method. This exception is referred to as
local override.
If the local database is the last method in the list, however, local
authentication must either accept or deny the user, because it has no
other method to roll over to.
authentication must either accept or deny the user, because it has no
other method to roll over to.