3com WX2200 3CRWX220095A User Manual

C

HAPTER

 21: C

ONFIGURING

 AAA 

FOR

 N

ETWORK

 U

SERS

You can use a combination of authentication methods; for example, 
PEAP offload and local authentication. When PEAP offload is configured, 
the WX switch offloads all EAP processing from server groups; the 
RADIUS servers are not required to communicate using the EAP 
protocols. (For details, see “Configuring EAP Offload” on page 449.) In 
the event that RADIUS servers are unavailable, local authentication takes 
place, using the database on the WX switch.

Suppose an administrator wants to rely on RADIUS servers and also wants 
to ensure that a certain group of users always gets access. As shown in 
the following example, the administrator can enable PEAP offload, so 
that authentication is performed by a RADIUS server group as the first 
method for these users, and configure local authentication last, in case 
the RADIUS servers are unavailable. (See Figure 31.)

1 To configure server-1 and server-2 at IP addresses 192.168.253.1 and 

192.168.253.2 with the password chey3nn3, the administrator enters 
the following commands:

WX1200# set radius server server-1 address 192.168.253.1 key chey3nn3
WX1200# set radius server server-2 address 192.168.253.2 key chey3nn3

2 To configure server-1 and server-2 into server-group-1, the administrator 

enters the following command:

WX1200# set server group server-group-1 members server-1 server-2

3 To enable PEAP offload plus local authentication for all users of SSID 

mycorp at @example.com, the administrator enters the following 
command. 

WX1200# set authentication dot1x ssid mycorp *@example.com pass-through 
server-group-1 local