3com WXR100 3CRWXR10095A User Manual

The following sections describe the MSS authentication, authorization, 
and accounting (AAA) features in detail.

Network users include the following types of users:

„

Wireless users — Users who access the network by associating with 
an SSID on a 3Com radio.

„

Wired authentication users — Users who access the network over 
an Ethernet connection to a WX switch port that is configured as a 
wired authentication (wired-auth) port.

You can configure authentication rules for each type of user, on an 
individual SSID or wired authentication port basis. MSS authenticates 
users based on user information on RADIUS servers or in the WX switch’s 
local database. The RADIUS servers or local database authorize 
successfully authenticated users for specific network access, including 
VLAN membership. Optionally, you also can configure accounting rules to 
track network access information. 

When a user attempts to access the network, MSS checks for an 
authentication rule that matches the following parameters:

„

For wireless access, the authentication rule must match the SSID the 
user is requesting, and the user’s username or MAC address. 

„

For access on a wired authentication port, the authentication rule 
must match the user’s username or MAC address. 

If a matching rule is found, MSS then checks RADIUS servers or the WX 
local user database for credentials that match those presented by the 
user. Depending on the type of authentication rule that matches the SSID 
or wired authentication port, the required credentials are the username 
or MAC address, and in some cases, a password.