3com WXR100 3CRWXR10095A Manual De Usuario
520
C
HAPTER
22: C
ONFIGURING
C
OMMUNICATION
WITH
RADIUS
Figure 33 Wireless Client, MAP, WX Switch, and RADIUS Servers
In the example shown in Figure 33, the following events occur:
1 The wireless user (client) requests an IEEE 802.11 association from the
MAP.
2 After the MAP creates the association, the WX switch sends an Extensible
Authentication Protocol (EAP) identity request to the client.
3 The client sends an EAP identity response.
4 From the EAP response, the WX switch gets the client’s username. The
WX switch then searches its AAA configuration, attempting to match the
client's username against the user globs in the AAA configuration.
client's username against the user globs in the AAA configuration.
When a match is found, the methods specified by the matching AAA
command in the WX configuration file indicate how the client is to be
authenticated, either locally on the WX switch, or via a RADIUS server
group.
command in the WX configuration file indicate how the client is to be
authenticated, either locally on the WX switch, or via a RADIUS server
group.
5 If the client does not support 802.1X, MSS attempts to perform MAC
authentication for the client instead. In this case, if the switch’s
configuration contains a set authentication mac command that
matches the client’s MAC address, MSS uses the method specified by the
command. Otherwise, MSS uses local MAC authentication by default.
configuration contains a set authentication mac command that
matches the client’s MAC address, MSS uses the method specified by the
command. Otherwise, MSS uses local MAC authentication by default.
(For information about MAC client authentication, see “Configuring
MAC Authentication and Authorization” on page 457.)
MAC Authentication and Authorization” on page 457.)
WX switch
with local
database
database
Wireless
connection
connection
Wired
connection(s)
connection(s)
RADIUS Server 1
RADIUS Server 2
1
3
2
4
Client (with laptop)
Client (with laptop)
Client (with PDA)
MAP
MAP