3com WX4400 3CRWX440095A Manuel D’Utilisation

The IEEE 802.1X standard is a framework for passing EAP protocols over 
a wired or wireless LAN. Within this framework, you can use TLS, 
PEAP-TTLS, or EAP-MD5. Most EAP protocols can be passed through the 
WX switch to the RADIUS server. Some protocols can be processed locally 
on the WX switch.

The following 802.1X authentication command allows differing 
authentication treatments for multiple users:

set authentication dot1x {ssid ssid-name | wired} user-glob 
[bonded] protocol method1 [method2] [method3] [method4]

For example, the following command authenticates wireless user Tamara, 
when requesting SSID wetlands, as an 802.1X user using the 
PEAP-MS-CHAP-V2 method via the server group shorebirds, which 
contains one or more RADIUS servers:

WX1200# set authentication dot1x ssid wetlands Tamara 
peap-mschapv2 shorebirds

When a user attempts to connect through 802.1X, the following events 
occur:

1 For each 802.1X login attempt, MSS examines each command in the 

configuration file in strict configuration order.

2 The first command whose SSID and user glob matches the SSID and 

incoming username is used to process this authentication. The command 
determines exactly how this particular login attempt is processed by the 
WX switch.

(For more information about user globs, see “User Globs” on page 30.)

You can configure the WX switch to offload all EAP processing from 
server groups. In this case, the RADIUS server is not required to 
communicate using the EAP protocols. 

For PEAP-MS-CHAP-V2 offload, you define a complete user profile in the 
local WX database and only a username and password on a RADIUS 
server.