3com WX2200 3CRWX220095A Manuel D’Utilisation

C

HAPTER

 21: C

ONFIGURING

 AAA 

FOR

 N

ETWORK

 U

SERS

For example, the following command authenticates all wireless users who 
request SSID marshes at example.com by offloading PEAP processing 
onto the WX switch, while still performing MS-CHAP-V2 authentication 
via the server group shorebirds:

WX1200# set authentication dot1x ssid marshes *@example.com 
peap-mschapv2 shorebirds

To offload both PEAP and MS-CHAP-V2 processing onto the WX switch, 
use the following command:

WX1200# set authentication dot1x ssid marshes *@example.com 
peap-mschapv2 local

The pass-through method causes EAP authentication requests to be 
processed entirely by remote RADIUS servers in server groups. 

For example, the following command enables users at EXAMPLE to be 
processed via server group shorebirds or swampbirds:

WX1200# set authentication dot1X ssid marshes EXAMPLE/* 
pass-through shorebirds swampbirds

The server group swampbirds is contacted only if all the RADIUS servers in 
shorebirds do not respond.

(For an example of the use of pass-through servers plus the local 
database for authentication, see “Remote Authentication with Local 
Backup” on page 444.)

To configure the WX switch to authenticate and authorize a user against 
the local database in the WX switch, use the following command:

set authentication dot1x {ssid ssid-name | wired} user-glob 
[bonded] protocol local

For example, the following command authenticates 802.1X user Jose for 
wired authentication access via the local database:

WX1200# set authentication dot1X Jose wired 
peap-mschapv2 local
success: change accepted.