Nortel 2350 参考指南
Configuring Wireless Parameters 225
Nortel WLAN—Management Software 2300 Series Reference Guide
•
00:01:02*
•
00:01:02:03:*
•
00:01:02:03:04:*
•
00:01:02:03:04:0*
To view a service profile’s access rules, see
. To edit
or create access rules for a service profile, see
.
EAP Type (802.1X Only)
802.1X access rules include information about the Extensible Authentication Protocol (EAP) type to use for AAA
communication between the client and the AAA server. The EAP type can be one of the following:
communication between the client and the AAA server. The EAP type can be one of the following:
•
EAP-MD5 Offload—Extensible Authentication Protocol (EAP) with message-digest algorithm 5. Select this
protocol for wired authentication clients.
protocol for wired authentication clients.
•
Uses challenge-response to compare hashes.
•
Provides no encryption or integrity checking for the connection.
•
PEAP Offload—Protected EAP with Microsoft Challenge Handshake Authentication Protocol Version 2
(MS-CHAP-V2). Select this protocol for wireless clients.
(MS-CHAP-V2). Select this protocol for wireless clients.
•
Uses TLS for encryption and data integrity checking.
•
Provides MS-CHAP-V2 mutual authentication.
•
Only the server side of the connection needs a certificate.
•
Local EAP-TLS—EAP with TLS.
•
Provides mutual authentication, integrity-protected negotiation, and key exchange.
•
Requires X.509 public key certificates on both sides of the connection.
•
Provides encryption and integrity checking for the connection.
•
Cannot be used with RADIUS server authentication (requires user information to be in the
switch’s local database)
switch’s local database)
•
External RADIUS Server—No protocol is used by the WSS. The switch sends the authentication traffic to a
RADIUS server for EAP processing.
RADIUS server for EAP processing.
If you select PEAP, the EAP Sub-Protocol is MS-CHAPV2. For other protocols, the EAP Sub-Protocol is None. Other
access types do not use EAP.
access types do not use EAP.
AAA Methods (RADIUS Server Groups and the Local User Database)
In addition to user wildcards or MAC address wildcards, access rules specify AAA methods, which can be one or both of
the following:
the following:
•
RADIUS server group—Named set of RADIUS servers.
•
LOCAL—Switch’s local user database.
Note. The EAP-MD5 option does not work with Microsoft wired authentication
clients.
clients.