196 CHAPTER 7: AAA COMMANDS
However, if local appears first, followed by a RADIUS server group, MSS
overrides any failed searches in the local WX database and sends an
authentication request to the server group.
If the user does not support 802.1X, MSS attempts to perform MAC
authentication for the user. In this case, if the switch’s configuration
contains a set authentication mac command that matches the SSID the
user is attempting to access and the user’s MAC address, MSS uses the
method specified by the command. Otherwise, MSS uses local MAC
authentication by default.
If the username does not match an authentication rule for the SSID the
user is attempting to access, MSS uses the fallthru authentication type
configured for the SSID, which can be last-resort, web (for WebAAA),
or none.
Examples — The following command configures EAP-TLS authentication
in the local WX database for SSID mycorp and 802.1X client Geetha:
WX4400# set authentication dot1x ssid mycorp Geetha eap-tls
local
success: change accepted.
The following command configures PEAP-MS-CHAP-V2 authentication at
RADIUS server groups sg1 through sg3 for all 802.1X clients at
example.com who want to access SSID examplecorp:
WX4400# set authentication dot1x ssid examplecorp
*@example.com peap-mschapv2 sg1 sg2 sg3
success: change accepted.
See Also
clear authentication dot1x on page 168
display aaa on page 180
set authentication admin on page 189
set authentication console on page 191
set authentication last-resort on page 197
set authentication mac on page 199
set authentication web on page 201
set service-profile auth-fallthru on page 301