Filter
Top Products
set authentication dot1x 195
A method can be one of the following:
local — Uses the local database of usernames and user groups on
the WX switch for authentication.
server-group-name — Uses the defined group of RADIUS servers
for authentication. You can enter up to four names of existing
RADIUS server groups as methods.
RADIUS servers cannot be used with the EAP-TLS protocol.
For more information, see “Usage.”
Defaults — By default, authentication is unconfigured for all clients with
network access through MAP ports or wired authentication ports on the
WX switch. Connection, authorization, and accounting are also disabled
for these users.
Bonded authentication is disabled by default.
Access — Enabled.
History —Introduced in MSS Version 3.0.
Usage — You can configure different authentication methods for
different groups of users by “globbing.” (For details, see “User Globs” on
page 24.)
You can configure a rule either for wireless access to an SSID, or for wired
access through a WX switch’s wired authentication port. If the rule is for
wireless access to an SSID, specify the SSID name or specify any to match
on all SSID names. If the rule is for wired access, specify wired instead of
an SSID name.
You cannot configure client authentication that uses both the EAP-TLS
protocol and one or more RADIUS servers. EAP-TLS authentication is
supported only on the local WX database.
If you specify multiple authentication methods in the set authentication
dot1x command, MSS applies them in the order in which they appear in
the command, with these results:
If the first method responds with pass or fail, the evaluation is final.
If the first method does not respond, MSS tries the second method, and
so on.