Filter
Top Products
202 CHAPTER 7: AAA COMMANDS
server-group-name — Uses the defined group of RADIUS servers
for authentication. You can enter up to four names of existing
RADIUS server groups as methods.
RADIUS servers cannot be used with the EAP-TLS protocol.
For more information, see “Usage.”
Defaults — By default, authentication is unconfigured for all clients with
network access through MAP ports or wired authentication ports on the
WX switch. Connection, authorization, and accounting are also disabled
for these users.
Access — Enabled.
History —Introduced in MSS Version 3.0.
Usage — You can configure different authentication methods for
different groups of users by “globbing.” (For details, see “User Globs” on
page 24.)
You can configure a rule either for wireless access to an SSID, or for wired
access through a WX switch’s wired authentication port. If the rule is for
wireless access to an SSID, specify the SSID name or specify any to match
on all SSID names. If the rule is for wired access, specify wired instead of
an SSID name.
If you specify multiple authentication methods in the set authentication
web command, MSS applies them in the order in which they appear in
the command, with these results:
If the first method responds with pass or fail, the evaluation is final.
If the first method does not respond, MSS tries the second method, and
so on.
However, if local appears first, followed by a RADIUS server group, MSS
overrides any failed searches in the local WX database and sends an
authentication request to the server group.
MSS uses a WebAAA rule only under the following conditions:
The client is not denied access by 802.1X or does not support 802.1X.
The client’s MAC address does not match a MAC authentication rule.