Open as PDF
CONFIGURING AAA FOR
The following sections describe the MSS authentication, authorization,
and accounting (AAA) features in detail.
About AAA for
Network users include the following types of users:
Wireless users — Users who access the network by associating with
an SSID on a 3Com radio.
Wired authentication users — Users who access the network over
an Ethernet connection to a WX switch port that is configured as a
wired authentication (wired-auth) port.
You can configure authentication rules for each type of user, on an
individual SSID or wired authentication port basis. MSS authenticates
users based on user information on RADIUS servers or in the WX switch’s
local database. The RADIUS servers or local database authorize
successfully authenticated users for specific network access, including
VLAN membership. Optionally, you also can configure accounting rules to
track network access information.
Authentication When a user attempts to access the network, MSS checks for an
authentication rule that matches the following parameters:
For wireless access, the authentication rule must match the SSID the
user is requesting, and the user’s username or MAC address.
For access on a wired authentication port, the authentication rule
must match the user’s username or MAC address.
If a matching rule is found, MSS then checks RADIUS servers or the WX
local user database for credentials that match those presented by the
user. Depending on the type of authentication rule that matches the SSID
or wired authentication port, the required credentials are the username
or MAC address, and in some cases, a password.