Open as PDF
AAA Tools for Network Users 445
Figure 31 shows the results of this combination of methods.
Figure 31 Remote Authentication with PEAP Offload using Local Authentication
Authentication proceeds as follows:
1 When user Jose@example.com attempts authentication, the WX switch
sends an authentication request to the first AAA method, which is
Because server-group-1 contains two servers, the first RADIUS server,
server-1, is contacted. If this server responds, the authentication proceeds
2 If server-1 fails to respond, the WX retries the authentication using
server-2. If server-2 responds, the authentication proceeds using server-2.
3 If server-2 does not respond, because the WX switch has no more servers
to try in server-group-1, the WX attempts to authenticate using the next
AAA method, which is the local method.
4 The WX switch consults its local database for an entry that matches
5 If a suitable local database entry exists, the authentication proceeds. If
not, authentication fails and Jose@example.com is not allowed to access
set authentication dot1x ssid mycorp *@example.com pass-through server-group-1 local
1 2 3