Filter
Top Products
AAA Tools for Network Users 445
Figure 31 shows the results of this combination of methods.
Figure 31 Remote Authentication with PEAP Offload using Local Authentication
as Backup
Authentication proceeds as follows:
1 When user Jose@example.com attempts authentication, the WX switch
sends an authentication request to the first AAA method, which is
server-group-1.
Because server-group-1 contains two servers, the first RADIUS server,
server-1, is contacted. If this server responds, the authentication proceeds
using server-1.
2 If server-1 fails to respond, the WX retries the authentication using
server-2. If server-2 responds, the authentication proceeds using server-2.
3 If server-2 does not respond, because the WX switch has no more servers
to try in server-group-1, the WX attempts to authenticate using the next
AAA method, which is the local method.
4 The WX switch consults its local database for an entry that matches
Jose@example.com.
5 If a suitable local database entry exists, the authentication proceeds. If
not, authentication fails and Jose@example.com is not allowed to access
the network.
RADIUS
Server-1
Server-group-1
RADIUS
Server-2
WX switch
local database
pass fail
set authentication dot1x ssid mycorp *@example.com pass-through server-group-1 local
1
1 2 3
4
5