3Com WX2200 3CRWX220095A Switch User Manual

Configuring AAA
for Users of
Third-Party APs
A WX switch can provide network access for users associated with a
third-party AP that has authenticated the users with RADIUS. You can
connect a third-party AP to a WX switch and configure the WX to provide
authorization for clients who authenticate and access the network
through the AP. Figure 32 shows an example.
Figure 32 WX Switch Serving as RADIUS Proxy
Process for Users of a
Third-Party AP
The authentication process for users of a third-party AP is as follows:
1 MSS uses MAC authentication to authenticate the AP.
2 The user contacts the AP and negotiates the authentication protocol to
be used.
3 The AP, acting as a RADIUS client, sends a RADIUS access-request to the
WX. The access-request includes the SSID, the user’s MAC address, and
the username.
4 For 802.1X users, the AP uses 802.1X to authenticate the user, using the
WX as its RADIUS server. The WX proxies RADIUS requests from the AP to
a real RADIUS server, depending on the authentication method specified
in the proxy authentication rule for the user.
For non-802.1X users, the AP does not use 802.1X. The WX sends a
RADIUS query for the special username web-portal-ssid or
last-resort-ssid, where ssid is the SSID name. The fallthru authentication
type (web-portal or last-resort) specified for the wired authentication
port connected to the AP determines which username is used.
WX Switch
Wired Layer 2
RADIUS server
Layer 2
or Layer 3