Open as PDF
Configuring AAA for Users of Third-Party APs 485
Configure a MAC authentication rule for the AP. Use the following
set authentication mac wired mac-addr-glob method1
Configure the WX port connected to the AP as a RADIUS proxy for the
SSID supported by the AP. If SSID traffic from the AP is tagged, assign
the same tag value to the WX port. Use the following command:
set radius proxy port port-list [tag tag-value] ssid
Add a RADIUS proxy entry for the AP. The proxy entry specifies the IP
address of the AP and the UDP ports on which the WX switch listens
for RADIUS access-requests and stop-accounting records from the AP.
Use the following command:
set radius proxy client address ip-address [port
udp-port-number] [acct-port acct-udp-port-number] key string
Configure a proxy authentication rule for the AP’s users. Use the
set authentication proxy ssid ssid-name user-glob
For the port-list of the set port type wired-auth and set radius proxy
port commands, specify the WX port(s) connected to the third-party AP.
For the ip-address of the set radius proxy client address command,
specify the IP address of the RADIUS client (the third-party AP). For the
udp-port-number, specify the UDP port on which the WX switch will
listen for RADIUS access-requests. The default is UDP port 1812. For the
acct-udp-port-number, specify the UDP port on which the WX switch will
listen for RADIUS stop-accounting records. The default is UDP port 1813.
The following command configures WX ports 3 and 4 as wired
authentication ports, and assigns tag value 104 to the ports:
WX4400# set port type wired-auth 3-4 tag 104
success: change accepted.
You can specify multiple tag values. Specify the tag value for each SSID
you plan to support.