Configuring AAA for network users 517
Nortel WLAN—Security Switch 2300 Series Configuration Guide
Authentication process for users of a third-party AP
1 WSS Software uses MAC authentication to authenticate the AP.
2 The user contacts the AP and negotiates the authentication protocol to be used.
3 The AP, acting as a RADIUS client, sends a RADIUS access-request to the WSS. The
access-request includes the SSID, the user’s MAC address, and the username.
4 For 802.1X users, the AP uses 802.1X to authenticate the user, using the WSS as its RADIUS
server. The WSS proxies RADIUS requests from the AP to a real RADIUS server, depending
on the authentication method specified in the proxy authentication rule for the user.
5 After successful RADIUS authentication of the user (or special username, for non-802.1X
users), WSS Software assigns authorization attributes to the user from the RADIUS server’s
access-accept response.
6 When the user’s session ends, the third-party AP sends a RADIUS stop-accounting record to
the WSS. The WSS then removes the session.