Filter
Top Products
562 Configuring communication with RADIUS
NN47250-500 (320657-F Version 02.01)
Figure 1. Wireless Client, AP, WSS, and RADIUS Servers
In the example shown in Figure 1, the following events occur:
1 The wireless user (client) requests an IEEE 802.11 association from the AP .
2 After the AP creates the association, the WSS sends an Extensible Authentication Protocol
(EAP) identity request to the client.
3 The client sends an EAP identity response.
4 From the EAP response, the WSS gets the client’s username. The WSS then searches its AAA
configuration, attempting to match the client's username against the user wildcards in the AAA
configuration.
When a match is found, the methods specified by the matching AAA command in the WSS
configuration file indicate how the client is to be authenticated, either locally on the WSS, or
via a RADIUS server group.
5 If the client does not support 802.1X, WSS Software attempts to perform MAC authentication
for the client instead. In this case, if the switch’s configuration contains a set authentication
mac command that matches the client’s MAC address, WSS Software uses the method
specified by the command. Otherwise, WSS Software uses local MAC authentication by
default.
(For information about MAC client authentication, see “Configuring MAC authentication and
authorization” (page 492).)
WSS
with local
database
Wireless
connection
Wired
connection(s)
AP 2AP 1
RADIUS Server 1
RADIUS Server 2
1
3
2
4
Client (with laptop)
Client (with laptop)
Client (with PDA)
840-9502-0021