Configuring AAA for network users 589
Nortel WLAN—Security Switch 2300 Series Configuration Guide
Authentication process for users of a third-party AP
1 WSS Software uses MAC authentication to authenticate the AP.
2 The user contacts the AP and negotiates the authentication protocol to be used.
3 The AP, acting as a RADIUS client, sends a RADIUS access-request to the WSS. The access-request
includes the SSID, the user’s MAC address, and the username.
4 For 802.1X users, the AP uses 802.1X to authenticate the user, using the WSS as its RADIUS server. The
WSS proxies RADIUS requests from the AP to a real RADIUS server, depending on the authentication
method specified in the proxy authentication rule for the user.
5 After successful RADIUS authentication of the user (or special username, for non-802.1X users), WSS
Software assigns authorization attributes to the user from the RADIUS server’s access-accept response.
6 When the user’s session ends, the third-party AP sends a RADIUS stop-accounting record to the WSS.
The WSS then removes the session.