414 Configuring AAA for Network Users
320657-A
Figure 18 on page 414 shows the results of this combination of methods.
Figure 18: Remote Pass-Through or Local Authentication
Authentication proceeds as follows:
1 When user Jose@example.com attempts authentication, the WSS switch sends an
authentication request to the first AAA method, which is server-group-1.
Because server-group-1 contains two servers, the first RADIUS server, server-1, is contacted.
If this server responds, the authentication proceeds using server-1.
2 If server-1 fails to respond, the WSS retries the authentication using server-2. If server-2
responds, the authentication proceeds using server-2.
3 If server-2 does not respond, because the WSS switch has no more servers to try in
server-group-1, the WSS attempts to authenticate using the next AAA method, which is the
local method.
4 The WSS switch consults its local database for an entry that matches Jose@example.com.
5 If a suitable local database entry exists, the authentication proceeds. If not, authentication fails
and Jose@example.com is not allowed to access the network.
840-9502-0025
RADIUS
Server-1
Server-group-1
RADIUS
Server-2
WSS switch
local database
pass fail
set authentication dot1x ssid m
cor
*@exam
le.com
ass-throu
h server-
rou
-1 local
1
1 2 3
4
5
