Configuring AAA for Network Users 443
Nortel WLAN Security Switch 2300 Series Configuration Guide
Requirements
Third-Party AP Requirements
• The third-party AP must be connected to the WSS switch through a wired Layer 2 link. WSS Software
cannot provide data services if the AP and WSS are in different Layer 3 subnets.
• The AP must be configured as the WSS’s RADIUS client.
• The AP must be configured so that all traffic for a given SSID is mapped to the same 802.1Q tagged
VLAN. If the AP has multiple SSIDs, each SSID must use a different tag value.
WSS Switch Requirements
• The WSS port connected to the third-party AP must be configured as a wired authentication port. If SSID
traffic from the AP is tagged, the same VLAN tag value must be used on the wired authentication port.
• A MAC authentication rule must be configured to authenticate the AP.
• The WSS must be configured as a RADIUS proxy for the AP. The WSS is a RADIUS server to the AP
but remains a RADIUS client to the real RADIUS servers.
• An authentication proxy rule must be configured for the AP’s users. The rule matches based on SSID and
username, and selects the authentication method (a RADIUS server group) for proxying.
