478 Configuring Communication with RADIUS
320657-A
Figure 20. Wireless Client, AP access port, WSS Switch, and RADIUS
Servers
In the example shown in Figure 20, the following events occur:
1 The wireless user (client) requests an IEEE 802.11 association from the AP access port.
2 After the AP access point creates the association, the WSS switch sends an Extensible
Authentication Protocol (EAP) identity request to the client.
3 The client sends an EAP identity response.
4 From the EAP response, the WSS switch gets the client’s username. The WSS switch then
searches its AAA configuration, attempting to match the client's username against the user
wildcards in the AAA configuration.
When a match is found, the methods specified by the matching AAA command in the WSS
configuration file indicate how the client is to be authenticated, either locally on the WSS
switch, or through a RADIUS server group.
5 If the client does not support 802.1X, WSS Software attempts to perform MAC authentication
for the client instead. In this case, if the switch’s configuration contains a set authentication
mac command that matches the client’s MAC address, WSS Software uses the method
specified by the command. Otherwise, WSS Software uses local MAC authentication by
default.
(For information about MAC client authentication, see “Configuring MAC Authentication and
Authorization” on page 427.)
WSS
with local
database
Wireless
connection
Wired
connection(s)
AP 2AP 1
RADIUS Server 1
RADIUS Server 2
1
3
2
4
Client (with laptop)
Client (with laptop)
Client (with PDA)
840-9502-0021
