Filter
Top Products
12 WIRELESS LAN SWITCH AND CONTROLLER MSS VERSION 6.0.4.6 RELEASE NOTES
Computer authentication also requires specific con-
figuration considerations on the WX switch:
■ The username of a computer authentication connection
will be in the form of host/fully-qualified-domain-name,
for example host/bob-laptop.3Com.com or
host/tac1-laptop.support.3Com.com. This username is
the same regardless of the configured protocol
(PEAP-MS-CHAP-V2 or EAP-TLS). An appropriate user-
glob would be host/*.domain.com where domain.com
is the Active Directory domain name. Alternatively, in a
smaller deployment you could use a userglob of ** and
have both user and computer authentication go to the
same RADIUS server.
■ PEAP-MS-CHAP-V2 offload mode is not supported
with computer authentication. You must use
pass-through 802.1X authentication policies with
computer authentication.
AAA
The following table lists the AAA servers and configu-
rations that have been tested with MSS. Tests were
performed to a local user database in most cases, and
additionally to Microsoft Active Directory and LDAP
with specific protocols as noted in the table. The tests
were initially performed using Dynamic WEP, though
subsequent testing has revealed no noticeable differ-
ences in RADIUS compatibility when using WPA.
A result of Pass indicates that the combination is sup-
ported by MSS. A result of NA (Not Applicable) indi-
cates that the RADIUS server tested does not support
the feature. A result of Fail indicates that the RADIUS
server does not interoperate with MSS for that fea-
ture. A result of NT (Not Tested) indicates that the fea-
ture was not tested.
Testing notes Single-Sign-On is defined as clients
being able to use the same username and password
for 802.1X authentication that they use to authenti-
cate with network services and logon to their local PC.
■ A Pass result for 3Com VSAs indicates that the
VSAs were able to be added to the RADIUS server
manually. Future versions of Steel Belted RADIUS
and FreeRadius are planned to include standard
definitions of the 3Com VSAs.
■ Funk Steel Belted Radius version used for testing is
4.53
Configuration
RADIUS Servers Tested
Win
2000 IAS
Win
2003 IAS
Funk
Steel
Belted
Radius
Cisco
ACS
Free-
Radius
(Linux)
PEAP-MS-CHAP-V2 Pass Pass Pass Pass Pass
PEAP-MS-CHAP-V2
Offload
Pass Pass Pass Pass Pass
EAP-TLS Pass Pass Pass NT Pass
EAP-TTLS NA NA Pass NA NT
Single-Sign-On
Active Directory &
PEAP-MS-CHAP-V2
Pass Pass Pass Pass NA
Single-Sign-On
LDAP & EAP-TTLS
NA NA Pass NT NT
3Com VSAs Pass Pass Pass Pass Pass
MAC-based
authentication
Pass Pass Pass Pass Pass
Microsoft Active
Directory computer
authentication
Pass Pass NA Pass NA