244 CHAPTER 8: AAA COMMANDS
Provides mutual authentication, integrity-protected negotiation,
and key exchange
Requires X.509 public key certificates on both sides of the
connection
Provides encryption and integrity checking for the connection
Cannot be used with RADIUS server authentication (requires user
information to be in the WX local database)
peap-mschapv2 — Protected EAP (PEAP) with Microsoft Challenge
Handshake Authentication Protocol version 2 (MS-CHAP-V2). For
wireless clients:
Uses TLS for encryption and data integrity checking and server-side
authentication.
Provides MS-CHAP-V2 mutual authentication.
Only the server side of the connection needs a certificate.
The wireless client authenticates using TLS to set up an encrypted
session. Then MS-CHAP-V2 performs mutual authentication using
the specified AAA method.
pass-through — MSS sends all the EAP protocol processing to a
RADIUS server.
EAP-MD5 does not work with Microsoft wired authentication clients.
method1, method2, method3, method4 — At least one and up to four
methods that MSS uses to handle authentication. Specify one or more
of the following methods in priority order. MSS applies multiple
methods in the order you enter them.
A method can be one of the following:
local — Uses the local database of usernames and user groups on
the WX switch for authentication.
server-group-name — Uses the defined group of RADIUS servers
for authentication. You can enter up to four names of existing
RADIUS server groups as methods.
RADIUS servers cannot be used with the EAP-TLS protocol.