Filter
Top Products
set authentication dot1x 245
Defaults — By default, authentication is unconfigured for all clients with
network access through MAP ports or wired authentication ports on the
WX switch. Connection, authorization, and accounting are also disabled
for these users.
Bonded authentication is disabled by default.
Access — Enabled.
History —Introduced in MSS Version 3.0.
Usage — You can configure different authentication methods for
different groups of users by “globbing.” (For details, see “User Globs” on
page 30.)
You can configure a rule either for wireless access to an SSID, or for wired
access through a WX wired authentication port. If the rule is for wireless
access to an SSID, specify the SSID name or specify any to match on all
SSID names. If the rule is for wired access, specify wired instead of an
SSID name.
You cannot configure client authentication that uses both EAP-TLS
protocol and one or more RADIUS servers. EAP-TLS authentication is
supported only on the local WX database.
If you specify multiple authentication methods in the set authentication
dot1x command, MSS applies them in the order in which they appear in
the command, with these results:
If the first method responds with pass or fail, the evaluation is final.
If the first method does not respond, MSS tries the second method, and so on.
However, if local appears first, followed by a RADIUS server group, MSS
overrides any failed searches in the local WX database and sends an
authentication request to the server group.
If the user does not support 802.1X, MSS attempts to perform MAC
authentication for the user. In this case, if the WX configuration contains
a set authentication mac command that matches the SSID the user is
attempting to access and the user MAC address, MSS uses the method
specified by the command. Otherwise, MSS uses local MAC
authentication by default.