Table of Contents
Advertisement
Authentication proceeds as follows:
1 When user Jose@example.com attempts authentication, the WX switch
sends an authentication request to the first AAA method, which is
server-group-1.
Because server-group-1 contains two servers, the first RADIUS server,
server-1, is contacted. If this server responds, the authentication proceeds
using server-1.
2 If server-1 fails to respond, the WX retries the authentication using
server-2. If server-2 responds, the authentication proceeds using server-2.
3 If server-2 does not respond, because the WX switch has no more servers
to try in server-group-1, the WX attempts to authenticate using the next
AAA method, which is the local method.
4 The WX switch consults its local database for an entry that matches
Jose@example.com.
5 If a suitable local database entry exists, the authentication proceeds. If
not, authentication fails and Jose@example.com is not allowed to access
the network.
IEEE 802.1X
Extensible Authentication Protocol (EAP) is a generic point-to-point
Extensible
protocol that supports multiple authentication mechanisms. EAP has
Authentication
been adopted as a standard by the Institute of Electrical and Electronic
Protocol Types
Engineers (IEEE). IEEE 802.1X is an encapsulated form for carrying
authentication messages in a standard message exchange between a user
(client) and an authenticator.
Table 27 summarizes the EAP protocols (also called types or methods)
supported by MSS.
Table 27 EAP Authentication Protocols for Local Processing
EAP Type
Description
EAP-MD5
Authentication algorithm
that uses a
(EAP with
challenge-response
Message Digest
mechanism to compare
Algorithm 5)
hashes
AAA Tools for Network Users
Use
Considerations
Wired
This protocol
authentication only
*
provides no
encryption or
key
establishment.
289
Advertisement
Table of Contents
