Table of Contents
Advertisement
340
C
13: C
HAPTER
ONFIGURING
Combining EAP
Offload with
Pass-Through
Authentication
WX1200# set authentication dot1x ssid bobblehead mktg\* peap-mschapv2 sg1
WX1200# set authentication dot1x ssid aircorp *@eng.example.com pass-through sg1
AAA
N
FOR
ETWORK
The following example illustrates how to enable PEAP-MS-CHAP-V2
offload for the marketing (mktg) group and RADIUS pass-through
authentication for members of engineering. This example assumes that
engineering members are using DNS-style naming, such as is used with
EAP-TLS. a WX server certificate is also required. Because the WX switch
requires a certificate for authentication, a self-signed certificate is shown
in this example.
1 Configure the RADIUS server r1 at IP address 10.1.1.1 with the string
starry for the key. Type the following command:
WX1200# set radius server r1 address 10.1.1.1 key starry
2 Configure the server group sg1 with member r1. Type the following
command:
WX1200# set server group sg1 members r1
3 To authenticate all 802.1X users of SSID bobblehead in the group mktg
using PEAP on the WX switch and MS-CHAP-V2 on server sg1, type the
following command:
4 To authenticate all 802.1X users of SSID aircorp in @eng.example.com via
pass-through to sg1, type the following command:
5 To generate a public-private key pair and a self-signed EAP certificate,
type the following commands:
WX1200# crypto generate key eap 1024
key pair generated
WX1200# crypto generate self-signed eap
Country Name: US
State Name: CA
Locality Name: Campus1
Organizational Name: Example
Organizational Unit: IT
Common Name: WX 33
Email Address: admin@example.com
Unstructured Name: wiring closet south campus
6 Save the configuration:
WX1200# save config
success: configuration saved.
U
SERS
Advertisement
Table of Contents
