Ieee 802.1X Extensible Authentication Protocol Types - 3Com WX1200 3CRWX120695A Configuration Manual

Wireless lan mobility system wireless lan switch and controller
Hide thumbs Also See for WX1200 3CRWX120695A:
Table of Contents

Advertisement

446
C
21: C
HAPTER
ONFIGURING
IEEE 802.1X
Extensible
Authentication
Protocol Types
AAA
N
U
FOR
ETWORK
SERS
If one of the RADIUS servers in the group does respond, but it indicates
that the user does not exist on the RADIUS server, or that the user is not
permitted on the network, then authentication for the user fails,
regardless of any additional methods. Only if all the RADIUS servers in the
server group do not respond does the WX attempt to authenticate using
the next method in the list.
Also note that if the primary authentication method is local and the
secondary method is RADIUS, but the user does not exist in the local
database, then the WX does attempt to authenticate using RADIUS. See
"Local Override Exception" on page 443.
Using pass-through authentication as the primary authentication method and
the local database as the secondary authentication method is not supported.
Extensible Authentication Protocol (EAP) is a generic point-to-point
protocol that supports multiple authentication mechanisms. EAP has
been adopted as a standard by the Institute of Electrical and Electronic
Engineers (IEEE). IEEE 802.1X is an encapsulated form for carrying
authentication messages in a standard message exchange between a user
(client) and an authenticator.
Table 38 summarizes the EAP protocols (also called types or methods)
supported by MSS.
Table 38 EAP Authentication Protocols for Local Processing
EAP Type
Description
EAP-MD5
Authentication algorithm
that uses a
(EAP with
challenge-response
Message Digest
mechanism to compare
Algorithm 5)
hashes
EAP-TLS
Protocol that provides
mutual authentication,
(EAP with
integrity-protected
Transport Layer
encryption algorithm
Security)
negotiation, and key
exchange. EAP-TLS
provides encryption and
data integrity checking for
the connection.
Use
Considerations
Wired
This protocol
*
authentication only
provides no
encryption or key
establishment.
Wireless and wired
This protocol
authentication.
requires X.509
public key
All authentication is
certificates on
processed on the
both sides of
WX switch.
the connection.
Requires use of
local database.
Not supported
for RADIUS.

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents