Using Pass-Through; Authenticating Via A Local Database - 3Com WX1200 3CRWX120695A Configuration Manual

450 C 21: C AAA N U
HAPTER ONFIGURING FOR ETWORK SERS
For example, the following command authenticates all wireless users who
request SSID marshes at example.com by offloading PEAP processing
onto the WX switch, while still performing MS-CHAP-V2 authentication
via the server group shorebirds:
WX1200# set authentication dot1x ssid marshes *@example.com
peap-mschapv2 shorebirds
To offload both PEAP and MS-CHAP-V2 processing onto the WX switch,
use the following command:
WX1200# set authentication dot1x ssid marshes *@example.com
peap-mschapv2 local

Using Pass-Through

The pass-through method causes EAP authentication requests to be
processed entirely by remote RADIUS servers in server groups.
For example, the following command enables users at EXAMPLE to be
processed via server group shorebirds or swampbirds:
WX1200# set authentication dot1X ssid marshes EXAMPLE/*
pass-through shorebirds swampbirds
The server group swampbirds is contacted only if all the RADIUS servers in
shorebirds do not respond.
(For an example of the use of pass-through servers plus the local
database for authentication, see "Remote Authentication with Local
Backup" on page 444.)
Authenticating via a To configure the WX switch to authenticate and authorize a user against
Local Database the local database in the WX switch, use the following command:
set authentication dot1x {ssid ssid-name | wired} user-glob
[bonded] protocol local
For example, the following command authenticates 802.1X user Jose for
wired authentication access via the local database:
WX1200# set authentication dot1X Jose wired
peap-mschapv2 local
success: change accepted.