3Com OfficeConnect WX1200 Release Note page 9

Wireless lan switch and controller mss version 3.0

Hide thumbs Also See for OfficeConnect WX1200:

Command reference manual (646 pages)

Reference manual (520 pages)

Quick start manual (10 pages)

page of 28

/ 28
Bookmarks

Enlarged version

Computer authentication also requires specific con-

figuration considerations on the WX switch:

The username of a computer authentication con-

nection will be in the form of host/fully-quali-

fied-domain-name, for example

host/bob-laptop.3Com.com or host/tac1-lap-

top.support.3Com.com. This username is the same

regardless of the configured protocol

(PEAP-MS-CHAP-V2 or EAP-TLS). An appropriate

userglob would be host/*.domain.com where

domain.com is the Active Directory domain name.

Alternatively, in a smaller deployment you could

use a userglob of ** and have both user and com-

puter authentication go to the same RADIUS

server.

PEAP-MS-CHAP-V2 offload mode is not supported

with computer authentication. You must use

pass-through 802.1x authentication policies with

computer authentication.

AAA

The following table lists the AAA servers and configu-

rations that have been tested with MSS. Tests were

performed to a local user database in most cases, and

additionally to Microsoft Active Directory and LDAP

with specific protocols as noted in the table. The tests

were initially performed using Dynamic WEP, though

subsequent testing has revealed no noticeable differ-

ences in RADIUS compatibility when using WPA.

A result of Pass indicates that the combination is sup-

ported by MSS. A result of NA (Not Applicable) indi-

cates that the RADIUS server tested does not support

the feature. A result of Fail indicates that the RADIUS

Points to Note when using the WX1200 and WX4400

server does not interoperate with MSS for that fea-

ture. A result of NT (Not Tested) indicates that the fea-

ture was not tested.

Win

Configuration

2000

2003

IAS

PEAP-MS-CHAP-

Pass

PEAP-MS-CHAP-

Pass

V2 Offload

EAP-TLS

Pass

EAP-TTLS

Single-Sign-On

Pass

Active Directory

PEAP-MS-CHAP-

Single-Sign-On

LDAP & EAP-TTLS

MSS VSAs

Pass

Mac-based

Pass

authentication

Microsoft Active

Pass

Directory com-

puter authentica-

tion

RADIUS Testing notes Single-Sign-On is defined

as clients being able to use the same username and

password for 802.1X authentication that they use to

RADIUS Servers Tested

Funk

Cisco

Free-

Steel

ACS

Radius

Belted

(Linux)

Radius

Pass

Table of Contents

This manual is also suitable for:

Wx4400

3Com OfficeConnect WX1200 Release Note page 9

Related Manuals for 3Com OfficeConnect WX1200

Related Products for 3Com OfficeConnect WX1200

This manual is also suitable for: