336
C
7: C
HAPTER
ONFIGURING
A
, A
UTHENTICATION
UTHORIZATION
5 To enable this authentication rule for the SSID, select Enabled. By
default, a rule you configure in 3WXM is disabled, which means 3WXM
does not add the rule to a WX switch's configuration.
6 For 802.1X authentication only, to bind authentication of the user with
authentication of the user's machine, select Enable Bonded
Authentication.
When this option is enabled, the user can be successfully authenticated
only if the machine the user is logging on from has already been
authenticated and is therefore a known and trusted device.
7 For 802.1X authentication only, select one of the following as the EAP
type:
EAP-MD5 — Extensible Authentication Protocol (EAP) with
message-digest algorithm 5. Select this protocol for wired
authentication clients.
Uses challenge-response to compare hashes.
Provides no encryption or integrity checking for the connection.
EAP-MD5 does not work with Microsoft wired authentication
clients.
PEAP — Protected EAP with Microsoft Challenge Handshake
Authentication Protocol Version 2 (MS-CHAP-V2). Select this protocol
for wireless clients.
Uses TLS for encryption and data integrity checking.
Provides MS-CHAP-V2 mutual authentication.
Only the server side of the connection needs a certificate.
EAP-TLS — EAP with TLS.
Provides mutual authentication, integrity-protected negotiation,
and key exchange.
Requires X.509 public key certificates on both sides of the
connection.
Provides encryption and integrity checking for the connection.
Pass-Through — No protocol is used by the WX. 3Com Mobility
System Software (MSS) sends the EAP processing to a RADIUS server.
,
A
P
AND
CCOUNTING
ARAMETERS