Aaa Security Configuration; Authentication - 3Com 3CRWX120695A User Manual

Wireless lan mobility system wireless lan switch manager

Hide thumbs Also See for 3CRWX120695A:

Configuration manual (728 pages)

Reference manual (570 pages)

Command reference manual (526 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

page of 190

/ 190
Contents
Table of Contents
Bookmarks

Table of Contents

2: P

HAPTER

LANNING AND

AAA Security

Configuration

ANAGING

OUR

IRELESS

If services are being used for customer corporate entities (e.g. different

airlines on an airport wireless net), then they would probably use 802.1X

and strong encryption with web guest access for their airport club guests.

If the services are being used to advertise multiple wireless service

providers (WISP), such as T-Mobile

then these services would probably be completely open. However, they

would likely be assigned to their own dedicated subnet containing their

proxy server/billing gateway.

An administrator can control the way in which users access the network.

For each service you provide, you can configure unique authentication,

authorization, and accounting (AAA) security features, creating an

entirely virtualized wireless service. For each service, you configure:

Multiple authentication choices (802.1X, Web, AAA, MAC

authentication, Bonded Auth, open)

AAA methods (up to four RADIUS server groups, or a local database

on the WX switch)

Authentication

Authentication is the method of determining whether a user is allowed

access to your network. Users can be authenticated by a RADIUS server

(pass-through) or by the WX switch local database (local). The WX switch

can also assist the RADIUS server by performing the Extensible

Authentication Protocol (EAP) processing for the server (offload).

To authenticate users, you will need to configure users either in the local

database or on RADIUS servers. Each user will have a username,

password, and RADIUS and/or vendor-specific attributes (VSAs). You will

also need to configure authentication rules (802.1X, MAC, last-resort, or

web authentication).

See Figure 8 on page 39 to see a flowchart representing the

authentication process. Generally, 802.1X authentication is attempted

first. If the user fails, then MAC authentication is attempted. If this fails,

then last resort and web authentication is used. For a service profile, you

specify either web authentication, last-resort, or none in the

auth-fall-thru box. You can only select one.

3WXM

ETWORK WITH

, Wayport ®, and Boingo Wireless

Table of Contents

This manual is also suitable for:

3crwx440095a Crwxr10095a 3crwxr10095a

Aaa Security Configuration; Authentication - 3Com 3CRWX120695A User Manual

Authentication

Related Manuals for 3Com 3CRWX120695A

Related Content for 3Com 3CRWX120695A

This manual is also suitable for:

Table of Contents