Vlans And Users; Configuring Pass-Through Authentication - 3Com 3CRWX120695A Installation And Basic Configuration Manual

78 C 3: C
HAPTER ONFIGURING A

VLANs and Users

Configuring
Pass-Through
Authentication
WX S B
WITCH FOR
This section provides examples for configuring Protected EAP with
Microsoft Challenge Handshake Authentication Protocol version 2
(PEAP-MS-CHAP-V2) authentication for 802.1X users, in pass-through
and offload configurations. (For information about configuring other
authentication types, see the
Configuration Guide.)
For each user, an attribute must be set in the local database or on a
RADIUS server to assign the user to a VLAN. This is true regardless of the
authentication type you use. You can use either of the following
attributes to assign a user to a VLAN:
Tunnel-Private-Group-ID—This attribute is described in RFC 2868,
RADIUS Attributes for Tunnel Protocol Support.
VLAN-Name—This attribute is a 3Com vendor-specific attribute (VSA).
You cannot configure the Tunnel-Private-Group-ID attribute in the local
user database.
Specify the VLAN name, not the VLAN number. The examples in this
chapter assume the VLAN is assigned on a RADIUS server with either of
the valid attributes.
Other RADIUS attributes and VSAs are optional. (For information about
3Com VSAs, see the
Guide.)
To configure a WX switch to use a group of RADIUS servers to perform all
user authentication:
1 Configure the RADIUS servers and add them to a server group. You must
configure a server group even if you have only one server. (See
"Configuring RADIUS Servers for Pass-Through Authentication" on
page 79.)
2 Set the authentication protocol to pass-through. Pass-through
authentication does not require local user information or user certificates
on the WX switch. (See "Configuring the Authentication Protocol for
Pass-Through Authentication" on page 80.)
Figure 10 shows an example of pass-through user authentication.
S
ASIC ERVICE
Wireless LAN Switch and Controller
Wireless LAN Switch and Controller Configuration