Aaa Methods For Ieee 802.1X And Web Network Access; Aaa Rollover Process; Local Override Exception - Nortel 2360 Configuration Manual
Wlan-security switch 2300 series
Hide thumbs
Also See for 2360:
- Reference manual (480 pages) ,
- User manual (218 pages) ,
- Installation and basic configuration manual (172 pages)
Table of Contents
Advertisement
AAA methods for IEEE 802.1X and Web network access
The following AAA methods are supported by Nortel for 802.1X and Web network access mode:
•
Client certificates issued by a certificate authority (CA) for authentication.
•
(For this method, you assign an authentication protocol to a user. For protocol details, see
Extensible Authentication Protocol types" (page
•
The WSS switch's local database of usernames and user groups for authentication.
•
(For configuration details, see
"Authenticating through a local database" (page
groups locally" (page
•
A named group of RADIUS servers. The WSS supports up to four server groups, which can each contain
between one and four servers.
(For server group details, see
You can use the local database or RADIUS servers for MAC access as well. If you use RADIUS servers, make
sure you configure the password for the MAC address user as nortel. (This is the default authorization
password. To change it, see
AAA rollover process
A WSS attempts AAA methods in the order in which they are entered in the configuration:
1
The first AAA method in the list is used unless that method results in an error. If the method
results in a pass or fail, the result is final and the WSS tries no other methods.
2
If the WSS receives no response from the first AAA method, it tries the second method in the
list.
3
If the WSS receives no response from the second AAA method, it tries the third method. This
evaluation process is applied to all methods in the list.
Note.
If a AAA rule specifies local as a secondary AAA method, to be used if the
RADIUS servers are unavailable, and WSS Software authenticates a client with the local
method, WSS Software starts again at the beginning of the method list when attempting to
authorize the client. This can cause unexpected delays during client processing and can
cause the client to time out before completing logon.
Local override exception
The one exception to the operation described in
first method in the list and is followed by a RADIUS server group method. If the local method fails to find a
matching username entry in the local database, the WSS tries the next RADIUS server group method. This
exception is referred to as local override.
If the local database is the last method in the list, however, local authentication must either accept or deny the
user, because it has no other method to roll over to.
"Adding and clearing local users for Administrative Access" (page
491).)
"Configuring RADIUS server groups" (page
"Changing the MAC authorization password for RADIUS" (page
"AAA rollover process"
Nortel WLAN—Security Switch 2300 Series Configuration Guide
Configuring AAA for network users 477
480).)
486), and
"Adding and clearing MAC users and user
takes place if the local database is the
"IEEE 802.1X
77),
567).)
493).)
- Quick Links:
- Using the Command-Line Interface
Hide quick links:
Advertisement
Table of Contents
