Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRBT-8200

261

262

263

264

265

266

267

268

269

270

RoamAbout Mobility System Software Command Line Reference 8-33

Default

Bydefault,authenticationisunconfiguredforallclientswithnetworkaccessthroughAPportsor

wiredauthenticationportsontheRAS.Connection,authorization,andaccountingarealso

disabledfortheseusers.

Bondedauthenticationisdisabledbydefault.

Mode

Enabled.

Usage

Youcanconfiguredifferentauthenticationmethodsfordifferentgroupsofusersby“globbing.” 

(Fordetails,see“UserGlobs”onpage 1‐3.)

YoucanconfigurearuleeitherforwirelessaccesstoanSSID,orforwiredaccessthrougha

RoamAboutswitch’swiredauthenticationport.Iftheruleisforwireless

accesstoanSSID,specify

theSSIDnameorspecifyanytomatchonallSSIDnames.Iftheruleisforwiredaccess,specify

wiredinsteadofanSSIDname.

YoucannotconfigureclientauthenticationthatusesboththeEAP‐TLSprotocolandoneormore

RADIUSservers.EAP‐TLS

authenticationissupportedonlyonthelocalRASdatabase.

Ifyouspecifymultipleauthenticationmethodsinthesetauthenticationdot1xcommand,MSS

appliesthemintheorderinwhichtheyappearinthecommand,withtheseresults:

•Ifthefirstmethodrespondswithpassorfail,theevaluationisfinal.

•If

thefirstmethoddoesnotrespond,MSStriesthesecondmethod,andsoon.

•However,iflocalappearsfirst,followedbyaRADIUS servergroup,MSSoverridesanyfailed

searchesinthelocalRASdatabaseandsendsanauthenticationrequesttotheservergroup.

Iftheuserdoesnotsupport802.1X,

MSSattemptstoperformMACauthenticationfortheuser.In

thiscase,iftheswitch’sconfigurationcontainsasetauthenticationmaccommandthatmatches

theSSIDtheuserisattemptingtoaccessandtheuser’sMACaddress,MSSusesthemethod

specifiedbythecommand.Otherwise,MSSuseslocalMAC

authenticationbydefault.

IftheusernamedoesnotmatchanauthenticationrulefortheSSIDtheuserisattemptingto

access,MSSusesthefallthruauthenticationtypeconfiguredfortheSSID,whichcanbelast‐resort,

web‐portal(forWebAAA),ornone.

Example

ThefollowingcommandconfiguresEAP‐TLSauthenticationinthelocalRASdatabaseforSSID

mycorpand802.1XclientGeetha:

RBT-8100# set authentication dot1x ssid mycorp Geetha eap-tls local

success: change accepted.

ThefollowingcommandconfiguresPEAP‐MS‐CHAP‐V2authenticationatRADIUSservergroups

sg1throughsg3forall802.1Xclientsatexam ple.comwhowanttoaccessSSIDexamplecorp:

RBT-8100# set authentication dot1x ssid examplecorp *@example.com peap-mschapv2

sg1 sg2 sg3

success: change accepted.