Specifications

AAA Tools for Network Users

17-10 Configuring AAA for Network Users

3. ToenablePEAPoffloadpluslocalauthenticationforallusersofSSIDmycorpat

@example.com,theadministratorentersthefollowingcommand.

RBT-8100# set authentication dot1x ssid mycorp *@example.com peap-mschapv2 server-group-

1 local

Figure 17‐2showstheresultsofthiscombinationofmethods.

Figure 17-2 Remote Pass-Through or Local Authentication

Authenticationproceedsasfollows:

1. WhenuserJose@example.comattemptsauthentication,theRoamAboutswitchsendsan

authenticationrequesttothefirstAAAmethod,whichisserver‐group‐1.

Becauseserver‐group‐1containstwoservers,thefirstRADIUSserver,server‐1,iscontacted.If

thisserverresponds,theauthenticationproceedsusingserver‐1.

2. Ifserver‐1failstorespond,theRoamAboutswitchretriestheauthenticationusingserver‐2.If

server‐2responds,theauthenticationproceedsusingserver‐2.

3. Ifserver‐2doesnotrespond,becausetheRoamAboutswitchhasnomoreserverstotryin

server‐group‐1,theRoamAboutswitchattemptsto

authenticateusingthenextAAAmethod,

whichisthelocalmethod.

4. TheRoamAboutswitchconsultsitsloca ldatabaseforanentrythatmatches

Jose@example.com.

5. Ifasuitablelocaldatabaseentryexists,theauthenticationproceeds.Ifnot,authenticationfails

andJose@example.comisnotallowedtoaccessthe network.

RADIUS

Server-1

Server-group-1

RADIUS

Server-2

RoamAbout

switch

local database

pass fail

set authentication dot1x ssid mycorp *@example.com peap-mschapv2 server-group-1 local

1 2 3