Specifications

Configuring 802.1X Authentication

RoamAbout Mobility System Software Configuration Guide 17-13

Wiredusersarenotelig iblefortheencryptionperformedonthetrafficofwirelessusers,butthey

canbeauthenticatedbyanEAP m ethod,aMACaddress,aWebloginpageservedbythe

RoamAboutswitch,oralast‐resortusernam e.

Configuring 802.1X Authentication

TheIEEE802.1XstandardisaframeworkforpassingEAPprotocolsoverawiredorwireless

LAN.Withinthisframework,youcanuseTLS,PEAP‐TTLS,orEAP‐MD5.MostEAPprotocols

canbepassedthroughtheRoamAboutswitchtotheRADIUSserver.Someprotocolscanbe

processedlocallyonthe

RoamAboutswitch.

Thefollowing802.1Xauthenticationcommandallowsdifferingauthenticationtreatmentsfor 

multipleusers:

set authentication dot1x {ssid ssid-name | wired} user-glob [bonded] protocol

method1 [method2] [method3] [method4]

Example

ThefollowingcommandauthenticateswirelessuserTamara,whenrequestingSSIDwetlands,asan

802.1XuserusingthePEAP‐MS‐CHAP‐V2methodviatheservergroupshor ebirds,whichcontains

oneormoreRADIUSservers:

RBT-8100# set authentication dot1x ssid wetlands Tamara peap-mschapv2 shorebirds

Whenauserattemptstoconnectthrough802.1X,thefollowingeventsoccur:

1. Foreach802.1Xloginattempt,MSSexamineseachcommandintheconfigurationfileinstrict

configurationorder.

2. ThefirstcommandwhoseSSIDanduserglobmatchestheSSIDandincomingusernameis

usedtoprocessthisauthentication.Thecommanddetermines

exactlyhowthisparticular

(Formoreinformationaboutuserglobs,see“UserGlobs”onpage 1‐4.)