Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRoamAbout RBT-8100

351

352

353

354

355

356

357

358

359

360

Configuring 802.1X Authentication

17-14 Configuring AAA for Network Users

Configuring EAP Offload

YoucanconfiguretheRoamAboutSwitchtooffloadallEAPprocessingfromservergroups.In

thiscase,theRADIUSserverisnotrequiredtocommunicateusingtheEAPprotocols.

ForPEAP‐MS‐CHAP‐V2offload,youdefine acompleteuserprofileinthelocalRoamAbout

Switchdatabaseand onlyausername

andpasswordonaRADIUSserver.

Example

ThefollowingcommandauthenticatesallwirelessuserswhorequestSSIDmarshesat

example.combyoffloadingPEAPprocessingontotheRoamAboutSwitch,whilestillperforming

MS‐CHAP‐V2authenticationviatheservergroupshorebirds:

RBT-8100# set authentication dot1x ssid marshes *@example.com peap-mschapv2

shorebirds

TooffloadbothPEAPandMS‐CHAP‐V2processingontotheRoamAboutswitch,usethe

followingcommand:

RBT-8100# set authentication dot1x ssid marshes *@example.com peap-mschapv2

local

Using Pass-Through

Thepass‐throughmethodcausesEAPauthenticationrequeststobeprocessedentirelybyremote

RADIUSserversinservergroups.

Example

ThefollowingcommandenablesusersatEXAMPLEtobeprocessedviaservergroupshorebirdsor

swampbirds:

RBT-8100# set authentication dot1X ssid marshes EXAMPLE/* pass-through

shorebirds swampbirds

TheservergroupswampbirdsiscontactedonlyifalltheRADIUSserversinshorebirdsdonot

respond.

(Foranexampleoftheuseofpass‐throughserversplusthelocaldatabaseforauthentication,see

“RemoteAuthenticationwithLocalBackup”onpage 17‐9.)

Authenticating via a Local Database

ToconfiguretheRoamAboutswitchtoauthenticateandauthorizeauseragainstthelocal

databaseintheRoamAboutswitch,usethefollowingcommand:

set authentication dot1x {ssid ssid-name | wired} user-glob [bonded] protocol

local

Example

Thefollowingcommandauthenticates80 2.1XuserJoseforwiredauthenticationaccessviathe

localdatabase:

RBT-8100# set authentication dot1X Jose wired peap-mschapv2 local

success: change accepted.