Command Reference Guide
set authentication dot1x 233
However, if local appears first, followed by a RADIUS server group, MSS
overrides any failed searches in the local WX database and sends an
authentication request to the server group.
If the user does not support 802.1X, MSS attempts to perform MAC
authentication for the user. In this case, if the switch’s configuration
contains a set authentication mac command that matches the SSID the
user is attempting to access and the user’s MAC address, MSS uses the
method specified by the command. Otherwise, MSS uses local MAC
authentication by default.
If the username does not match an authentication rule for the SSID the
user is attempting to access, MSS uses the fallthru authentication type
configured for the SSID, which can be last-resort, web (for WebAAA),
or none.
Examples — The following command configures EAP-TLS authentication
in the local WX database for SSID mycorp and 802.1X client Geetha:
WX4400# set authentication dot1x ssid mycorp Geetha eap-tls
local
success: change accepted.
The following command configures PEAP-MS-CHAP-V2 authentication at
RADIUS server groups sg1 through sg3 for all 802.1X clients at
example.com who want to access SSID examplecorp:
WX4400# set authentication dot1x ssid examplecorp
*@example.com peap-mschapv2 sg1 sg2 sg3
success: change accepted.
See Also
clear authentication dot1x on page 204
display aaa on page 217
set authentication admin on page 226
set authentication console on page 228
set authentication last-resort on page 234
set authentication mac on page 236
set authentication web on page 239
set service-profile auth-fallthru on page 352