Hub/Switch Reference Guide

ManualsBrandsNortel Networks ManualsSwitch2300 Series

191

192

193

194

195

196

197

198

199

200

AAA Commands 197

Nortel WLAN—Security Switch 2300 Series Command Line Reference

protocol Protocol used for authentication. Specify one of the following:

• eap-md5—Extensible Authentication Protocol (EAP) with

message-digest algorithm 5. For wired authentication clients:

• Uses challenge-response to compare hashes

•Provides no encryption or integrity checking for the

connection

Note: The eap-md5 option does not work with Microsoft wired authentication

clients.

• eap-tls—EAP with Transport Layer Security (TLS):

• Provides mutual authentication, integrity-protected

negotiation, and key exchange

• Requires X.509 public key certificates on both sides of the

connection

• Provides encryption and integrity checking for the

connection

• Cannot be used with RADIUS server authentication

(requires user information to be in the switch’s local

database)

• peap-mschapv2—Protected EAP (PEAP) with Microsoft

Challenge Handshake Authentication Protocol version 2 (MS-

CHAP-V2). For wireless clients:

• Uses TLS for encryption and data integrity checking and

server-side authentication

• Provides MS-CHAP-V2 mutual authentication

• Only the server side of the connection needs a certificate.

The wireless client authenticates using TLS to set up an

encrypted session. Then MS-CHAP-V2 performs mutual

authentication using the specified AAA method.

• pass-through—WSS Software sends all the EAP protocol

processing to a RADIUS server.

method1

method2

method3

method4

At least one and up to four methods that WSS Software uses to handle

authentication. Specify one or more of the following methods in priority order.

WSS Software applies multiple methods in the order you enter them.

A method can be one of the following:

• local—Uses the local database of usernames and user groups

on the WSS for authentication.

• server-group-name—Uses the defined group of RADIUS

servers for authentication. You can enter up to four names of

existing RADIUS server groups as methods.

RADIUS servers cannot be used with the EAP-TLS protocol.

For more information, see “Usage.”