Specifications
set authentication dot1x
Chapter 9
AAA Commands
211
Defaults
By default, authentication is unconfigured for all clients on the
UNIVERGE WL Controller. Connection, authorization, and accounting are also
disabled for these users.
Bonded authentication is disabled by default.
Access
Enabled.
Usage
You can configure different authentication methods for different groups
of users by “globbing.” (For details, see “User Globs” on page 9.)
You can configure a rule either for wireless access to an SSID. If the rule is for
wireless access to an SSID, specify the SSID name or specify any to match on all
SSID names.
You cannot configure client authentication that uses both EAP-TLS protocol and
one or more RADIUS servers. EAP-TLS authentication is supported only on the
local UNIVERGE WL Controller database.
If you specify multiple authentication methods in the set authentication dot1x
command, UNIVERGE WL Control System applies them in the order in which
they appear in the command, with these results:
l If the first method responds with pass or fail, the evaluation is final.
l If the first method does not respond, UNIVERGE WL Control System tries
the second method, and so on.
l However, if local appears first, followed by a RADIUS server group,
UNIVERGE WL Control System overrides any failed searches in the local
UNIVERGE WL Controller database and sends an authentication request to
the server group.
If the user does not support 802.1X, UNIVERGE WL Control System attempts to
perform MAC authentication for the user. In this case, if the UNIVERGE WL
Controller configuration contains a set authentication mac command that
matches the SSID the user is attempting to access and the user MAC address,
UNIVERGE WL Control System uses the method specified by the command.
Otherwise, UNIVERGE WL Control System uses local MAC authentication by
default.