196 CHAPTER 7: AAA COMMANDS
However, if local appears first, followed by a RADIUS server group, MSS
overrides any failed searches in the local WX database and sends an
authentication request to the server group.
If the user does not support 802.1X, MSS attempts to perform MAC
authentication for the user. In this case, if the switch’s configuration
contains a set authentication mac command that matches the SSID the
user is attempting to access and the user’s MAC address, MSS uses the
method specified by the command. Otherwise, MSS uses local MAC
authentication by default.
If the username does not match an authentication rule for the SSID the
user is attempting to access, MSS uses the fallthru authentication type
configured for the SSID, which can be last-resort, web (for Web AAA),
or none.
Examples — The following command configures EAP-TLS authentication
in the local WX database for SSID mycorp and 802.1X client Geetha:
WX4400# set authentication dot1x ssid mycorp Geetha eap-tls
local
success: change accepted.
The following command configures PEAP-MS-CHAP-V2 authentication at
RADIUS server groups sg1 through sg3 for all 802.1X clients at
example.com who want to access SSID examplecorp:
WX4400# set authentication dot1x ssid examplecorp
*@example.com peap-mschapv2 sg1 sg2 sg3
success: change accepted.
See Also
■ “clear authentication dot1x” on page 167
■ “display aaa” on page 180
■ “set authentication admin” on page 189
■ “set authentication console” on page 191
■ “set authentication last-resort” on page 197
■ “set authentication mac” on page 199
■ “set authentication web” on page 201
■ “set service-profile auth-fallthru” on page 296