3Com WX4400 3CRWX440095A User Manual

AAA Tools for Network Users

445

Figure 31 shows the results of this combination of methods.

Figure 31 Remote Authentication with PEAP Offload using Local Authentication
as Backup

Authentication proceeds as follows:

1 When user [email protected] attempts authentication, the WX switch

sends an authentication request to the first AAA method, which is
server-group-1.

Because server-group-1 contains two servers, the first RADIUS server,
server-1, is contacted. If this server responds, the authentication proceeds
using server-1.

2 If server-1 fails to respond, the WX retries the authentication using

server-2. If server-2 responds, the authentication proceeds using server-2.

3 If server-2 does not respond, because the WX switch has no more servers

to try in server-group-1, the WX attempts to authenticate using the next
AAA method, which is the local method.

4 The WX switch consults its local database for an entry that matches

[email protected].

5 If a suitable local database entry exists, the authentication proceeds. If

not, authentication fails and [email protected] is not allowed to access
the network.

RADIUS
Server-1

Server-group-1

RADIUS
Server-2

WX switch

local database

pass fail

set authentication dot1x ssid mycorp *@example.com pass-through server-group-1 local

1

1

2

3

4

5