Configuring aaa for users of third-party aps – 3Com WX4400 3CRWX440095A User Manual

482

C

HAPTER

21: C

ONFIGURING

AAA

FOR

N

ETWORK

U

SERS

Configuring AAA
for Users of
Third-Party APs

A WX switch can provide network access for users associated with a
third-party AP that has authenticated the users with RADIUS. You can
connect a third-party AP to a WX switch and configure the WX to provide
authorization for clients who authenticate and access the network
through the AP. Figure 32 shows an example.

Figure 32 WX Switch Serving as RADIUS Proxy

Authentication

Process for Users of a

Third-Party AP

The authentication process for users of a third-party AP is as follows:

1 MSS uses MAC authentication to authenticate the AP.

2 The user contacts the AP and negotiates the authentication protocol to

be used.

3 The AP, acting as a RADIUS client, sends a RADIUS access-request to the

WX. The access-request includes the SSID, the user’s MAC address, and
the username.

4 For 802.1X users, the AP uses 802.1X to authenticate the user, using the

WX as its RADIUS server. The WX proxies RADIUS requests from the AP to
a real RADIUS server, depending on the authentication method specified
in the proxy authentication rule for the user.

For non-802.1X users, the AP does not use 802.1X. The WX sends a
RADIUS query for the special username web-portal-ssid or
last-resort-ssid, where ssid is the SSID name. The fallthru authentication
type (web-portal or last-resort) specified for the wired authentication
port connected to the AP determines which username is used.

WX Switch

Wired Layer 2
connection

RADIUS server

Layer 2
or Layer 3