310 CHAPTER 8: C ONFIGURING AUTHENTICATION , AUTHORIZATION , AND ACCOUNTING PARAMETERSThe EAP-MD5 option does not work with Microsoft wired authenticationclients. PEAP—Protected EAP with Microsoft Challenge HandshakeAuthentication Protocol Version 2 (MS-CHAP-V2). Select this protocolfor wireless clients. Uses TLS for encryption and data integrity checking. Provides MS-CHAP-V2 mutual authentication. Only the server side of the connection needs a certificate. Local EAP-TLS—EAP with TLS. Provides mutual authentication, integrity-protected negotiation,and key exchange. Requires X.509 public key certificates on both sides of theconnection. Provides encryption and integrity checking for the connection. Cannot be used with RADIUS server authentication (requires userinformation to be in the switch’s local database) Pass-Through—No protocol is used by the WX. 3Com MobilitySystem Software (MSS) sends the EAP processing to a RADIUS server.If you select PEAP, the EAP Sub-Protocol is MS-CHAPV2. For otherprotocols, there is no the EAP Sub-Protocol to select.6 Click Next.7 If the authentication rule is disabled, select Enabled.When a rule is disabled, 3WXM does not add it to the switch’sconfiguration.8 Select the authentication method(s) in the Available RADIUS ServerGroups list and click Add.An authentication method specifies where the switch will look for userinformation to authenticate users. You can select a RADIUS server group,LOCAL (the switch’s local user database), or both.MSS tries the methods in the order they appear in the Current RADIUSServer Groups list. To reorder the methods, select a method and click Upor Down.
