Configuring AAA for Network Users 473Nortel WLAN Security Switch 2300 Series Configuration GuideEnabling PEAP-MS-CHAP-V2 AuthenticationThe following example illustrates how to enable local PEAP-MS-CHAP-V2 authentication for all 802.1X networkusers. This example includes local usernames, passwords, and membership in a VLAN. This example includes oneusername and an optional attribute for session-timeout in seconds. Because the WSS switch requires a certificate forauthentication, configuration of a self-signed certificate is shown.1 To set authentication for all 802.1X users of SSID thiscorp, type the following command:23x0# set authentication dot1x ssid thiscorp * peap-mschapv2 local2 To add user Natasha to the local database on the WSS switch, type the following command:23x0# set user Natasha password moon3 To assign Natasha to a VLAN named red, type the following command:23x0# set user Natasha attr vlan-name red4 To assign Natasha a session timeout value of 1200 seconds, type the following command:23x0# set user Natasha attr session-timeout 12005 To generate a public-private key pair and a self-signed EAP certificate, type the following commands:23x0# crypto generate key eap 1024key pair generated23x0# crypto generate self-signed eapCountry Name: USState Name: CALocality Name: campus1Organizational Name: ExampleOrganizational Unit: ITCommon Name: WSS33Email Address: admin@example.comUnstructured Name: wiring closet 226 Save the configuration:WSS-20 save configsuccess: configuration saved.(For information about encryption keys and certificates, see “Managing Keys and Certificates,” on page 379.)