Configuring AAA for network users 469Nortel WLAN—Security Switch 2300 Series Configuration GuideAuthentication algorithmWSS Software can try more than one of the authentication types described in “Authentication types” to authenticate auser. WSS Software tries 802.1X first. If the user’s NIC supports 802.1X but fails authentication, WSS Software deniesaccess. Otherwise, WSS Software tries MAC authentication next. If MAC authentication is successful, WSS Softwaregrants access to the user. Otherwise, WSS Software tries the fallthru authentication type specified for the SSID or wiredauthentication port. The fallthru authentication type can be one of the following:• Web• Last-resort• NoneWeb and last-resort are described in “Authentication types” (page 468). None means the user is automatically deniedaccess. The fallthru authentication type for wireless access is associated with the SSID (through a service profile). Thefallthru authentication type for wired authentication access is specified with the wired authentication port. (For informa-tion about service profiles, see “Service profiles” (page 220). For information about wired authentication portconfiguration, see “Setting a port for a wired authentication user” (page 92).)Figure 1 shows how WSS Software tries the authentication types for wireless access. (The authentication process issimilar for access through a wired authentication port, except last-resort access requires a last-resort-wired user.)Note. The fallthru authentication type None is different from the authentication methodnone you can specify for administrative access. The fallthru authentication type Nonedenies access to a network user. In contrast, the authentication method none allowsaccess to the WSS by an administrator. (See “Configuring Web-based AAA foradministrative and local access” (page 69).)