MSM7xx Controllers Configuration Guide v6.4.0
NOTE: LEAP is not supported on access-controlled VSCs.
• PEAPv0: Protected Extensible Authentication Protocol. One of the most supported
implementations across all client platforms. Uses MSCHAPv2 as the inner protocol.
• PEAPv1: Protected Extensible Authentication Protocol. Alternative to PEAPv0 that permits other
inner protocols to be used.
• EAP-FAST: Extensible Authentication Protocol Flexible Authentication via Secure Tunneling.
Can use a pre-shared key instead of server-side certificate.
Configuring 802.1X support on a VSC
Each VSC can have unique settings for 802.1X authentication. These settings are defined on the
VSC profile page. (To open this page, see “Viewing and editing VSC profiles” (page 112)).
• When the Use controller for Authentication option is enabled under General, 802.1X
authentication tasks are handled by the controller. APs forward all authentication requests to
the controller which validates user login credentials using the local user accounts or a third-party
authentication server (RADIUS or Active Directory).
• When the Use controller for Authentication option is disabled under General, 802.1X
authentication tasks are handled directly by the AP. The AP uses the services of a third-party
RADIUS server (configured by defining a RADIUS profile on the Controller >> Authentication
> RADIUS profiles page) to validate user login credentials.
NOTE: When the Wireless protection option in a VSC is set to WPA with a Key source of Dynamic,
802.1X is automatically enabled.
336 User authentication, accounts, and addressing