Nortel 2300 Series Reference page 202
Wlan security switch command line reference
Hide thumbs
Also See for 2300 Series:
- Configuration manual (658 pages) ,
- Solution manual (108 pages) ,
- Installation and configuration manual (66 pages)
Table of Contents
Advertisement
202 AAA Commands
wired
method1
method2
method3
method4
Defaults By default, authentication is unconfigured for all clients with network access through
AP ports or wired authentication ports on the WSS. Connection, authorization, and accounting are
also disabled for these users.
Access Enabled.
Usage You can configure different authentication methods for different groups of users by
"wildcarding." (For details, see
You can configure a rule either for wireless access to an SSID, or for wired access through a WSS's wired
authentication port. If the rule is for wireless access to an SSID, specify the SSID name or specify any to
match on all SSID names. If the rule is for wired access, specify wired instead of an SSID name.
If you specify multiple authentication methods in the set authentication web command, WSS Software
applies them in the order in which they appear in the command, with these results:
•
If the first method responds with pass or fail, the evaluation is final.
•
If the first method does not respond, WSS Software tries the second method, and so on.
•
However, if local appears first, followed by a RADIUS server group, WSS Software overrides any failed
searches in the local WSS database and sends an authentication request to the server group.
WSS Software uses a Web-based AAA rule only under the following conditions:
•
The client is not denied access by 802.1X or does not support 802.1X.
•
The client's MAC address does not match a MAC authentication rule.
•
The fallthru type is web-portal. (For a wireless authentication rule, the fallthru type is specified by the set
service-profile auth-fallthru command. For a wired authentication rule, the type is specified by the
auth-fall-thru option of the set port type wired-auth command.)
Examples The following command configures a Web-based AAA rule in the local WSS database
for SSID ourcorp and userwildcard rnd*:
WSS# set authentication web ssid ourcorp rnd* local
success: change accepted.
See Also
•
clear authentication web on page 171
NN47250-100 (Version 02.51)
Applies this authentication rule specifically to users connected to a wired
authentication port.
At least one and up to four methods that WSS Software uses to handle
authentication. Specify one or more of the following methods in priority order.
WSS Software applies multiple methods in the order you enter them.
A method can be one of the following:
• local—Uses the local database of usernames and user groups
on the WSS for authentication.
• server-group-name—Uses the defined group of RADIUS
servers for authentication. You can enter up to four names of
existing RADIUS server groups as methods.
RADIUS servers cannot be used with the EAP-TLS protocol.
For more information, see "Usage."
"User Wildcards" on page
12.)
Advertisement
Table of Contents
