Table of Contents
Advertisement
Chapter 5: Authentication Using Internal Database
Acceptable MAC address delimiters are colons (00:03:4a:3b:4F:02) or hyphens
(00-03-4a-3b-4F-02).
The % wildcard character is supported in place of any alphanumeric field in the
MAC Address. The '%' character will match any character. You need exactly one '%'
for each character you are matching. This allows admins to configure a MAC
address range. For example, to put Polycom phones starting with the OUI of
00:90:7a into a determined role, use the MAC address '00:90:7a:%%:%%:%%'.
You cannot place a Wildcard MAC address into permanent quarantine, but you can
place the Wildcard MAC range into a limited/no access role.
Select a role from the Role drop-down list to assign to the user who logs in using the
2.
wireless device.
See "Defining User Roles to Enforce Network Usage Policies" on page 8-2 to define
a new role available for selection in the drop-down list.
Alternatively, you can select the Create... option to open a window that enables you
to define a new role. After you save the role information, you are returned to the
New Local User page where you can select the role from the drop-down list.
IDS
Define how the BSC Intrusion Detection System (IDS) described in "Intrusion Detection
3.
System" on page 10-5 treats this MAC device by marking one of the following radio
buttons:
•
•
Device
1.
Optional. Configure MAC device expiration settings.
Maintenance
a)
b)
Notes (Optional). Enter a meaningful description for the MAC address-authenticated
wireless device in the Notes field.
Click Save to store the information to the BSC database or Save and create another to
continue to define MAC address-authenticated devices.
5-6
Normal device - This MAC device is subject to defined IDS rules.
Permanently put this MAC in quarantine - All traffic sent from this MAC address is
blocked. You should select this option if you suspect the device is used in a
denial-of-service attack or is otherwise disrupting normal network traffic.
Select one of the following options from the Expire device drop-down menu:
Never – The user account never expires. This is the default setting.
On the specific date and disable – The MAC device expires on the specified
date and is disabled. If the device is logged in at the specified expiration time, it
remains so. An administrator may re-enable the MAC device after expiration.
On the specific date and disable and logout – The MAC device expires on the
specified date and is disabled. If the device is logged in at the specified
expiration time, it is logged out. An administrator may re-enable the MAC device
after expiration.
On the specific date and delete – The MAC device expires on the specified date
and is deleted from the BSC database. If the device is logged in at the specified
expiration time, it remains so.
On the specific date and delete and logout – The MAC device expires on the
specified date and is deleted from the BSC database. If the device is logged in at
the specified expiration time, it is logged out.
Specify when the device is to expire. Possible settings are: Date shown below, 1
Hour, 12 Hours, 1 Day, 1 Week, 1 Month, and
1 Year.
If you specify Date shown below, then set the Year, Month, Day, Minute and Hour
at which the MAC device is to expire.
Advertisement
Table of Contents
