Table of Contents
Advertisement
302
C
13: C
HAPTER
ONFIGURING
Configuring
WebAAA
AAA
N
U
FOR
ETWORK
SERS
For example, the following command sets the outbound authorization
password for MAC users on server bigbird to h00per:
WX1200# set radius server bigbird author-password h00per
success: change accepted.
If the MAC address is in the database, MSS uses the VLAN attribute and
other attributes associated with it for user authorization. Otherwise, MSS
tries the fallthru authentication type, which can be last-resort, Web, or
none.
A MAC address must be dash-delimited in the RADIUS database — for
example, 00-00-01-03-04-05. However, the MSS always displays
colon-delimited MAC addresses.
To reset the authorization password to the default (user's MAC address),
clear the RADIUS server, then readd it without specifying the
authorization password. To clear a RADIUS server, use the clear radius
server server-name command.
WebAAA simplifies secure access to unencrypted SSIDs. When a user
requests access to an SSID or attempts to access a web page before
logging onto the network, MSS serves a login page to the user's browser.
After the user enters a username and password, MSS checks the local
database or RADIUS servers for the user information, and grants or denies
access based on whether the user information is found.
MSS redirects an authenticated user back to the requested web page, or
to a page specified by the administrator.
WebAAA, like other types of authentication, is based on an SSID or on a
wired authentication port.
MSS provides a 3Com login page, which is used by default. You can add
custom login pages to the WX switch's nonvolatile storage, and
configure MSS to serve those pages instead.
WebAAA is the default fallthru authentication type for wireless access.
Advertisement
Table of Contents
