Table of Contents
Advertisement
set authentication last-resort ssid guestssid local
user Nin
Password = 082c6c64060b (encrypted)
Filter-Id = acl-999.in
user last-resort-guestssid
Vlan-Name = k2
mac-user 01:02:03:04:05:06
usergroup eastcoasters
session-timeout = 99
Avoiding AAA
Problems in
Configuration
Order
Using the Wildcard
"Any" as the SSID
Name in
Authentication Rules
For information about the fields in the output, see the
Switch and Controller Command
This section describes some common AAA configuration issues on the
WX switch and how to avoid them.
You can configure an authentication rule to match on all SSID strings by
using the SSID string any in the rule. For example, the following rule
matches on all SSID strings requested by all users:
set authentication web ssid any ** sg1
MSS checks authentication rules in the order they appear in the
configuration file. As a result, if a rule with SSID any appears in the
configuration before a rule that matches on a specific SSID for the same
authentication type and userglob, the rule with any always matches first.
To ensure the authentication behavior that you expect, place the most
specific rules first and place rules with SSID any last. For example, to
ensure that users who request SSID corpa are authenticated using
RADIUS server group corpasrvr, place the following rule in the
configuration before the rule with SSID any:
set authentication web ssid corpa ** corpasrvr
Avoiding AAA Problems in Configuration Order
Reference.
331
Wireless LAN
Advertisement
Table of Contents
