Table of Contents
Advertisement
334
C
13: C
HAPTER
ONFIGURING
WX1200# set user EXAMPLE\* attr mobility-profile roses-profile
success: change accepted.
AAA
N
U
FOR
ETWORK
SERS
CAUTION: When Mobility Profile attributes are enabled, a user is denied
access if assigned a Mobility-Profile attribute in the local WX switch
database or RADIUS server and no Mobility Profile of that name exists on
the WX switch.
Use the following command to create a Mobility Profile by giving it a
name and identifying the accessible port or ports:
set mobility-profile name
{port {none | all | port-list}} | {dap {none | all |
dap-num}}
Specifying none prevents users assigned to the Mobility Profile from
accessing any MAP access ports, Distributed MAPs, or wired
authentication ports on the WX. Specifying all allows the users access to
all of the ports or Distributed MAPs.
Specifying an individual port or Distributed MAP number or a list limits
access to those ports or MAPs. For example, the following command
creates a Mobility Profile named roses-profile that allows access through
ports 2 through 4 and port 6:
WX1200# set mobility-profile name roses-profile port 2-4,6
success: change accepted.
You can then assign this Mobility Profile to one or more users. For
example, to assign the Mobility Profile roses-profile to all users at
EXAMPLE\, type the following command:
(For a list of the commands for assigning attributes, see "Assigning
Attributes to Users and Groups" on page 318.)
During 802.1X authorization for clients at EXAMPLE\, MSS must search
for the Mobility Profile named roses-profile. If it is not found, the
authorization fails and clients with usernames like EXAMPLE\jose and
EXAMPLE\tamara are rejected.
If roses-profile is configured for EXAMPLE\ users on your WX, MSS checks
its port list. If, for example, the current port for EXAMPLE\jose's
connection is on the list of allowed ports specified in roses-profile, the
connection is allowed to proceed. If the port is not in the list (for
name
Advertisement
Table of Contents
