Adding and clearing MAC users and user groups locally
MAC users and groups can gain network access only through the WSS. They cannot create administrative connections
to the WSS. A MAC user is created in a similar fashion to other local users except for having a MAC address instead of
a username. MAC user groups are created in a similar fashion to other local user groups.
(To create a MAC user profile or MAC user group on a RADIUS server, see the documentation for your RADIUS
server.)
Adding MAC users and groups
To create a MAC user group in the local WSS database, you must associate it with an authorization attribute and value.
Use the following command:
set mac-usergroup group-name attr attribute-name value
For example, to create a MAC user group called mac-easters with a 3000-second Session-Timeout value, type the
following command:
WSS# set mac-usergroup mac-easters attr session-timeout 3000
success: change accepted.
To configure a MAC user in the local database and optionally add the user to a group, use the following command:
set mac-user mac-addr [group group-name]
For example, type the following command to add MAC user 01:0f:03:04:05:06 to group macfans:
WSS# set mac-user 01:0f:03:04:05:06 group macfans
success: change accepted.
Clearing MAC users and groups
To clear a MAC user from a user group, use the following command:
clear mac-user mac-addr group
For example, the following command removes MAC user 01:0f:03:04:05:06 from the group the user is in:
WSS# clear mac-user 01:0f:03:04:05:06 group
success: change accepted.
The clear mac-usergroup command removes the group.
To remove a MAC user profile from the local database on the WSS, type the following command:
clear mac-user mac-address
For example, the following command removes MAC user 01:0f:03:04:05:06 from the local database:
WSS# clear mac-user 01:0f:03:04:05:06
success: change accepted.
Nortel WLAN—Security Switch 2300 Series Configuration Guide
Configuring AAA for network users 491