Nortel 2360 Configuration Manual page 502

502 Configuring AAA for network users
success: change accepted.
WSS# set service-profile mycorp-srvcprof cipher-ccmp enable
success: change accepted.
3
Display the service profile to verify the changes:
WSS# show service-profile mycorp-srvcprof
ssid-name:
Beacon:
DHCP restrict:
Short retry limit:
Auth fallthru:
Enforce SODA checks:
Custom success web-page:
Custom logout web-page:
Static COS:
CAC mode:
User idle timeout:
Keep initial vlan:
Web Portal ACL:
WEP Key 1 value:
WEP Key 3 value:
WEP Unicast Index:
Shared Key Auth:
RSN enabled:
ciphers: cipher-tkip, cipher-ccmp
authentication:
TKIP countermeasures time: 60000ms
vlan-name = mycorp-vlan
4
Configure individual Web-based AAA users.
WSS# set user alice password alicepword
success: change accepted.
WSS# set user bob password bobpword
success: change accepted.
5
Configure a web authentication rule for Web-based AAA users. The following rule uses a
wildcard (**) to match on all user names.
The rule does not by itself allow access to all usernames. The ** value simply makes all
usernames eligible for authentication, in this case by searching the switch's local database for
the matching usernames and passwords. If a username does not match on the access rule's
userglob, the user is denied access without a search of the local database for the username and
password.
WSS# set authentication web ssid mycorp ** local
success: change accepted.
6
Display the configuration:
WSS# show config
# Configuration nvgen'd at 2006-6-13 13:27:07
# Image 5.0.0.0.62
NN47250-500 (320657-F Version 02.01)
mycorp ssid-type:
yes Proxy ARP:
no No broadcast:
5 Long retry limit:
none Sygate On-Demand (SODA):
yes SODA remediation ACL:
Custom failure web-page:
Custom agent-directory:
no COS:
none CAC sessions:
180 Idle client probing:
no
portalacl
<none> WEP Key 2 value:
<none> WEP Key 4 value:
1 WEP Multicast Index:
NO
802.1X
Web Portal Session Timeout:
crypto
no
no
5
no
0
14
yes
5
<none>
<none>
1