514 Configuring AAA for network users
To configure an SSID to allow last-resort access:
•
Set the SSID name, if not already set.
•
Set the fallthru access type of the SSID's service profile to last-resort.
•
Set the vlan-name and other authorization attributes on the SSID's service profile.
•
If the SSID type will be crypto (the default), configure encryption settings.
You do not need to configure an access rule for last-resort access. Last-resort access is automatically enabled
on all service profiles and wired authentication ports that have the fallthru authentication type set to
last-resort. (The set authentication last-resort and clear authentication last-resort commands are not
needed and are not supported in WSS Software Version 5.0 and later.)
The authentication method for last-resort is always local. WSS Software does not use RADIUS for last-resort
authentication.
The following commands configure last-resort access for SSID guest-wlan. The service profile is configured
to encrypt user traffic on the SSID using 40-bit dynamic WEP, WPA, or RSN, depending on the client's
configuration.
WSS# set service-profile last-resort-srvcprof ssid-name guest-wlan
success: change accepted.
WSS# set service-profile last-resort-srvcprof auth-fallthru last-resort
success: change accepted.
WSS# set service-profile last-resort-srvcprof attr vlan-name guest-vlan
success: change accepted.
WSS# set service-profile last-resort-srvcprof rsn-ie enable
success: change accepted.
WSS# set service-profile last-resort-srvcprof wpa-ie enable
success: change accepted.
WSS# set service-profile last-resort-srvcprof cipher-ccmp enable
success: change accepted.
WSS# set service-profile last-resort-srvcprof cipher-wep40 enable
success: change accepted.
WSS# show service-profile last-resort-srvcprof
ssid-name:
guest-wlan ssid-type:
Beacon:
DHCP restrict:
Short retry limit:
Auth fallthru:
last-resort Sygate On-Demand (SODA):
Enforce SODA checks:
Custom success web-page:
Custom logout web-page:
Static COS:
CAC mode:
User idle timeout:
Keep initial vlan:
Web Portal ACL:
WEP Key 1 value:
WEP Key 3 value:
NN47250-500 (320657-F Version 02.01)
yes Proxy ARP:
no No broadcast:
5 Long retry limit:
yes SODA remediation ACL:
Custom failure web-page:
Custom agent-directory:
no COS:
none CAC sessions:
180 Idle client probing:
no Web Portal Session Timeout:
<none> WEP Key 2 value:
<none> WEP Key 4 value:
crypto
no
no
5
no
0
14
yes
5
<none>
<none>