Configuring Access For Any Users Of A Non-Tagged Ssid; Assigning Authorization Attributes - Nortel 2360 Configuration Manual
Wlan-security switch 2300 series
Hide thumbs
Also See for 2360:
- Reference manual (480 pages) ,
- User manual (218 pages) ,
- Installation and basic configuration manual (172 pages)
Table of Contents
Advertisement
522 Configuring AAA for network users
Configuring access for any users of a non-tagged SSID
If SSID traffic from the third-party AP is untagged, use the same configuration commands as the ones required
for 802.1X users, except the set radius proxy port command. This command is not required and is not appli-
cable to untagged SSID traffic. In addition, when configuring the wired authentication port, use the
auth-fall-thru option to change the fallthru authentication type to last-resort or web-portal.
On the RADIUS server, configure username web-portal-wired or last-resort-wired, depending on the
fallthru authentication type specified for the wired authentication port.
Assigning authorization attributes
Authorization attributes can be assigned to users in the local database, on remote servers, or in the service
profile of the SSID the user logs into. The attributes, which include access control list (ACL) filters, VLAN
membership, encryption type, session time-out period, and other session characteristics, let you control how
and when users access the network. When a user or group is authenticated, the local database, RADIUS server,
or service profile passes the authorization attributes to WSS Software to characterize the user's session.
If attributes are configured for a user and also for the group the user is in, the attributes assigned to the indi-
vidual user take precedence for that user. For example, if the start-date attribute configured for a user is sooner
than the start-date configured for the user group the user is in, the user's network access can begin as soon as
the user start-date. The user does not need to wait for the user group's start date.
The VLAN attribute is required. WSS Software can authorize a user to access the network only if the VLAN
to place the user on is specified.
Table 5
lists the authorization attributes supported by WSS Software. (For brief descriptions of all the
RADIUS attributes and Nortel vendor-specific attributes supported by WSS Software, as well as the vendor
ID and types for Nortel VSAs configured on a RADIUS server, see
"Supported RADIUS attributes"
(page
697).)
NN47250-500 (320657-F Version 02.01)
- Quick Links:
- Using the Command-Line Interface
Hide quick links:
Advertisement
Table of Contents
