554 Configuring AAA for network users
General use of network user commands
The following example illustrates how to configure IEEE 802.1X network users for authentication, accounting, ACL
filtering, and Mobility Profile assignment:
1
Configure all 802.1X users of SSID mycorp at EXAMPLE to be authenticated by server group
shorebirds. Type the following command:
WSS#
2
Configure stop-only accounting for all mycorp users at EXAMPLE, for accounting records to be stored
locally. Type the following command:
WSS# set accounting dot1x ssid mycorp EXAMPLE\* stop-only local
success: change accepted.
3
Configure an ACL to filter the inbound packets for each user at EXAMPLE. Type the following
command for each user:
WSS# set user EXAMPLE\username attr filter-id acl-101.in
This command applies the access list named acl-101 to each user at EXAMPLE.
4
To display the ACL, type the following command:
WSS# show security acl info acl-101
set security acl ip acl-101 (hits #0 0)
----------------------------------------------------
1. permit IP source IP 192.168.1.1 0.0.0.255 destination IP any
enable-hits
(For more information about ACLs, see
5
Create a Mobility Profile called tulip by typing the following commands:
WSS# set mobility-profile name tulip port 2,5-9
success: change accepted.
WSS# set mobility-profile mode enable
success: change accepted.
WSS# show mobility-profile
Mobility Profiles
Name
=========================
tulip
6
To assign Mobility Profile tulip to all users at EXAMPLE, type the following command for each
EXAMPLE\ user:
WSS# set user EXAMPLE\username attr mobility-profile tulip
NN47250-500 (320657-F Version 02.01)
set authentication dot1x ssid mycorp EXAMPLE\* pass-through shorebirds
Ports
AP 2
AP 6
AP 7
AP 8
AP 9
"Configuring and managing security ACLs" (page
407).)