Viewing and Configuring AAA Support for Third-Party AP Users 323

For the userglob, type a full or partial username to be matched during authentication (1 to 80 alphanumeric characters, with no spaces or tabs). The format of a user glob depends on the client type and EAP method.

„For Windows domain clients using Protected EAP (PEAP), the user glob is in the format Windows_domain_name\username. The Windows domain name is the NetBIOS domain name and must be specified in capital letters. For example, EXAMPLE\sydney, or EXAMPLE\*.*, which specifies all usernames whose usernames contain periods.

„For EAP with Transport Layer Security (EAP-TLS) clients, the format is username@domain_name. For example, sydney@example.com specifies the user sydney in the domain name example.com. The *@marketing.example.com glob specifies all users in the marketing department at example.com. The user glob sydney@engineering.example.com specifies the user sydney in the engineering department at example.com.

3Optionally, edit the name in the SSID box.

CAUTION: The default SSID name any matches on all SSID names. If the SSID box contains any and you do not change the SSID name, the rule allows clients who match the userglob to access any SSID.

4Select the authentication method(s) in the Available RADIUS Server Groups list and click Add.

An authentication method specifies where the switch will look for user information to authenticate users. You can select a RADIUS server group, LOCAL (the switch’s local user database), or both.

MSS tries the methods in the order they appear in the Current RADIUS Server Groups list. To reorder the methods, select a method and click Up or Down.

„If you specify a RADIUS server group as the first method and a user is denied access by the RADIUS server, no authentication and authorization are attempted with the other methods specified in the list.

„If you specify LOCAL as the first method and a user is not in the local user database on the WX, authentication and authorization are attempted with a RADIUS server group if one is defined in the method list.

The authentication methods you select are also used for authorization.

5Click Finish.

Page 323
Image 323
3Com WX4400 3CRWX440095A WX1200, 3CRWXR10095A manual Viewing and Configuring AAA Support for Third-Party AP Users