HP Manager Software manual Ssid Name Any, Last-Resort Processing

290CHAPTER 7: CONFIGURING AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING PARAMETERS

SSID Name “Any”

In authentication rules for wireless access, you can specify the name any for the SSID. This value is a wildcard that matches on any SSID string requested by the user.

For 802.1X and WebAAA rules that match on SSID any, MSS checks the RADIUS servers or local database for the username (and password, if applicable) entered by the user. If the user information matches, MSS grants access to the SSID requested by the user, regardless of which SSID name it is.

For MAC authentication rules that match on SSID any, MSS checks the RADIUS servers or local database for the MAC address (and password, if applicable) of the user’s device. If the address matches, MSS grants access to the SSID requested by the user, regardless of which SSID name it is.

However, in a last-resort authentication rule for wireless access, if the SSID name in the authentication rule is any, MSS checks the RADIUS servers or local database for username last-resort-any, exactly as spelled here. Access is granted only if this username is found. Otherwise, access is denied.

Last-Resort Processing

When a user without a username or password requests wireless access, MSS checks the configuration for a last-resort authentication rule that matches on the SSID. If the configuration contains the rule, MSS checks the local database or RADIUS servers for username last-resort-ssid, where ssid is the SSID requested by the user. If the last-resort user is configured on a RADIUS server, MSS also checks for the authorization password (3Com by default). The guest user is granted access only if the database contains last-resort-ssidfor the SSID requested by the user. Otherwise, access is denied.

This processing of the last-resort username is different from 802.1X, MAC, or WebAAA, where MSS checks for the exact username or MAC address (and password, if applicable) of the user. MSS does not append the SSID to the username (or MAC address) for 802.1X, Web, or MAC authentication.