Configuring and Managing Access Rules for Network Users 291

User Credential Requirements

The user credentials that MSS checks for on RADIUS servers or in the local database differ depending on the type of authentication rule that matches on the SSID or wired access requested by the user.

„For a user to be successfully authenticated by an 802.1X or WebAAA rule, the username and password entered by the user must be configured on the RADIUS servers used by the authentication rule or in the WX switch’s local database, if the local database is used by the rule.

„For a user to be successfully authenticated based on the MAC address of the user’s device, the MAC address must be configured on the RADIUS servers used by the authentication rule or in the WX switch’s local database, if the local database is used by the rule. If the MAC address is configured in the local database, no password is required. However, since RADIUS requires a password, if the MAC address is on the RADIUS server, MSS checks for a password. By default, MSS uses a MAC user’s MAC address as the password too.

„For a user to be successfully authenticated for last-resort access, the RADIUS servers or local database (whichever method is used by the last-resort authentication rule), must contain a user named last-resort-wired(for wired authentication access) or last-resort-ssid, where ssid is the SSID requested by the user. If the matching last-resort user is configured in the local database, no password is required. However, since RADIUS requires a password, if the matching last-resort user is on the RADIUS server, MSS checks for the authorization password (3Com by default.)

If the last-resort authentication rule matches on SSID any, which is a wildcard that matches on any SSID string, the RADIUS servers or local database must have user last-resort-any, exactly as spelled here.

Authorization If the user is authenticated, MSS then checks the RADIUS server or local database (the same place MSS looked for user information to authenticate the user) for the authorization attributes assigned to the user. Authorization attributes specify the network resources the user can access.

Page 291
Image 291
HP Manager Software manual User Credential Requirements