294CHAPTER 7: CONFIGURING AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING PARAMETERS

„Last Resort Network Access — If the client name matches the userglob, the WX switch allows the user onto the SSID. If the client name does not match the userglob, the WX switch tries WebAAA.

„Web Network Access — If the client name matches the userglob, the WX switch serves a web page to the client so the client can log in. If the username and password entered by the client match a username and password in the WX switch’s local database or on a RADIUS server, the WX switch allows the client onto the SSID.

If none of these methods results in the client being successfully authenticated, the client is denied access to the SSID.

3Type the userglob or MAC address glob that is allowed to access the SSID.

„For a user glob — Type a full or partial username to be matched during authentication (1 to 80 alphanumeric characters, with no spaces or tabs). The format of a user glob depends on the client type and EAP method.

For Windows domain clients using Protected EAP (PEAP), the user glob is in the format Windows_domain_name\username. The Windows domain name is the NetBIOS domain name and must be specified in capital letters. For example, EXAMPLE\sydney, or EXAMPLE\*.*, which specifies all usernames whose usernames contain periods.

For EAP with Transport Layer Security (EAP-TLS) clients, the format is username@domain_name. For example, sydney@example.com specifies the user sydney in the domain name example.com. The *@marketing.example.com glob specifies all users in the marketing department at example.com. The user glob sydney@engineering.example.com specifies the user sydney in the engineering department at example.com.

„For a MAC address glob — In the User Glob box, type a full or partial username to be matched during authentication.

Page 294
Image 294
HP Manager Software manual