202AAA Commands

wired

method1

method2

method3

method4

Applies this authentication rule specifically to users connected to a wired authentication port.

At least one and up to four methods that WSS Software uses to handle authentication. Specify one or more of the following methods in priority order. WSS Software applies multiple methods in the order you enter them.

A method can be one of the following:

local—Uses the local database of usernames and user groups on the WSS for authentication.

server-group-name—Uses the defined group of RADIUS servers for authentication. You can enter up to four names of existing RADIUS server groups as methods.

RADIUS servers cannot be used with the EAP-TLS protocol.

For more information, see “Usage.”

Defaults By default, authentication is unconfigured for all clients with network access through AP ports or wired authentication ports on the WSS. Connection, authorization, and accounting are also disabled for these users.

Access Enabled.

Usage You can configure different authentication methods for different groups of users by “wildcarding.” (For details, see “User Wildcards” on page 12.)

You can configure a rule either for wireless access to an SSID, or for wired access through a WSS’s wired authentication port. If the rule is for wireless access to an SSID, specify the SSID name or specify any to match on all SSID names. If the rule is for wired access, specify wired instead of an SSID name.

If you specify multiple authentication methods in the set authentication web command, WSS Software applies them in the order in which they appear in the command, with these results:

If the first method responds with pass or fail, the evaluation is final.

If the first method does not respond, WSS Software tries the second method, and so on.

However, if local appears first, followed by a RADIUS server group, WSS Software overrides any failed searches in the local WSS database and sends an authentication request to the server group.

WSS Software uses a Web-based AAA rule only under the following conditions:

The client is not denied access by 802.1X or does not support 802.1X.

The client’s MAC address does not match a MAC authentication rule.

The fallthru type is web-portal. (For a wireless authentication rule, the fallthru type is specified by the set service-profileauth-fallthrucommand. For a wired authentication rule, the type is specified by the auth-fall-thruoption of the set port type wired-authcommand.)

Examples The following command configures a Web-based AAA rule in the local WSS database for SSID ourcorp and userwildcard rnd*:

WSS# set authentication web ssid ourcorp rnd* local

success: change accepted.

See Also

clear authentication web on page 171

NN47250-100 (Version 02.51)

Page 202
Image 202
Nortel Networks 2300 Series manual WSS# set authentication web ssid ourcorp rnd* local, Wired