Contents 23

Clearing a Security ACL from a User or Group . . . . . . . . . . . . . . . . . . . . . . . 453 Assigning Encryption Types to Wireless Users . . . . . . . . . . . . . . . . . . . . . . . 454 Overriding or Adding Attributes Locally with a Location Policy . . . . . . . . . . . . . . 455 About the Location Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456 How the Location Policy Differs from a Security ACL . . . . . . . . . . . . . . . . . . 457 Setting the Location Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 458 Clearing Location Policy Rules and Disabling the Location Policy . . . . . . . . 460 Configuring Accounting for Wireless Network Users . . . . . . . . . . . . . . . . . . . . . . 460 Viewing Local Accounting Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462 Viewing Roaming Accounting Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463 Displaying the AAA Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464 Avoiding AAA Problems in Configuration Order . . . . . . . . . . . . . . . . . . . . . . . . . 465 Using the Wildcard “Any” as the SSID Name in Authentication Rules . . . . . 465 Using Authentication and Accounting Rules Together . . . . . . . . . . . . . . . . . 467 Configuring a Mobility Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 468 Network User Configuration Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469 General Use of Network User Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 470 Enabling RADIUS Pass-Through Authentication . . . . . . . . . . . . . . . . . . . . . 472 Enabling PEAP-MS-CHAP-V2 Authentication . . . . . . . . . . . . . . . . . . . . . . . 473 Enabling PEAP-MS-CHAP-V2 Offload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474 Combining 802.1X Acceleration with Pass-Through Authentication . . . . . . . 475 Overriding AAA-Assigned VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476

Configuring Communication with RADIUS 477

RADIUS Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477

Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479

Configuring RADIUS Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479

Configuring Global RADIUS Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480

Setting the System IP Address as the Source Address . . . . . . . . . . . . . . . . 481

Configuring Individual RADIUS Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482

Deleting RADIUS Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483

Configuring RADIUS Server Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483

Creating Server Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484

Deleting a Server Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487

RADIUS and Server Group Configuration Scenario . . . . . . . . . . . . . . . . . . . . . . 487

Nortel WLAN Security Switch 2300 Series Configuration Guide

Page 23
Image 23
Nortel Networks 2300 manual Configuring Communication with Radius