428Configuring AAA for Network Users

Changing the MAC Authorization Password for RADIUS

When you enable MAC authentication, the client does not supply a regular username or password. The MAC address of the user’s device is extracted from frames received from the device.

To authenticate and authorize MAC users through RADIUS, you must configure a single predefined password for MAC users, which is called the outbound authorization password. The same password is used for all MAC user entries in the RADIUS database. Set this password by typing the following command:

set radius server server-nameauthor-password password

The default password is nortel.

Note. Before setting the outbound authorization password for a RADIUS server, you must have set the address for the RADIUS server. For more information, see “Configuring RADIUS Servers” on page 479.

For example, the following command sets the outbound authorization password for MAC users on server bigbird to h00per:

23x0# set radius server bigbird author-password h00per

success: change accepted.

Note. A MAC address must be dash-delimited in the RADIUS databasefor example, 00-00-01-03-04-05. However, the WSS Software always displays colon-delimited MAC addresses.

If the MAC address is in the database, WSS Software uses the VLAN attribute and other attributes associated with it for user authorization. Otherwise, WSS Software tries the fallthru authentication type, which can be last-resort, Web, or none.

Configuring Web-based AAA

Web-based AAA simplifies secure access to unencrypted SSIDs. When a user requests access to an SSID or attempts to access a web page before logging onto the network, WSS Software serves a login page to the user’s browser. After the user enters a username and password, WSS Software checks the local database or RADIUS servers for the user informa- tion, and grants or denies access based on whether the user information is found.

WSS Software redirects an authenticated user back to the requested web page, or to a page specified by the administrator.

Web-based AAA, like other types of authentication, is based on an SSID or on a wired authentication port.

WSS Software provides a Nortel login page, which is used by default. You can add custom login pages to the WSS switch’s nonvolatile storage, and configure WSS Software to serve those pages instead.

Web-based AAA is the default fallthru authentication type for wireless access.

320657-A

Page 427 Page 429
Page 428
Image 428
Nortel Networks 2300 manual Configuring Web-based AAA, Changing the MAC Authorization Password for Radius
Page 427 Page 429
Top Page Image Contents