3com CRWXR10095A User Manual
40
C
HAPTER
2: P
LANNING
AND
M
ANAGING
Y
OUR
W
IRELESS
N
ETWORK
WITH
3WXM
Authorization
Authorization is the method for providing users with specific rights to the
network by associating attribute-value (AV) pairs to the user. AAA
authorization works by assembling a set of attributes that describe what
the user is authorized to perform. These attributes are compared to the
information contained in a local database or on a RADIUS server for a
given user and the result is returned to the WX switch to determine the
user’s actual capabilities and restrictions.
network by associating attribute-value (AV) pairs to the user. AAA
authorization works by assembling a set of attributes that describe what
the user is authorized to perform. These attributes are compared to the
information contained in a local database or on a RADIUS server for a
given user and the result is returned to the WX switch to determine the
user’s actual capabilities and restrictions.
You can configure attributes, such as the time of day or specific VLAN
access. You can also control access using security access control lists
(ACLs), Mobility Profiles
access. You can also control access using security access control lists
(ACLs), Mobility Profiles
TM
, and Location Policies. Security ACLs permit or
deny traffic based on IP protocol, IP addresses and, optionally, TCP or
UDP port. They also can be used to set type-of-service (ToS) and
class-of-service (CoS) values in a packet. Mobility Profiles contain
attributes to allow or deny access to specific parts of the network for a
specific user or group of users. Location Policies are an ordered list of
location policy rules based on a user glob, VLAN, and/or ports. A Location
Policy can be configured if you need to override the configured AAA user
authorization attributes locally for a specific WX.
UDP port. They also can be used to set type-of-service (ToS) and
class-of-service (CoS) values in a packet. Mobility Profiles contain
attributes to allow or deny access to specific parts of the network for a
specific user or group of users. Location Policies are an ordered list of
location policy rules based on a user glob, VLAN, and/or ports. A Location
Policy can be configured if you need to override the configured AAA user
authorization attributes locally for a specific WX.
Accounting
Accounting collects and sends information used for billing, auditing, and
reporting—for example, user identities, connection start and stop times,
the number of packets received and sent, and the number of bytes
transferred. You can track sessions through accounting information
stored locally or on a remote RADIUS server. As network users roam
throughout the network, accounting records track them and their
network usage.
reporting—for example, user identities, connection start and stop times,
the number of packets received and sent, and the number of bytes
transferred. You can track sessions through accounting information
stored locally or on a remote RADIUS server. As network users roam
throughout the network, accounting records track them and their
network usage.
System and
Administration
Configuration
A Mobility Domain is a collection of WX switches that work together to
support roaming users. One of the WX switches is defined as a seed
device, which distributes information to the other WX switches defined in
the Mobility Domain.
support roaming users. One of the WX switches is defined as a seed
device, which distributes information to the other WX switches defined in
the Mobility Domain.
A Mobility Domain allows users to roam geographically from one WX
switch to another without losing network connectivity. Users connect as
a member of a VLAN through their authorized identities.
switch to another without losing network connectivity. Users connect as
a member of a VLAN through their authorized identities.