3com 3CRWXR10095A User Manual
288
C
HAPTER
8: C
ONFIGURING
A
UTHENTICATION
, A
UTHORIZATION
,
AND
A
CCOUNTING
P
ARAMETERS
You can create two types of users in the local database:
Named users — These users are authenticated by username and
password and are assigned to specific VLANs. Users include
administrators and network users. You can group these users by
creating user groups, in order to simplify configuration.
password and are assigned to specific VLANs. Users include
administrators and network users. You can group these users by
creating user groups, in order to simplify configuration.
MAC address users — These users are authenticated by a MAC
address. For example, devices such as PDAs or cellular phones that do
not support 802.1X authentication are identified when the WX switch
discovers the MAC addresses of these devices from received frames.
The MAC address is the username and is authenticated by the local
database. You can group these users by creating user groups. MAC
address users and user groups cannot be assigned administrative
access to the WX switch.
address. For example, devices such as PDAs or cellular phones that do
not support 802.1X authentication are identified when the WX switch
discovers the MAC addresses of these devices from received frames.
The MAC address is the username and is authenticated by the local
database. You can group these users by creating user groups. MAC
address users and user groups cannot be assigned administrative
access to the WX switch.
In addition to username and password, you can configure authorization
attributes for users. Authorization attributes specify the network
resources the user can access. The most commonly used attribute is
VLAN-Name, which specifies the VLAN to place the user in after they are
authorized.
attributes for users. Authorization attributes specify the network
resources the user can access. The most commonly used attribute is
VLAN-Name, which specifies the VLAN to place the user in after they are
authorized.
You can configure authorization attributes for individual users and for
user groups. When you configure attributes for a user group, the
attribute settings apply to all users in the group. However, if attributes are
also configured for an individual user in the group, the values for the
attributes configured for the individual user override the attribute values
configured for the group.
user groups. When you configure attributes for a user group, the
attribute settings apply to all users in the group. However, if attributes are
also configured for an individual user in the group, the values for the
attributes configured for the individual user override the attribute values
configured for the group.
You can configure groups for named users and groups for MAC users. A
group cannot contain both named users and MAC users.
group cannot contain both named users and MAC users.
Viewing Users and
Groups in the Local
Database
To view users and groups in the local database:
1 Select the Configuration tool bar option.
2 In the Organizer panel, click the plus sign next to the WX switch.
3 Click the plus sign next to AAA.
4 Select Local User Database.
The users and user groups configured in the local user database appear.