3com 3CRWX120695A WXR100 User Manual
Viewing and Configuring AAA Support for Third-Party AP Users
323
For the userglob, type a full or partial username to be matched during
authentication (1 to 80 alphanumeric characters, with no spaces or tabs).
The format of a user glob depends on the client type and EAP method.
authentication (1 to 80 alphanumeric characters, with no spaces or tabs).
The format of a user glob depends on the client type and EAP method.
For Windows domain clients using Protected EAP (PEAP), the user glob
is in the format Windows_domain_name\username. The Windows
domain name is the NetBIOS domain name and must be specified in
capital letters. For example, EXAMPLE\sydney, or EXAMPLE\*.*, which
specifies all usernames whose usernames contain periods.
is in the format Windows_domain_name\username. The Windows
domain name is the NetBIOS domain name and must be specified in
capital letters. For example, EXAMPLE\sydney, or EXAMPLE\*.*, which
specifies all usernames whose usernames contain periods.
For EAP with Transport Layer Security (EAP-TLS) clients, the format is
username@domain_name. For example, sydney@example.com
specifies the user sydney in the domain name example.com. The
*@marketing.example.com glob specifies all users in the marketing
department at example.com. The user glob
sydney@engineering.example.com specifies the user sydney in the
engineering department at example.com.
username@domain_name. For example, sydney@example.com
specifies the user sydney in the domain name example.com. The
*@marketing.example.com glob specifies all users in the marketing
department at example.com. The user glob
sydney@engineering.example.com specifies the user sydney in the
engineering department at example.com.
3 Optionally, edit the name in the SSID box.
CAUTION: The default SSID name any matches on all SSID names. If the
SSID box contains any and you do not change the SSID name, the rule
allows clients who match the userglob to access any SSID.
SSID box contains any and you do not change the SSID name, the rule
allows clients who match the userglob to access any SSID.
4 Select the authentication method(s) in the Available RADIUS Server
Groups list and click Add.
An authentication method specifies where the switch will look for user
information to authenticate users. You can select a RADIUS server group,
LOCAL (the switch’s local user database), or both.
information to authenticate users. You can select a RADIUS server group,
LOCAL (the switch’s local user database), or both.
MSS tries the methods in the order they appear in the Current RADIUS
Server Groups list. To reorder the methods, select a method and click Up
or Down.
Server Groups list. To reorder the methods, select a method and click Up
or Down.
If you specify a RADIUS server group as the first method and a user is
denied access by the RADIUS server, no authentication and
authorization are attempted with the other methods specified in the
list.
denied access by the RADIUS server, no authentication and
authorization are attempted with the other methods specified in the
list.
If you specify LOCAL as the first method and a user is not in the local
user database on the WX, authentication and authorization are
attempted with a RADIUS server group if one is defined in the method
list.
user database on the WX, authentication and authorization are
attempted with a RADIUS server group if one is defined in the method
list.
The authentication methods you select are also used for authorization.
5 Click Finish.