3com WXR100 3CRWXR10095A User Manual
Configuring Authentication and Authorization by MAC Address
459
Changing the MAC
Authorization
Password for RADIUS
When you enable MAC authentication, the client does not supply a
regular username or password. The MAC address of the user’s device is
extracted from frames received from the device.
regular username or password. The MAC address of the user’s device is
extracted from frames received from the device.
To authenticate and authorize MAC users via RADIUS, MSS must supply a
password for MAC users, which is called the outbound authorization
password. By default, MSS sends the MAC user’s MAC address as that
user’s password too.
password for MAC users, which is called the outbound authorization
password. By default, MSS sends the MAC user’s MAC address as that
user’s password too.
To set the authorization password to a specific value for all MAC users,
use the following command:
use the following command:
set radius server server-name author-password password
Before setting the outbound authorization password for a RADIUS server,
you must have set the address for the RADIUS server. For more
information, see “Configuring RADIUS Servers” on page 521.
you must have set the address for the RADIUS server. For more
information, see “Configuring RADIUS Servers” on page 521.
For example, the following command sets the outbound authorization
password for MAC users on server bigbird to h00per:
password for MAC users on server bigbird to h00per:
WX1200# set radius server bigbird author-password h00per
success: change accepted.
success: change accepted.
If the MAC address is in the database, MSS uses the VLAN attribute and
other attributes associated with it for user authorization. Otherwise, MSS
tries the fallthru authentication type, which can be last-resort, Web, or
none.
other attributes associated with it for user authorization. Otherwise, MSS
tries the fallthru authentication type, which can be last-resort, Web, or
none.
A MAC address must be dash-delimited in the RADIUS database
—
for
example, 00-00-01-03-04-05. However, the MSS always displays
colon-delimited MAC addresses.
colon-delimited MAC addresses.
To reset the authorization password to the default (user’s MAC address),
clear the RADIUS server, then readd it without specifying the
authorization password. To clear a RADIUS server, use the clear radius
server server-name command.
clear the RADIUS server, then readd it without specifying the
authorization password. To clear a RADIUS server, use the clear radius
server server-name command.