3com WXR100 3CRWXR10095A User Manual

C

HAPTER

 24: C

ONFIGURING

 SODA E

NDPOINT

 S

ECURITY

 

FOR

 

A

 WX S

WITCH

To enable SODA functionality for a service profile, use the following 
command:

set service-profile name soda mode {enable | disable}

When SODA functionality is enabled for a service profile, a SODA agent is 
downloaded to clients attempting to connect to a MAP managed by the 
service profile. The SODA agent performs a series of security-related 
checks on the client. By default, enforcement of SODA agent checks is 
enabled, so that a connecting client must pass the SODA agent checks in 
order to gain access to the network.

For example, the following command enables SODA functionality for 
service profile sp1:

WX1200# set service-profile sp1 soda mode enable
success: change accepted.

When SODA functionality is enabled for a service profile, by default the 
SODA agent checks are downloaded to a client and run before the client 
is allowed on the network. You can optionally disable the enforcement of 
the SODA security checks, so that the client is allowed access to the 
network immediately after the SODA agent is downloaded, rather than 
waiting for the security checks to be run.

To disable (or re-enable) the enforcement of the SODA security checks, 
use the following command:

set service-profile name enforce-checks {enable | disable}

For example, the following command disables the enforcement of the 
SODA security checks, allowing network access to clients after they have 
downloaded the SODA agent, but without requiring that the SODA 
agent checks be completed:

WX1200# set service-profile sp1 enforce-checks disable
success: change accepted.

Note that if you disable the enforcement of the SODA security checks, 
you cannot apply the success and failure URLs to client devices. In 
addition, you should not configure the SODA agent to refer to the 
success and failure pages on the WX switch if you have disabled 
enforcement of SODA agent checks.