3com WX4400 3CRWX440095A Manuel D’Utilisation
About AAA for Network Users
437
SSID Name “Any”
In authentication rules for wireless access, you can specify the name any
for the SSID. This value is a wildcard that matches on any SSID string
requested by the user.
for the SSID. This value is a wildcard that matches on any SSID string
requested by the user.
For 802.1X and WebAAA rules that match on SSID any, MSS checks the
RADIUS servers or local database for the username (and password, if
applicable) entered by the user. If the user information matches, MSS
grants access to the SSID requested by the user, regardless of which SSID
name it is.
RADIUS servers or local database for the username (and password, if
applicable) entered by the user. If the user information matches, MSS
grants access to the SSID requested by the user, regardless of which SSID
name it is.
For MAC authentication rules that match on SSID any, MSS checks the
RADIUS servers or local database for the MAC address (and password, if
applicable) of the user device. If the address matches, MSS grants access
to the SSID requested by the user, regardless of which SSID name it is.
RADIUS servers or local database for the MAC address (and password, if
applicable) of the user device. If the address matches, MSS grants access
to the SSID requested by the user, regardless of which SSID name it is.
Last-Resort Processing
One of the fallthru authentication types you can set on a service profile or
wired authentication port is last-resort.
wired authentication port is last-resort.
If no 802.1X or MAC access rules are configured for a service profile’s
SSID, and the SSID’s fallthru type is last-resort, MSS allows users onto
the SSID or port without prompting for a username or password. The
default authorization attributes set on the SSID are applied to the user.
For example, if the vlan-name attribute on the service profile is set to
guest-vlan, last-resort users are placed in guest-vlan.
SSID, and the SSID’s fallthru type is last-resort, MSS allows users onto
the SSID or port without prompting for a username or password. The
default authorization attributes set on the SSID are applied to the user.
For example, if the vlan-name attribute on the service profile is set to
guest-vlan, last-resort users are placed in guest-vlan.
If no 802.1X or MAC access rules are configured for
wired, and the wired
authentication port’s fallthru type is last-resort, MSS allows users onto
the port without prompting for a username or password. The
authorization attributes set on user last-resort-wired are applied to the user.
the port without prompting for a username or password. The
authorization attributes set on user last-resort-wired are applied to the user.
User Credential Requirements
The user credentials that MSS checks for on RADIUS servers or in the local
database differ depending on the type of authentication rule that
matches on the SSID or wired access requested by the user.
database differ depending on the type of authentication rule that
matches on the SSID or wired access requested by the user.
For a user to be successfully authenticated by an 802.1X or WebAAA
rule, the username and password entered by the user must be
configured on the RADIUS servers used by the authentication rule or
in the WX local database, if the local database is used by the rule.
rule, the username and password entered by the user must be
configured on the RADIUS servers used by the authentication rule or
in the WX local database, if the local database is used by the rule.