3com WX1200 3CRWX120695A Manuel D’Utilisation
510
C
HAPTER
21: C
ONFIGURING
AAA
FOR
N
ETWORK
U
SERS
The configuration order now shows that all 802.1X users are processed
as you intended:
as you intended:
WX1200# display aaa
...
set accounting dot1x ssid mycorp EXAMPLE/* start-stop group1
set authentication dot1x ssid mycorp EXAMPLE/* peap-mschapv2 group1
set accounting dot1x ssid mycorp * start-stop group1
set authentication dot1x ssid mycorp * peap-mschapv2 local
...
set accounting dot1x ssid mycorp EXAMPLE/* start-stop group1
set authentication dot1x ssid mycorp EXAMPLE/* peap-mschapv2 group1
set accounting dot1x ssid mycorp * start-stop group1
set authentication dot1x ssid mycorp * peap-mschapv2 local
Configuring a
Mobility Profile
Mobility Profile
A Mobility Profile is a way of specifying, on a per-user basis, those users
who are allowed access to specified MAP access ports and wired
authentication ports on a WX switch. In this way, you can constrain the
areas to which a user can roam. You first create a Mobility Profile, assign
it to one or more users, and finally enable the Mobility Profile feature on
the WX.
who are allowed access to specified MAP access ports and wired
authentication ports on a WX switch. In this way, you can constrain the
areas to which a user can roam. You first create a Mobility Profile, assign
it to one or more users, and finally enable the Mobility Profile feature on
the WX.
CAUTION: When Mobility Profile attributes are enabled, a user is denied
access if assigned a Mobility-Profile attribute in the local WX switch
database or RADIUS server and no Mobility Profile of that name exists on
the WX switch.
access if assigned a Mobility-Profile attribute in the local WX switch
database or RADIUS server and no Mobility Profile of that name exists on
the WX switch.
Use the following command to create a Mobility Profile by giving it a
name and identifying the accessible port or ports:
name and identifying the accessible port or ports:
set mobility-profile name
name
{port {none | all | port-list}} | {dap {none | all |
dap-num}}
dap-num}}
Specifying none prevents users assigned to the Mobility Profile from
accessing any MAP access ports, Distributed MAPs, or wired
authentication ports on the WX. Specifying all allows the users access to
all of the ports or Distributed MAPs.
accessing any MAP access ports, Distributed MAPs, or wired
authentication ports on the WX. Specifying all allows the users access to
all of the ports or Distributed MAPs.
Specifying an individual port or Distributed MAP number or a list limits
access to those ports or MAPs. For example, the following command
creates a Mobility Profile named roses-profile that allows access through
ports 2 through 4 and port 6:
access to those ports or MAPs. For example, the following command
creates a Mobility Profile named roses-profile that allows access through
ports 2 through 4 and port 6:
WX1200# set mobility-profile name roses-profile port 2-4,6
success: change accepted.
success: change accepted.