3com WXR100 3CRWXR10095A ユーザーズマニュアル

Defaults — By default, authentication is unconfigured for all clients with 
network access through MAP ports or wired authentication ports on the 
WX switch. Connection, authorization, and accounting are also disabled 
for these users. 

Access — Enabled.

History —Introduced in MSS Version 3.0.

Usage — You can configure different authentication methods for 
different groups of users by “globbing.” (For details, see “User Globs” on 
page 30.) 

You can configure a rule either for wireless access to an SSID, or for wired 
access through a WX wired authentication port. If the rule is for wireless 
access to an SSID, specify the SSID name or specify any to match on all 
SSID names. If the rule is for wired access, specify wired instead of an 
SSID name.

If you specify multiple authentication methods in the set authentication 
web command, MSS applies them in the order in which they appear in 
the command, with these results:

If the first method responds with pass or fail, the evaluation is final. 

If the first method does not respond, MSS tries the second method, and 
so on. 

However, if local appears first, followed by a RADIUS server group, MSS 
overrides any failed searches in the local WX database and sends an 
authentication request to the server group.

MSS uses a WebAAA rule only under the following conditions:

The client is not denied access by 802.1X or does not support 802.1X.

The client MAC address does not match a MAC authentication rule. 

The fallthru method is web. (For a wireless authentication rule, the 
fallthru method is specified by the set service-profile auth-fallthru 
command. For a wired authentication rule, the fallthru method is 
specified by the auth-fall-thru option of the set port type wired-auth 
command.)