3com WX2200 3CRWX220095A ユーザーズマニュアル
468
C
HAPTER
21: C
ONFIGURING
AAA
FOR
N
ETWORK
U
SERS
WX1200# set service-profile mycorp-srvcprof auth-fallthru
web-portal
success: change accepted.
WX1200# set service-profile mycorp-srvcprof attr vlan-name
mycorp-vlan
success: change accepted.
WX1200# set service-profile mycorp-srvcprof rsn-ie enable
success: change accepted.
WX1200# set service-profile mycorp-srvcprof cipher-ccmp
enable
success: change accepted.
web-portal
success: change accepted.
WX1200# set service-profile mycorp-srvcprof attr vlan-name
mycorp-vlan
success: change accepted.
WX1200# set service-profile mycorp-srvcprof rsn-ie enable
success: change accepted.
WX1200# set service-profile mycorp-srvcprof cipher-ccmp
enable
success: change accepted.
3 Display the service profile to verify the changes:
WX1200# display service-profile mycorp-srvcprof
ssid-name: mycorp ssid-type: crypto
Beacon: yes Proxy ARP: no
DHCP restrict: no No broadcast: no
Short retry limit: 5 Long retry limit: 5
Auth fallthru: none Sygate On-Demand (SODA): no
Enforce SODA checks: yes SODA remediation ACL:
Custom success web-page: Custom failure web-page:
Custom logout web-page: Custom agent-directory:
Static COS: no COS: 0
CAC mode: none CAC sessions: 14
User idle timeout: 180 Idle client probing: yes
Keep initial vlan: no Web Portal Session Timeout: 5
Web Portal ACL: portalacl
WEP Key 1 value: <none> WEP Key 2 value: <none>
WEP Key 3 value: <none> WEP Key 4 value: <none>
WEP Unicast Index: 1 WEP Multicast Index: 1
Shared Key Auth: NO
RSN enabled:
ciphers: cipher-tkip, cipher-ccmp
authentication: 802.1X
TKIP countermeasures time: 60000ms
vlan-name = mycorp-vlan
ssid-name: mycorp ssid-type: crypto
Beacon: yes Proxy ARP: no
DHCP restrict: no No broadcast: no
Short retry limit: 5 Long retry limit: 5
Auth fallthru: none Sygate On-Demand (SODA): no
Enforce SODA checks: yes SODA remediation ACL:
Custom success web-page: Custom failure web-page:
Custom logout web-page: Custom agent-directory:
Static COS: no COS: 0
CAC mode: none CAC sessions: 14
User idle timeout: 180 Idle client probing: yes
Keep initial vlan: no Web Portal Session Timeout: 5
Web Portal ACL: portalacl
WEP Key 1 value: <none> WEP Key 2 value: <none>
WEP Key 3 value: <none> WEP Key 4 value: <none>
WEP Unicast Index: 1 WEP Multicast Index: 1
Shared Key Auth: NO
RSN enabled:
ciphers: cipher-tkip, cipher-ccmp
authentication: 802.1X
TKIP countermeasures time: 60000ms
vlan-name = mycorp-vlan
...
4 Configure individual WebAAA users.
WX1200# set user alice password alicepword
success: change accepted.
WX1200# set user bob password bobpword
success: change accepted.
success: change accepted.
WX1200# set user bob password bobpword
success: change accepted.
5 Configure a web authentication rule for WebAAA users. The following
rule uses a wildcard (**) to match on all user names.