3com WX2200 3CRWX220095A Manual Do Utilizador
480
C
HAPTER
21: C
ONFIGURING
AAA
FOR
N
ETWORK
U
SERS
You do not need to configure an access rule for last-resort access.
Last-resort access is automatically enabled on all service profiles and
wired authentication ports that have the fallthru authentication type set
to last-resort. (The set authentication last-resort and clear
authentication last-resort commands are not needed and are not
supported in MSS Version 5.0 and later.)
Last-resort access is automatically enabled on all service profiles and
wired authentication ports that have the fallthru authentication type set
to last-resort. (The set authentication last-resort and clear
authentication last-resort commands are not needed and are not
supported in MSS Version 5.0 and later.)
The authentication method for last-resort is always local. MSS does not
use RADIUS for last-resort authentication.
use RADIUS for last-resort authentication.
The following commands configure last-resort access for SSID
guest-wlan. The service profile is configured to encrypt user traffic on the
SSID using 40-bit dynamic WEP, WPA, or RSN, depending on the client’s
configuration.
guest-wlan. The service profile is configured to encrypt user traffic on the
SSID using 40-bit dynamic WEP, WPA, or RSN, depending on the client’s
configuration.
WX1200# set service-profile last-resort-srvcprof ssid-name guest-wlan
success: change accepted.
WX1200# set service-profile last-resort-srvcprof auth-fallthru last-resort
success: change accepted.
WX1200# set service-profile last-resort-srvcprof attr vlan-name guest-vlan
success: change accepted.
WX1200# set service-profile last-resort-srvcprof rsn-ie enable
success: change accepted.
WX1200# set service-profile last-resort-srvcprof wpa-ie enable
success: change accepted.
WX1200# set service-profile last-resort-srvcprof cipher-ccmp enable
success: change accepted.
WX1200# set service-profile last-resort-srvcprof cipher-wep40 enable
success: change accepted.
WX1200# display service-profile last-resort-srvcprof
ssid-name: guest-wlan ssid-type: crypto
Beacon: yes Proxy ARP: no
DHCP restrict: no No broadcast: no
Short retry limit: 5 Long retry limit: 5
Auth fallthru: last-resort Sygate On-Demand (SODA): no
Enforce SODA checks: yes SODA remediation ACL:
Custom success web-page: Custom failure web-page:
Custom logout web-page: Custom agent-directory:
Static COS: no COS: 0
CAC mode: none CAC sessions: 14
User idle timeout: 180 Idle client probing: yes
Keep initial vlan: no Web Portal Session Timeout: 5
Web Portal ACL:
WEP Key 1 value: <none> WEP Key 2 value: <none>
WEP Key 3 value: <none> WEP Key 4 value: <none>
success: change accepted.
WX1200# set service-profile last-resort-srvcprof auth-fallthru last-resort
success: change accepted.
WX1200# set service-profile last-resort-srvcprof attr vlan-name guest-vlan
success: change accepted.
WX1200# set service-profile last-resort-srvcprof rsn-ie enable
success: change accepted.
WX1200# set service-profile last-resort-srvcprof wpa-ie enable
success: change accepted.
WX1200# set service-profile last-resort-srvcprof cipher-ccmp enable
success: change accepted.
WX1200# set service-profile last-resort-srvcprof cipher-wep40 enable
success: change accepted.
WX1200# display service-profile last-resort-srvcprof
ssid-name: guest-wlan ssid-type: crypto
Beacon: yes Proxy ARP: no
DHCP restrict: no No broadcast: no
Short retry limit: 5 Long retry limit: 5
Auth fallthru: last-resort Sygate On-Demand (SODA): no
Enforce SODA checks: yes SODA remediation ACL:
Custom success web-page: Custom failure web-page:
Custom logout web-page: Custom agent-directory:
Static COS: no COS: 0
CAC mode: none CAC sessions: 14
User idle timeout: 180 Idle client probing: yes
Keep initial vlan: no Web Portal Session Timeout: 5
Web Portal ACL:
WEP Key 1 value: <none> WEP Key 2 value: <none>
WEP Key 3 value: <none> WEP Key 4 value: <none>