Nortel 2350 参考指南
224 Configuring Wireless Parameters
NN47250-102 (320666-G Version 02.01)
Access Rules
The service profile wizards automatically create network access rules to control access to the SSIDs config-
ured by the wizards. The access rules match on all usernames (or MAC addresses for voice service profiles).
ured by the wizards. The access rules match on all usernames (or MAC addresses for voice service profiles).
lists the access rules automatically created by the service profile wizards.
The ** and * values are wildcards. The ** wildcard matches on all usernames. To match on all MAC
addresses (MAC access rules only), use only a single *.
addresses (MAC access rules only), use only a single *.
You can restrict access by specifying part of the username or MAC address along with a wildcard *. In this
case, only the usernames or MAC addresses that match the partial username or address are allowed access.
case, only the usernames or MAC addresses that match the partial username or address are allowed access.
User wildcards and MAC Address wildcards
For a user wildcard, type a full or partial username to be matched during authentication (1 to 80 alphanumeric
characters, with no spaces or tabs). The format of a user wildcard depends on the client type and EAP method.
characters, with no spaces or tabs). The format of a user wildcard depends on the client type and EAP method.
•
For Windows domain clients using Protected EAP (PEAP), the user wildcard is in the format
Windows_domain_name\username. The Windows domain name is the NetBIOS domain name and must
be specified in capital letters. For example, EXAMPLE\sydney, or EXAMPLE\*.*, which specifies all
usernames whose usernames contain periods.
Windows_domain_name\username. The Windows domain name is the NetBIOS domain name and must
be specified in capital letters. For example, EXAMPLE\sydney, or EXAMPLE\*.*, which specifies all
usernames whose usernames contain periods.
•
For EAP with Transport Layer Security (EAP-TLS) clients, the format is username@domain_name. For
example, sydney@example.com specifies the user sydney in the domain name example.com. The
*@marketing.example.com wildcard specifies all users in the marketing department at example.com. The
user wildcard sydney@engineering.example.com specifies the user sydney in the engineering department
at example.com.
example, sydney@example.com specifies the user sydney in the domain name example.com. The
*@marketing.example.com wildcard specifies all users in the marketing department at example.com. The
user wildcard sydney@engineering.example.com specifies the user sydney in the engineering department
at example.com.
For a MAC address wildcard, type a full or partial username to be matched during authentication. MAC
addresses must be specified with colons as the delimiters (for example, 00:11:22:33:44:55). You can use
wildcards by specifying an asterisk (*) in MAC addresses. The following lists examples of using wildcards in
MAC addresses:
addresses must be specified with colons as the delimiters (for example, 00:11:22:33:44:55). You can use
wildcards by specifying an asterisk (*) in MAC addresses. The following lists examples of using wildcards in
MAC addresses:
•
* (all MAC addresses)
•
00:*
•
00:01:*
Table 2: Access Rules Automatically Created by Service Profile
Wizards
Service Profile Type
Access Rule Type
Default Access wildcard
802.1X
802.1X
**
Voice MAC
*
Web-Portal (Web-based AAA)
Web
**
Open (no user login required)
Last-resort
last-resort-ssid-name
Custom
One or more of the above,
depending on the type(s)
selected during configuration
of the service profile.
depending on the type(s)
selected during configuration
of the service profile.
None. No access rule is created
automatically. You must con-
figure the rules.
automatically. You must con-
figure the rules.