Nortel 2350 用户指南
514 Configuring AAA for network users
NN47250-500 (320657-F Version 02.01)
To configure an SSID to allow last-resort access:
•
Set the SSID name, if not already set.
•
Set the fallthru access type of the SSID’s service profile to last-resort.
•
Set the vlan-name and other authorization attributes on the SSID’s service profile.
•
If the SSID type will be crypto (the default), configure encryption settings.
You do not need to configure an access rule for last-resort access. Last-resort access is automatically enabled
on all service profiles and wired authentication ports that have the fallthru authentication type set to
last-resort. (The set authentication last-resort and clear authentication last-resort commands are not
needed and are not supported in WSS Software Version 5.0 and later.)
on all service profiles and wired authentication ports that have the fallthru authentication type set to
last-resort. (The set authentication last-resort and clear authentication last-resort commands are not
needed and are not supported in WSS Software Version 5.0 and later.)
The authentication method for last-resort is always local. WSS Software does not use RADIUS for last-resort
authentication.
authentication.
The following commands configure last-resort access for SSID guest-wlan. The service profile is configured
to encrypt user traffic on the SSID using 40-bit dynamic WEP, WPA, or RSN, depending on the client’s
configuration.
to encrypt user traffic on the SSID using 40-bit dynamic WEP, WPA, or RSN, depending on the client’s
configuration.
WSS
# set service-profile last-resort-srvcprof ssid-name guest-wlan
success: change accepted.
WSS
# set service-profile last-resort-srvcprof auth-fallthru last-resort
success: change accepted.
WSS
# set service-profile last-resort-srvcprof attr vlan-name guest-vlan
success: change accepted.
WSS
# set service-profile last-resort-srvcprof rsn-ie enable
success: change accepted.
WSS
# set service-profile last-resort-srvcprof wpa-ie enable
success: change accepted.
WSS
# set service-profile last-resort-srvcprof cipher-ccmp enable
success: change accepted.
WSS
# set service-profile last-resort-srvcprof cipher-wep40 enable
success: change accepted.
WSS
# show service-profile last-resort-srvcprof
ssid-name: guest-wlan ssid-type: crypto
Beacon: yes Proxy ARP: no
DHCP restrict: no No broadcast: no
Short retry limit: 5 Long retry limit: 5
Auth fallthru: last-resort Sygate On-Demand (SODA): no
Enforce SODA checks: yes SODA remediation ACL:
Custom success web-page: Custom failure web-page:
Custom logout web-page: Custom agent-directory:
Static COS: no COS: 0
CAC mode: none CAC sessions: 14
User idle timeout: 180 Idle client probing: yes
Keep initial vlan: no Web Portal Session Timeout: 5
Web Portal ACL:
WEP Key 1 value: <none> WEP Key 2 value: <none>
WEP Key 3 value: <none> WEP Key 4 value: <none>
Beacon: yes Proxy ARP: no
DHCP restrict: no No broadcast: no
Short retry limit: 5 Long retry limit: 5
Auth fallthru: last-resort Sygate On-Demand (SODA): no
Enforce SODA checks: yes SODA remediation ACL:
Custom success web-page: Custom failure web-page:
Custom logout web-page: Custom agent-directory:
Static COS: no COS: 0
CAC mode: none CAC sessions: 14
User idle timeout: 180 Idle client probing: yes
Keep initial vlan: no Web Portal Session Timeout: 5
Web Portal ACL:
WEP Key 1 value: <none> WEP Key 2 value: <none>
WEP Key 3 value: <none> WEP Key 4 value: <none>