3Com 3CRWXR10095A Switch User Manual


  Open as PDF
of 516
 
Viewing and Configuring 802.1X Network Access Rules 307
2 Specify whether the rule is for wireless access to an SSID or access
through a wired authentication port:
If the rule is for access to an SSID, do one of the following:
To match on any SSID name, leave the value any in the SSID box.
To match only on a specific SSID name, select or type the name in
the SSID box.
If the rule is for access through a wired authentication port, select
Wired.
CAUTION: The default SSID name any matches on all SSID names. If the
SSID box contains any and you do not change the SSID name, the
authentication rule allows clients who match the userglob to access any
SSID.
3 Type the userglob that is allowed to use 802.1X to access the SSID or
wired authentication port.
A user glob is a string containing wildcards that matches on one or more
user names. Type a full or partial username to be matched during
authentication (1 to 80 alphanumeric characters, with no spaces or tabs).
The format of a user glob depends on the client type and EAP method.
For Windows domain clients using Protected EAP (PEAP), the user glob is
in the format Windows_domain_name\username. The Windows domain
name is the NetBIOS domain name and must be specified in capital
letters. For example, EXAMPLE\sydney, or EXAMPLE\*.*, which specifies
all usernames whose usernames contain periods.
For EAP with Transport Layer Security (EAP-TLS) clients, the format is
username@domain_name. For example, sydney@example.com specifies
the user sydney in the domain name example.com. The
*@marketing.example.com glob specifies all users in the marketing
department at example.com. The user glob
sydney@engineering.example.com specifies the user sydney in the
engineering department at example.com.
4 Click Next.
5 Select the EAP type from the EAP Type drop-down list:
EAP-MD5—Extensible Authentication Protocol (EAP) with
message-digest algorithm 5. Select this protocol for wired
authentication clients.
Uses challenge-response to compare hashes.
Provides no encryption or integrity checking for the connection.
 previous next