3Com WX2200 3CRWX220095A Switch User Manual


 
458 CHAPTER 21: CONFIGURING AAA FOR NETWORK USERS
If the switch’s configuration does not contain a set authentication mac
command that matches a non-802.1X client’s MAC address, MSS tries
MAC authentication by default.
You can also glob MAC addresses. For example, the following command
locally authenticates all MAC addresses that begin with the octets
01:01:02:
WX1200# set authentication mac ssid voice 01:01:02:* local
success: change accepted
(For details about MAC address globs, see “MAC Address Globs” on
page 31.)
You can add authorization attributes to authenticated MAC users with
the following command:
set mac-user mac-addr attr attribute-name value
For example, to add the MAC user 00:01:02:03:04:05 to VLAN red:
WX1200# set mac-user 00:01:02:03:04:05 attr vlan-name red
success: change accepted
To change the value of an authorization attribute, reenter the command
with the new value. To clear an authorization attribute from a MAC user
profile in the local database, use the following command:
clear mac-user mac-addr attr attribute-name
For example, the following command clears the VLAN assignment from
MAC user 01:0f:02:03:04:05:
WX1200# clear mac-user 01:0f:03:04:05:06 attr vlan-name
success: change accepted.
(For a complete list of authorization attributes, see Table 43 on
page 488.)