Filter
Top Products
486 CHAPTER 21: CONFIGURING AAA FOR NETWORK USERS
The following command configures a MAC authentication rule that
matches on the third-party AP’s MAC address. Because the AP is
connected to the WX switch on a wired authentication port, the wired
option is used.
WX4400# set authentication mac wired aa:bb:cc:01:01:01
srvrgrp1
success: change accepted.
The following command maps SSID mycorp to packets received on port 3
or 4, using 802.1Q tag value 104:
WX4400# set radius proxy port 3-4 tag 104 ssid mycorp
success: change accepted.
Enter a separate command for each SSID, and its tag value, you want the
WX to support.
The following command configures a RADIUS proxy entry for a
third-party AP RADIUS client at 10.20.20.9, sending RADIUS traffic to the
default UDP ports 1812 and 1813 on the WX:
WX2200# set radius proxy client address 10.20.20.9 key
radkey1
success: change accepted.
The IP address is the AP’s IP address. The key is the shared secret
configured on the RADIUS servers. MSS uses the shared secret to
authenticate and encrypt RADIUS communication.
The following command configures a proxy authentication rule that
matches on all usernames associated with SSID mycorp. MSS uses
RADIUS server group srvrgrp1 to proxy RADIUS requests and hence to
authenticate and authorize the users.
WX4400# set authentication proxy ssid mycorp ** srvrgrp1
MSS also uses the server group you specify with this command for
accounting.
To verify the changes, use the display config area aaa command.