3Com WX2200 3CRWX220095A Switch User Manual


 
550 CHAPTER 24: CONFIGURING SODA ENDPOINT SECURITY FOR A WX SWITCH
Enabling SODA
Functionality for the
Service Profile
To enable SODA functionality for a service profile, use the following
command:
set service-profile name soda mode {enable | disable}
When SODA functionality is enabled for a service profile, a SODA agent is
downloaded to clients attempting to connect to a MAP managed by the
service profile. The SODA agent performs a series of security-related
checks on the client. By default, enforcement of SODA agent checks is
enabled, so that a connecting client must pass the SODA agent checks in
order to gain access to the network.
For example, the following command enables SODA functionality for
service profile sp1:
WX1200# set service-profile sp1 soda mode enable
success: change accepted.
Disabling
Enforcement of SODA
Agent Checks
When SODA functionality is enabled for a service profile, by default the
SODA agent checks are downloaded to a client and run before the client
is allowed on the network. You can optionally disable the enforcement of
the SODA security checks, so that the client is allowed access to the
network immediately after the SODA agent is downloaded, rather than
waiting for the security checks to be run.
To disable (or re-enable) the enforcement of the SODA security checks,
use the following command:
set service-profile name enforce-checks {enable | disable}
For example, the following command disables the enforcement of the
SODA security checks, allowing network access to clients after they have
downloaded the SODA agent, but without requiring that the SODA
agent checks be completed:
WX1200# set service-profile sp1 enforce-checks disable
success: change accepted.
Note that if you disable the enforcement of the SODA security checks,
you cannot apply the success and failure URLs to client devices. In
addition, you should not configure the SODA agent to refer to the
success and failure pages on the WX switch if you have disabled
enforcement of SODA agent checks.