Nortel Networks 2300 Switch User Manual

Open as PDF

of 758

Configuring AAA for network users 493

Nortel WLAN—Security Switch 2300 Series Configuration Guide

Changing the MAC authorization password for RADIUS

When you enable MAC authentication, the client does not supply a regular username or password. The MAC

address of the user’s device is extracted from frames received from the device.

To authenticate and authorize MAC users via RADIUS, you must configure a single predefined password for

MAC users, which is called the outbound authorization password. The same password is used for all MAC

user entries in the RADIUS database. Set this password by typing the following command:

set radius server server-name author-password password

The default password is nortel.

For example, the following command sets the outbound authorization password for MAC users on server

bigbird to h00per:

WSS# set radius server bigbird author-password h00per

success: change accepted.

If the MAC address is in the database, WSS Software uses the VLAN attribute and other attributes associated

with it for user authorization. Otherwise, WSS Software tries the fallthru authentication type, which can be

last-resort, Web, or none.

Configuring Web portal Web-based AAA

Web-based AAA provides a simple and universal way to authenticate any user or device using a web browser.

A common application of Web-based AAA is to control access for guests on your network. When a user

requests access to an SSID or attempts to access a web page before logging onto the network, WSS Software

serves a login page to the user’s browser. After the user enters a username and password, WSS Software

checks the local database or RADIUS servers for the user information, and grants or denies access based on

whether the user information is found.

WSS Software redirects an authenticated user back to the requested web page, or to a page specified by the

administrator.

Web-based AAA, like other types of authentication, is based on an SSID or on a wired authentication port.

Note. Before setting the outbound authorization password for a RADIUS server, you

must have set the address for the RADIUS server. For more information, see “Configuring

RADIUS servers” (page 563).

Note. A MAC address must be dash-delimited in the RADIUS database—for example,

00-00-01-03-04-05. However, the WSS Software always displays colon-delimited MAC

addresses.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Nortel Networks 2300 Switch User Manual