Filter
Top Products
Configuring AAA for network users 519
Nortel WLAN—Security Switch 2300 Series Configuration Guide
Configuring authentication for 802.1X users of a third-party AP with
tagged SSIDs
To configure WSS Software to authenticate 802.1X users of a third-party AP, use the commands below to do the
following:
• Configure the port connected to the AP as a wired authentication port. Use the following command:
set port type wired-auth port-list [tag tag-list] [max-sessions num]
[auth-fall-thru {last-resort | none | web-portal}]
• Configure a MAC authentication rule for the AP. Use the following command:
set authentication mac wired mac-addr-wildcard method1
• Configure the WSS port connected to the AP as a RADIUS proxy for the SSID supported by the AP. If SSID traffic
from the AP is tagged, assign the same tag value to the WSS port. Use the following command:
set radius proxy port port-list [tag tag-value] ssid ssid-name
• Add a RADIUS proxy entry for the AP. The proxy entry specifies the IP address of the AP and the UDP ports on
which the WSS listens for RADIUS access-requests and stop-accounting records from the AP. Use the following
command:
set radius proxy client address ip-address [port udp-port-number] [acct-port
acct-udp-port-number] key string
• Configure a proxy authentication rule for the AP’s users. Use the following command:
set authentication proxy ssid ssid-name user-wildcard radius-server-group
For the port-list of the set port type wired-auth and set radius proxy port commands, specify the WSS port(s)
connected to the third-party AP.
For the ip-address of the set radius proxy client address command, specify the IP address of the RADIUS client (the
third-party AP). For the udp-port-number, specify the UDP port on which the WSS will listen for RADIUS
access-requests. The default is UDP port 1812. For the acct-udp-port-number, specify the UDP port on which the WSS
will listen for RADIUS stop-accounting records. The default is UDP port 1813.
The following command configures WSS ports 3 and 4 as wired authentication ports, and assigns tag value 104 to the
ports:
WSS# set port type wired-auth 3-4 tag 104
success: change accepted.
You can specify multiple tag values. Specify the tag value for each SSID you plan to support.
The following command configures a MAC authentication rule that matches on the third-party AP’s MAC address.
Because the AP is connected to the WSS on a wired authentication port, the wired option is used.
WSS# set authentication mac wired aa:bb:cc:01:01:01 srvrgrp1
success: change accepted.
The following command maps SSID mycorp to packets received on port 3 or 4, using 802.1Q tag value 104:
WSS# set radius proxy port 3-4 tag 104 ssid mycorp
success: change accepted.
Enter a separate command for each SSID, and its tag value, you want the WSS to support.