Filter
Top Products
522 Configuring AAA for network users
NN47250-500 (320657-F Version 02.01)
Configuring access for any users of a non-tagged SSID
If SSID traffic from the third-party AP is untagged, use the same configuration commands as the ones required
for 802.1X users, except the set radius proxy port command. This command is not required and is not appli-
cable to untagged SSID traffic. In addition, when configuring the wired authentication port, use the
auth-fall-thru option to change the fallthru authentication type to last-resort or web-portal.
On the RADIUS server, configure username web-portal-wired or last-resort-wired, depending on the
fallthru authentication type specified for the wired authentication port.
Assigning authorization attributes
Authorization attributes can be assigned to users in the local database, on remote servers, or in the service
profile of the SSID the user logs into. The attributes, which include access control list (ACL) filters, VLAN
membership, encryption type, session time-out period, and other session characteristics, let you control how
and when users access the network. When a user or group is authenticated, the local database, RADIUS server,
or service profile passes the authorization attributes to WSS Software to characterize the user’s session.
If attributes are configured for a user and also for the group the user is in, the attributes assigned to the indi-
vidual user take precedence for that user. For example, if the start-date attribute configured for a user is sooner
than the start-date configured for the user group the user is in, the user’s network access can begin as soon as
the user start-date. The user does not need to wait for the user group’s start date.
The VLAN attribute is required. WSS Software can authorize a user to access the network only if the VLAN
to place the user on is specified.
Table 5 lists the authorization attributes supported by WSS Software. (For brief descriptions of all the
RADIUS attributes and Nortel vendor-specific attributes supported by WSS Software, as well as the vendor
ID and types for Nortel VSAs configured on a RADIUS server, see “Supported RADIUS attributes”
(page 697).)