Filter
Top Products
Configuring communication with RADIUS 647
Nortel WLAN—Security Switch 2300 Series Configuration Guide
During authentication of the MAC User client, the most specific entry that matches the MAC-user glob is selected.
Therefore, an entry for 00:11:30:21:ab:cd overrides an entry for 00:11:30:21:*, and an entry for 00:11:30:21:* overrides
an entry for 00:11:30:*.
Configuration
To configure a MAC User Range with MSS, follow these steps:
WSS# set mac-user 00:11:*
WSS# set mac-user 00:11:* attr value
WSS# set mac-user 00:11:* group groupname
To configure this for authentication on a RADIUS server, use the following command:
WSS# set authentication mac-prefix {ssid <name> | wired} mac-glob radius-server-group
The parameter mac-glob represents the range of MAC addresses and determines the prefix used for authentication.
During authentication, the MAC prefix is extracted from the MAC-glob and used as the user-name in the
Access-Request portion of the handshake.
MAC authentication request format
MAC Authentication request is an username and password format available in MSS for authentication through a
RADIUS server. It allows better interoperability with third-party vendors who may use different formats for MAC
address authentication.
Configuration
To configure a MAC address format, that is sent as a username to a RADIUS server for MAC authentication. To
configure the MAC address format with MSS, use the following command:
WSS# set radius server name mac-addr-format {hyphens | colons | one-hyphen | raw}
For example,
WSS# set radius server sp1 mac-addr-format
You can also configure all RADIUS servers to use a specific MAC address format with the following command:
WSS# set radius mac-addr-format {hyphens | colons | one-hyphen | raw}
hyphens 12-34-56-78-9a-bc
colons 12:34:56:78:9a:bc
one-hyphen 123456-789abc
raw 123456789abc