Specifications
802.1x Solution Cookbook 245
Chapter 11
user-role computer
session-acl allowall
!
user-role guest
session-acl guest
bandwidth-contract guest-1M
Authentication Parameters
The following configuration statements are related to user authentication.
RADIUS Configuration
The following statements configure the available RADIUS servers, including
the IP address of the RADIUS server and the key.
aaa radius-server IAS1 host 10.1.1.21 key |*a^t%183923!
aaa radius-server IAS2 host 10.1.1.25 key |*a^t%312213!
Role Derivation Rules
The following statements determine how the switch maps wireless users into
roles. The first statement instructs the switch to examine the “Class” RADIUS
attribute returned from the authentication server, and to take the literal value
of that attribute as the role name.
aaa derivation-rules server IAS
set role condition Class value-of
The second statement instructs the switch to place any clients associating
with the ESSID “Wireless LAN-01-printer” into the “printer” role. There is
currently no authentication for printers – only the static WEP key and firewall
policy protects the printer network from unauthorized users.
aaa derivation-rules user
set role condition essid equals "Wireless LAN-01-printer" set-
The third statement instructs the switch to place any clients associating with
the ESSID “Guest” into the “guest” role. Guests are not required to
authenticate, but are only permitted very limited network access and only
during daytime working hours.
aaa derivation-rules user
set role condition essid equals "Guest" set-value guest
For more information on the role derivation process, refer to:“Setting Access
Rights” on page 419.