Specifications

RoamAbout Mobility System Software Configuration Guide 17-1

Configuring AAA for Network Users

About AAA for Network Users

Networkusersincludethefol lowing typesofusers:

•Wirelessusers—UserswhoaccessthenetworkbyassociatingwithanSSIDonan Enterasys

radio.

•Wiredauthenticationusers—UserswhoaccessthenetworkoveranEthernetconnectiontoa

RoamAboutswitchportthatisconfiguredasawiredauthentication(wired‐auth)port.

Youcan

configureauthenticationrulesforeachtypeofuser,onanindividualSSIDorwired

authenticationportbasis.MSSauthenticatesusersbasedonuserinformationonRADIUSservers

orintheRoamAboutswitch’slocaldatabase.TheRADIUSserversorlocaldatabaseauthorize

successfullyauthenticatedusersforspecificnetworkaccess,includingVLANmembership.



Optionally,youalsocanconfigureaccountingrulestotracknetworkaccessinformation.

ThefollowingsectionsdescribetheMSSauthentication,authorization,andaccounting(AAA)

featuresinmoredetail.

For information about... Refer to page...

About AAA for Network Users 17-1

AAA Tools for Network Users 17-8

Configuring 802.1X Authentication 17-13

Configuring Authentication and Authorization by MAC Address 17-19

Configuring Web Web Portal WebAAA 17-22

Configuring Last-Resort Access 17-36

Assigning Authorization Attributes 17-42

Overriding or Adding Attributes Locally with a Location Policy 17-52

Configuring Accounting for Wireless Network Users 17-55

Displaying the AAA Configuration 17-60

Avoiding AAA Problems in Configuration Order 17-61

Configuring a Mobility Profile 17-63

Network User Configuration Scenarios 17-64