Specifications

Configuring AAA for Users of Third-Party APs

17-40 Configuring AAA for Network Users

Examples

ThefollowingcommandconfiguresRoamAboutSwitchports3and4aswiredauthentication

ports,andassignstagvalue104totheports:

set port type wired-auth 3-4 tag 104

success: change accepted.

Youcanspecifymultipletagvalues.SpecifythetagvalueforeachSSIDyouplantosupport.

ThefollowingcommandconfiguresaMACauthenticationrulethatmatchesonthethird‐party

AP’sMACaddress.BecausetheAPisconnectedtotheRoamAboutSwitchonawired

authenticationport,thewiredoption

isused.

set authentication mac wired aa:bb:cc:01:01:01 srvrgrp1

success: change accepted.

ThefollowingcommandmapsSSIDmycorptopacketsreceivedonport3or4,using802.1Qtag

value104:

set radius proxy port 3-4 tag 104 ssid mycorp

success: change accepted.

EnteraseparatecommandforeachSSID,anditstagvalue,youwanttheRoamAboutSwitchto

support.

ThefollowingcommandconfiguresaRADIUSproxyentryforathird‐partyAPRADIUSclientat

10.20.20.9,sendingRADIUStraffictothedefaultUDP ports1812and1813ontheRoamAbout

Switch:

set radius proxy client address 10.20.20.9 key radkey1

success: change accepted.

TheIPaddressistheAP’sIPaddress.ThekeyisthesharedsecretconfiguredontheRADIUS

servers.MSSusesthesharedsecrettoauthenticateandencryptRADIUScommunication.

Thefollowingcommandconfiguresaproxyauthenticationrulethatmatches onallusernames

associatedwithSSIDmycorp.MSSusesRADIUS

servergroupsrvrgrp1toproxyRADIUSrequests

andhencetoauthenticateandauthorizetheusers.

set authentication proxy ssid mycorp ** srvrgrp1

Toverifythechanges,usetheshowconfigareaaaacommand.

Note: MSS also uses the server group you specify with this command for accounting.