Specifications
Network User Configuration Scenarios
17-64 Configuring AAA for Network Users
During802.1XauthorizationforclientsatEXAMPLE\,MSSmustsearchfortheMobilityProfile
namedroses‐profile.Ifitisnotfound,theauthorizationfailsandclientswithusernameslike
EXAMPLE\joseandEXAMPLE\tamaraarerejected.
Ifroses‐profileisconfiguredforEXAMPLE\usersonyourRoamAboutSwitch,MSSchecksitsport
list.If,forexample,thecurrentportforEXAMPLE\jose’sconnectionisonthelistofallowedports
specifiedinroses‐profile,theconnectionisallowedtoproceed.Iftheportisnotinthelist(for
example,EXAMPLE\joseisonport 12 ,whichisnotintheportlist),the a uthorization
failsand
clientEXAMPLE\joseisrejected.
TheMobilityProfilefeatureisdisabledbydefault.Youmust enable MobilityProfileattributeson
theRoamAboutSwitchtouseit.YoucanenableordisablethefeatureforthewholeRoamAbout
Switchonly.IftheMobilityProfilefeatureisdisabled,allMobilityProfileattributes
areignored.
ToputMobilityProfileattributesintoeffectonaRoamAboutSwitch,typethefollowing
command:
RBT-8100# set mobility-profile mode enable
success: change accepted.
TodisplaythenameofeachMobilityProfileanditsports,typethefollowingcommand:
RBT-8100# show mobility-profile
Mobility Profiles
Name Ports
=========================
roses-profile
AP 2
AP 3
AP 4
AP 7
AP 9
ToremoveaMobilityProfile,typethefollowing command:
clear mobility-profile name
Network User Configuration Scenarios
ThefollowingscenariosprovideexamplesofwaysinwhichyouuseAAAcommandstoconfigure
accessforusers:
•“GeneralUseofNetworkUserCommands”onpage 17‐65
•“EnablingRADIUSPass‐ThroughAuthentication”onpage 17‐66
•“EnablingPEAP‐MS‐CHAP‐V2Authentication”onpage 17‐67
•“EnablingPEAP‐MS‐CHAP‐V2
Offload”onpage 17‐67
•“CombiningEAPOffloadwithPass‐ThroughAuthentication”onpage 17‐68
•“OverridingAAA‐AssignedVLANs”onpage 17‐68