Manualshelf

CLI Reference Guide

ManualsBrandsHP ManualsSoftwareHP Wireless Switch Manager Software
281282283284285286287288289290
290 CHAPTER 7: CONFIGURING AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING PARAMETERS
SSID Name “Any”
In authentication rules for wireless access, you can specify the name any
for the SSID. This value is a wildcard that matches on any SSID string
requested by the user.
For 802.1X and WebAAA rules that match on SSID any, MSS checks the
RADIUS servers or local database for the username (and password, if
applicable) entered by the user. If the user information matches, MSS
grants access to the SSID requested by the user, regardless of which SSID
name it is.
For MAC authentication rules that match on SSID any, MSS checks the
RADIUS servers or local database for the MAC address (and password, if
applicable) of the user’s device. If the address matches, MSS grants access
to the SSID requested by the user, regardless of which SSID name it is.
However, in a last-resort authentication rule for wireless access, if the
SSID name in the authentication rule is any, MSS checks the RADIUS
servers or local database for username last-resort-any, exactly as spelled
here. Access is granted only if this username is found. Otherwise, access
is denied.
Last-Resort Processing
When a user without a username or password requests wireless access,
MSS checks the configuration for a last-resort authentication rule that
matches on the SSID. If the configuration contains the rule, MSS checks
the local database or RADIUS servers for username last-resort-ssid,
where ssid is the SSID requested by the user. If the last-resort user is
configured on a RADIUS server, MSS also checks for the authorization
password (3Com by default).
The guest user is granted access only if the
database contains last-resort-ssid for the SSID requested by the user.
Otherwise, access is denied.
This processing of the last-resort username is different from 802.1X,
MAC, or WebAAA, where MSS checks for the exact username or MAC
address (and password, if applicable) of the user. MSS does not append
the SSID to the username (or MAC address) for 802.1X, Web, or MAC
authentication.