Operation Manual

ManualsBrandsTrapeze smart mobile ManualsSoftwareMobility System Software 7.3

161

162

163

164

165

166

167

168

169

170

AAA Commands

Mobility System Software Command Reference Guide

Version 7.3

9 – 170

set authentication mac

Configures authentication and defines where it is performed for specified non-802.1X users with

network access through a media access control (MAC) address.

Syntax

set authentication mac {ssid ssid-name | wired} mac-address-glob method1 [method2]

[method3] [method4]

Defaults

By default, authentication is deactivated for all MAC users, which means MAC address

authentication fails by default. When using RADIUS for authentication, the default password for

MAC and last-resort users is trapeze.

Access

Enabled.

History

Usage

You can configure different authentication methods for different groups of MAC addresses

by “globbing.” (For details, see “User Globs, MAC Address Globs, and VLAN Globs” on

page 2–7.)

If you specify multiple authentication methods in the set authentication mac command, MSS

applies them in the order in which they appear in the command, with these results:

● If the first method responds with pass or fail, the evaluation is final.

● If the first method does not respond, MSS tries the second method, and so on.

● However, if local appears first, followed by a RADIUS server group, MSS ignores any failed

searches in the local MX database and sends an authentication request to the RADIUS server

group.

If the MX configuration contains a set authentication mac command that matches the SSID the

user is attempting to access and the user MAC address, MSS uses the method specified by the

command. Otherwise, MSS uses local MAC authentication by default.

ssid ssid-name SSID name to which this authentication rule applies. To apply

the rule to all SSIDs, type any.

wired Applies this authentication rule specifically to users connected

to a wired authentication port.

mac-addr-glob A single user or set of users with access via a MAC address.

Specify a MAC address, or use the wildcard (*) character to

specify a set of MAC addresses. (For details, see “MAC

Address Globs” on page 2–7.)

method1

method2

method3

method4

At least one of up to four methods that MSS uses to handle

authentication. Specify one or more of the following methods in

priority order. MSS applies multiple methods in the order you

enter them.

A method can be one of the following:

❑ local—Uses the local database of usernames and user

groups on the MX switch for authentication.

❑ server-group-name—Uses the defined group of RADIUS

servers for authentication. You can enter up to four names

of existing RADIUS server groups as methods.

❑ ldap_group_name —Uses the defined group of LDAP

servers for authentication. You can configure up to four

LDAP server groups.

For more information, see “Usage.”

Version 1.0 Command introduced

Version 3.0 ssid ssid-name and wired options added

Version 7.1 Added LDAP as an authentication option.