Operation Manual

ManualsBrandsTrapeze smart mobile ManualsSoftwareMobility System Software 7.3

171

172

173

174

175

176

177

178

179

180

AAA Commands

Mobility System Software Command Reference Guide

Version 7.3

9 – 174

Examples

The following command configures a proxy authentication rule that matches on all

usernames associated with SSID mycorp. MSS uses RADIUS server group srvrgrp1 to proxy

RADIUS requests and hence to authenticate and authorize the users.

MX# set authentication proxy ssid mycorp ** srvrgrp1

See Also

● clear authentication proxy on page 9-152

● set radius proxy client on page 17-432

● set radius proxy port on page 17-433

set authentication web

Configures an authentication rule that allows a user to log into the network using a web page

served by the MX. The rule can be activated if the user is not otherwise granted or denied access

by 802.1X, or granted access by MAC authentication.

Syntax

set authentication web {ssid ssid-name | wired} user-glob

method1 [method2] [method3] [method4]

Defaults

By default, authentication is unconfigured for all clients with network access through

MP ports or wired authentication ports on the MX switch. Connection, authorization, and

accounting are also disabled for these users.

Access

Enabled.

History

Introduced in MSS 3.0. Added LDAP in MSS 7.1.

Usage

You can configure different authentication methods for different groups of users by

“globbing.” (For details, see “User Globs” on page 2–7.)

You can configure a rule either for wireless access to an SSID, or for wired access through an MX

wired authentication port. If the rule is for wireless access to an SSID, specify the SSID name or

specify any to match on all SSID names. If the rule is for wired access, specify wired instead of

an SSID name.

user-glob A single user or a set of users.

Specify a username, use the double-asterisk wildcard character (**)

to specify all usernames, or use the single-asterisk wildcard character

(*) to specify a set of usernames up to or following the first delimiter

character—either an at sign (@) or a period (.). (For details, see “User

Globs” on page 2–7.)

ssid

ssid-name

SSID name to which this authentication rule applies. To apply the

rule to all SSIDs, type any.

wired Applies this authentication rule specifically to users connected to a

wired authentication port.

method1

method2

method3

method4

At least one and up to four methods that MSS uses to handle

authentication. Specify one or more of the following methods in

priority order. MSS applies multiple methods in the order you enter

them.

A method can be one of the following:

❑ local—Uses the local database of usernames and user groups on

the MX switch for authentication.

❑ server-group-name—Uses the defined group of RADIUS servers

for authentication. You can enter up to four names of existing

RADIUS server groups as methods.

RADIUS servers cannot be used with the EAP-TLS protocol.

❑ ldap_group_name —Uses the defined group of LDAP servers for

authentication. You can configure up to four LDAP server groups.

For more information, see “Usage.”