3Com WX4400 3CRWX440095A User Manual

458

C

HAPTER

21: C

ONFIGURING

AAA

FOR

N

ETWORK

U

SERS

If the switch’s configuration does not contain a set authentication mac
command that matches a non-802.1X client’s MAC address, MSS tries
MAC authentication by default.

You can also glob MAC addresses. For example, the following command
locally authenticates all MAC addresses that begin with the octets
01:01:02:

WX1200# set authentication mac ssid voice 01:01:02:* local
success: change accepted

(For details about MAC address globs, see “MAC Address Globs” on
page 31.)

You can add authorization attributes to authenticated MAC users with
the following command:

set mac-user mac-addr attr attribute-name value

For example, to add the MAC user 00:01:02:03:04:05 to VLAN red:

WX1200# set mac-user 00:01:02:03:04:05 attr vlan-name red
success: change accepted

To change the value of an authorization attribute, reenter the command
with the new value. To clear an authorization attribute from a MAC user
profile in the local database, use the following command:

clear mac-user mac-addr attr attribute-name

For example, the following command clears the VLAN assignment from
MAC user 01:0f:02:03:04:05:

WX1200# clear mac-user 01:0f:03:04:05:06 attr vlan-name
success: change accepted.

(For a complete list of authorization attributes, see Table 43 on
page 488.)