See also, Clear authentication last-resort on page 207, Display aaa on page 219 – 3Com Wireless LAN WX1200 User Manual
Page 238: Set authentication admin on page 229, Set authentication console on page 231, Set authentication dot1x on page 233, Set authentication mac on page 239, Set authentication web on page 242
238
C
HAPTER
8: AAA C
OMMANDS
However, if local appears first, followed by a RADIUS server group, MSS
overrides any failed searches in the local WX database and sends an
authentication request to the server group.
MSS uses a last-resort authentication rule under the following conditions:
The client is not denied access by 802.1X or does not support 802.1X.
The client’s MAC address does not match a MAC authentication rule.
The fallthru method is last-resort. (For a wireless authentication rule,
the fallthru method is specified by the set service-profile
auth-fallthru command. For a wired authentication rule, the fallthru
method is specified by the auth-fall-thru option of the set port type
wired-auth command.)
For wireless access, MSS appends the requested SSID name to the user
name last-resort. For example, if the requested SSID is mycorp, MSS
attempts to authenticate the user last-resort-mycorp. If the RADIUS server
or local database used as the authentication method has the user
last-resort-mycorp, access is granted. Otherwise, access is denied.
If the SSID specified in the last-resort authentication rule is any, MSS
searches for user last-resort-any. The any in the username is not a
wildcard. The username must be last-resort-any, exactly as spelled here.
Examples — The following command configures a last-resort
authentication rule in the local WX database for SSID mycorp:
WX4400# set authentication last-resort ssid mycorp local
success: change accepted.
See Also
clear authentication last-resort on page 207
set authentication admin on page 229
set authentication console on page 231
set authentication dot1x on page 233
set authentication mac on page 239