Nortel Networks 5500 series User Manual

158

Configuring groups and profiles

Table 24
Configuring groups (cont’d.)

/cfg/doamin #/aaa/group #

followed by:

srs <SRS rule name>

Specifies the preconfigured Nortel Health Agent
SRS rule to apply to the group.

For information about configuring the SRS rules
using the SREM, see Nortel Secure Network
Access Switch 4050 User Guide for the SREM
(NN47230-101), . You cannot configure SRS rules
in the CLI.

mactrust

<bypass | none>

Sets the authentication and integrity checking
requirements.

Select

bypass

to apply MAC authentication.

If the client passes MAC authentication, then
portal authentication and Nortel Health Agent
integrity checking are bypassed; the client is given
access to the network. Since Nortel Health Agent
does not run, the system automatically applies
Filter_only enforcement (see

enftype

below).

If a user belongs to several groups, bypass occurs
only when all groups are configured for bypass.
If bypass authentication fails, the system invokes
portal authentication and Nortel Health Agent
integrity checking.

The bypass option requires that the MAC address
of the end point is registered in the local (Nortel
SNAS) MAC database. For information about
managing a local MAC database, see

“Managing

the local MAC database” (page 206)

.

Select

none

to provide portal authentication and

integrity checking only.

Nortel Secure Network Access Switch

Using the Command Line Interface

NN47230-100

03.01

Standard

28 July 2008

Copyright © 2007, 2008 Nortel Networks

.