Mac user range authentication, Set authentication mac-prefix – 3Com WXR100 3CRWXR10095A User Manual

36

N

EW

F

EATURES

S

UMMARY

set usergroup

group-name attr termination-action value

where

value

is 0 or 1. This attribute supports reauthentication of all

access types: dot1x, web-portal, MAC, and last-resort. When the value is
set to 0, the user session is terminated after the session expires. If the
value is set to 1, the user session is reauthenticated by sending a RADIUS
request message after the session expires.

MAC User Range
Authentication

Version 7.0 modifies the User MAC Address field in the existing

set

mac-user

and

set mac-user attr

commands to allow input such as

00:11:00:*

instead of just a single MAC address. Only one

*

(asterisk) is

allowed in the address format and it must be the last character.

During authentication of the MAC User client, the most specific entry
that matches the MAC-user glob is selected. Therefore, an entry for

00:11:30:21:ab:cd

overrides an entry for

00:11:30:21:*

, and an entry

for

00:11:30:21:*

overrides an entry for

00:11:30:*

.

To configure a MAC User Range with MSS, use these commands:

set mac-user 00:11:*

set mac-user 00:11:* attr attribute-name

value

set mac-user 00:11:* [group

group_name]

To configure this feature for authentication on a RADIUS server, use the
new command

set authentication mac-prefix

(see the next section).

set authentication

mac-prefix

Specifies the MAC address prefix for SSID authentication.

Syntax —

set authentication mac-prefix {

ssid [ssid | any]}

wired

mac-glob

„

mac-glob

— Represents the range of MAC addresses for this rule and

determines the prefix used for authentication. During authentication,
the MAC prefix is extracted from the MAC-glob and used as the
user-name in the Access-Request portion of the handshake.

Defaults — None.

Access — Enabled.

History — Introduced in MSS Version 7.0.