318 CHAPTER 7: CONFIGURING AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING PARAMETERS
MAC Address Globs
A MAC address glob is a similar method for applying some AAA
commands to either a single 6-byte MAC address or a set of MAC
addresses. In a MAC address glob, you can use the asterisk (*) as follows
to match from 0 bytes to 5 bytes of the MAC address:
* (all MAC addresses)
00:*
00:01:*
00:01:02:*
00:01:02:03:*
00:01:02:03:04:*
For example, the MAC address glob 00:06:8c* represents all MAC
addresses starting with 00:06:8c. Specifying only the first three bytes of a
MAC address allows you to apply commands to MAC address based on
an organizationally unique identity (OUI).
VLAN Globs
A VLAN glob is a method for matching one of a set of local rules on a WX
switch, known as the location policy, to one or more users. MSS
compares the VLAN glob, which can optionally contain wildcard
characters, against the VLAN-Name attribute returned by AAA to
determine whether to apply the rule.
To match all VLANs, use the double-asterisk (**) wildcard characters with
no delimiters. To match any number of characters up to, but not
including, a delimiter character in the glob, use the single-asterisk (*)
wildcard. Valid VLAN glob delimiter characters are the at (@) sign and the
period (.).
For example, the VLAN glob bldg4.* matches bldg4.security and bldg4.hr
and all other VLAN names with bldg4. at the beginning.
Creating
Administrator and
Console Access Rules
You can set up administrator and console access rules, and the
authentication and accounting methods for administrator access.
To set up administrator or console access rule properties
1 Access the WX Switch wizard for the WX switch. (See “Accessing the
Modify Switch Wizard” on page 185.)
2 Select AAA at the top of the wizard, if not already selected.
To Next Page
Loading...
