254 CHAPTER 8: AAA COMMANDS
See Also
clear authentication proxy on page 218
set radius proxy client on page 585
set radius proxy port on page 586
set authentication
web
Configures an authentication rule to allow a user to log in to the network
using a web page served by the WX. The rule can be activated if the user
is not otherwise granted or denied access by 802.1X, or granted access
by MAC authentication.
Syntax —
set authentication web {ssid ssid-name | wired}
user-glob method1 [method2] [method3] [method4]
user-glob — A single user or a set of users.
Specify a username, use the double-asterisk wildcard character (**) to
specify all usernames, or use the single-asterisk wildcard character (*)
to specify a set of usernames up to or following the first delimiter
character—either an at sign (@) or a period (.). (For details, see “User
Globs” on page 30.)
ssid ssid-name — SSID name to which this authentication rule
applies. To apply the rule to all SSIDs, type any.
wired — Applies this authentication rule specifically to users
connected to a wired authentication port.
method1, method2, method3, method4 — At least one and up to four
methods that MSS uses to handle authentication. Specify one or more
of the following methods in priority order. MSS applies multiple
methods in the order you enter them.
A method can be one of the following:
local — Uses the local database of usernames and user groups on
the WX switch for authentication.
server-group-name — Uses the defined group of RADIUS servers
for authentication. You can enter up to four names of existing
RADIUS server groups as methods.
RADIUS servers cannot be used with the EAP-TLS protocol.
For more information, see “Usage.”