428 Configuring AAA for Network Users320657-AChanging the MAC Authorization Password for RADIUSWhen you enable MAC authentication, the client does not supply a regular username or password. The MAC address ofthe user’s device is extracted from frames received from the device.To authenticate and authorize MAC users through RADIUS, you must configure a single predefined password for MACusers, which is called the outbound authorization password. The same password is used for all MAC user entries in theRADIUS database. Set this password by typing the following command:set radius server server-name author-password passwordThe default password is nortel.For example, the following command sets the outbound authorization password for MAC users on server bigbird toh00per:23x0# set radius server bigbird author-password h00persuccess: change accepted.If the MAC address is in the database, WSS Software uses the VLAN attribute and other attributes associated with it foruser authorization. Otherwise, WSS Software tries the fallthru authentication type, which can be last-resort, Web, ornone.Configuring Web-based AAAWeb-based AAA simplifies secure access to unencrypted SSIDs. When a user requests access to an SSID or attempts toaccess a web page before logging onto the network, WSS Software serves a login page to the user’s browser. After theuser enters a username and password, WSS Software checks the local database or RADIUS servers for the user informa-tion, and grants or denies access based on whether the user information is found.WSS Software redirects an authenticated user back to the requested web page, or to a page specified by theadministrator.Web-based AAA, like other types of authentication, is based on an SSID or on a wired authentication port.WSS Software provides a Nortel login page, which is used by default. You can add custom login pages to the WSSswitch’s nonvolatile storage, and configure WSS Software to serve those pages instead.Web-based AAA is the default fallthru authentication type for wireless access.Note. Before setting the outbound authorization password for a RADIUS server, youmust have set the address for the RADIUS server. For more information, see “ConfiguringRADIUS Servers” on page 479.Note. A MAC address must be dash-delimited in the RADIUS database—for example,00-00-01-03-04-05. However, the WSS Software always displays colon-delimited MACaddresses.