224 Configuring Wireless ParametersNN47250-102 (320666-G Version 02.01)Access RulesThe service profile wizards automatically create network access rules to control access to the SSIDs config-ured by the wizards. The access rules match on all usernames (or MAC addresses for voice service profiles).Table 2 lists the access rules automatically created by the service profile wizards.The ** and * values are wildcards. The ** wildcard matches on all usernames. To match on all MACaddresses (MAC access rules only), use only a single *.You can restrict access by specifying part of the username or MAC address along with a wildcard *. In thiscase, only the usernames or MAC addresses that match the partial username or address are allowed access.User wildcards and MAC Address wildcardsFor a user wildcard, type a full or partial username to be matched during authentication (1 to 80 alphanumericcharacters, with no spaces or tabs). The format of a user wildcard depends on the client type and EAP method.• For Windows domain clients using Protected EAP (PEAP), the user wildcard is in the formatWindows_domain_name\username. The Windows domain name is the NetBIOS domain name and mustbe specified in capital letters. For example, EXAMPLE\sydney, or EXAMPLE\*.*, which specifies allusernames whose usernames contain periods.• For EAP with Transport Layer Security (EAP-TLS) clients, the format is username@domain_name. Forexample, sydney@example.com specifies the user sydney in the domain name example.com. The*@marketing.example.com wildcard specifies all users in the marketing department at example.com. Theuser wildcard sydney@engineering.example.com specifies the user sydney in the engineering departmentat example.com.For a MAC address wildcard, type a full or partial username to be matched during authentication. MACaddresses must be specified with colons as the delimiters (for example, 00:11:22:33:44:55). You can usewildcards by specifying an asterisk (*) in MAC addresses. The following lists examples of using wildcards inMAC addresses:• * (all MAC addresses)• 00:*• 00:01:*Table 2: Access Rules Automatically Created by Service ProfileWizardsService Profile Type Access Rule Type Default Access wildcard802.1X 802.1X **Voice MAC *Web-Portal (Web-based AAA) Web **Open (no user login required) Last-resort last-resort-ssid-nameCustom One or more of the above,depending on the type(s)selected during configurationof the service profile.None. No access rule is createdautomatically. You must con-figure the rules.