522 Configuring AAA for network usersNN47250-500 (320657-F Version 02.01)Configuring access for any users of a non-tagged SSIDIf SSID traffic from the third-party AP is untagged, use the same configuration commands as the ones requiredfor 802.1X users, except the set radius proxy port command. This command is not required and is not appli-cable to untagged SSID traffic. In addition, when configuring the wired authentication port, use theauth-fall-thru option to change the fallthru authentication type to last-resort or web-portal.On the RADIUS server, configure username web-portal-wired or last-resort-wired, depending on thefallthru authentication type specified for the wired authentication port.Assigning authorization attributesAuthorization attributes can be assigned to users in the local database, on remote servers, or in the serviceprofile of the SSID the user logs into. The attributes, which include access control list (ACL) filters, VLANmembership, encryption type, session time-out period, and other session characteristics, let you control howand when users access the network. When a user or group is authenticated, the local database, RADIUS server,or service profile passes the authorization attributes to WSS Software to characterize the user’s session.If attributes are configured for a user and also for the group the user is in, the attributes assigned to the indi-vidual user take precedence for that user. For example, if the start-date attribute configured for a user is soonerthan the start-date configured for the user group the user is in, the user’s network access can begin as soon asthe user start-date. The user does not need to wait for the user group’s start date.The VLAN attribute is required. WSS Software can authorize a user to access the network only if the VLANto place the user on is specified.Table 5 lists the authorization attributes supported by WSS Software. (For brief descriptions of all theRADIUS attributes and Nortel vendor-specific attributes supported by WSS Software, as well as the vendorID and types for Nortel VSAs configured on a RADIUS server, see “Supported RADIUS attributes”(page 697).)