554 Configuring AAA for network usersNN47250-500 (320657-F Version 02.01)General use of network user commandsThe following example illustrates how to configure IEEE 802.1X network users for authentication, accounting, ACLfiltering, and Mobility Profile assignment:1 Configure all 802.1X users of SSID mycorp at EXAMPLE to be authenticated by server groupshorebirds. Type the following command:WSS# set authentication dot1x ssid mycorp EXAMPLE\* pass-through shorebirds2 Configure stop-only accounting for all mycorp users at EXAMPLE, for accounting records to be storedlocally. Type the following command:WSS# set accounting dot1x ssid mycorp EXAMPLE\* stop-only localsuccess: change accepted.3 Configure an ACL to filter the inbound packets for each user at EXAMPLE. Type the followingcommand for each user:WSS# set user EXAMPLE\username attr filter-id acl-101.inThis command applies the access list named acl-101 to each user at EXAMPLE.4 To display the ACL, type the following command:WSS# show security acl info acl-101set security acl ip acl-101 (hits #0 0)----------------------------------------------------1. permit IP source IP 192.168.1.1 0.0.0.255 destination IP anyenable-hits(For more information about ACLs, see “Configuring and managing security ACLs” (page 407).)5 Create a Mobility Profile called tulip by typing the following commands:WSS# set mobility-profile name tulip port 2,5-9success: change accepted.WSS# set mobility-profile mode enablesuccess: change accepted.WSS# show mobility-profileMobility ProfilesName Ports=========================tulipAP 2AP 6AP 7AP 8AP 96 To assign Mobility Profile tulip to all users at EXAMPLE, type the following command for eachEXAMPLE\ user:WSS# set user EXAMPLE\username attr mobility-profile tulip