Administrator Guide
access-list stateless faculty
access-list stateless allowall
Creating the Guest Role and Policy
The guest policy permits only access to the Internet (via HTTP or HTTPS) and only during daytime working
hours. The guest policy is mapped to the guest user role.
To create the guest role and policy:
time-range working-hours periodic
weekday 07:30 to 17:00
ip access-list stateless guest
any host 10.1.1.25 svc-dhcp permit time-range working-hours
any host 10.1.1.25 svc-dns permit time-range working-hours
any alias âInternal Networkâ any deny
any any svc-http permit time-range working-hours
any any svc-https permit time-range working-hours
any any any deny
user-role guest
access-list stateless guest
Configuring the RADIUS Authentication Server
You can set the role condition to identify the userâs group. The Mobility Access Switch uses the literal value of
this attribute to determine the role name.
The following example uses the RADIUS server name radiusFaculty to configure the RADIUS server.
To configure the RADIUS authentication server to identify the user's group:
(host) (config) #aaa authentication-server radius radiusTechPubs
(host) (RADIUS Server "radiusFaculty") #host 10.41.255.30
(host) (RADIUS Server "radiusFaculty") #key hometown
(host) (RADIUS Server "radiusFaculty") #exit
(host) (config) #aaa server-group radiusTechpubs
(host) (Server Group "radiusFaculty") #auth-server radiusTechpubs
(host) (Server Group "radiusFaculty") #set role condition Class Value-of
Configuring 802.1x Authentication Profile
In the 802.1x authentication profile, configure enforcement of machine authentication before user
authentication (see Enabling the Enforce Machine Authentication Option).
If a user attempts to log in without machine authentication taking place first, the user is placed in the guest
role.
To configure the 802.1X authentication profile:
aaa authentication dot1x dot1x
machine-authentication enable
machine-authentication machine-default-role student
machine-authentication user-default-role guest
Dell Networking W-ClearPass Deployment Guide Mobility Access Switch Configuration for 802.1X Authentication | 177