Switch User Manual

Configuring AAA for network users 583

Nortel WLAN—Security Switch 2300 Series Configuration Guide

Using an ACL other than

portalacl

By default, when you set the fallthru authentication type on a service profile or wired authentication port to

web-portal, WSS Software creates an ACL called portalacl. WSS Software uses the portalacl ACL to filter

Web-Portal user traffic while users are being authenticated.

To use another ACL:

1 Create a new ACL and add the first rule contained in portalacl:

set security acl ip portalacl permit udp 0.0.0.0

255.255.255.255 eq 68 0.0.0.0 255.255.255.255 eq 67

set security acl ip portalacl deny 0.0.0.0

255.255.255.255 capture

2 Add the additional rules required for your application. For example, if you want to redirect

users to a credit card server, add the ACEs to do so.

3 Add the last rule contained in portalacl:

set security acl ip portalacl deny 0.0.0.0

255.255.255.255 capture

4 Verify the new ACL configuration, before committing it to the configuration, using the

following command:

show security acl info [acl-name | all] [editbuffer]

5 Commit the new ACL to the configuration, using the following command:

commit security acl

6 Change the Web-Portal ACL name set on the service profile, using the following command:

set service-profile name web-portal-acl aclname

7 Verify the change by displaying the service profile.

8 Save the configuration changes.