Configuring Last-Resort Access for Wired Authentication Ports 481Configuring AAA for Users of Third-Party APs 482Authentication Process for Users of a Third-Party AP 482Requirements 483Configuring Authentication for 802.1X Users of a Third-Party AP withTagged SSIDs 484Configuring Authentication for Non-802.1X Users of a Third-Party APwith Tagged SSIDs 487Configuring Access for Any Users of a Non-Tagged SSID 487Assigning Authorization Attributes 487Assigning Attributes to Users and Groups 492Assigning SSID Default Attributes to a Service Profile 493Assigning a Security ACL to a User or a Group 494Clearing a Security ACL from a User or Group 495Assigning Encryption Types to Wireless Users 496Keeping Users on the Same VLAN Even After Roaming 498Overriding or Adding Attributes Locally with a Location Policy 499About the Location Policy 500How the Location Policy Differs from a Security ACL 500Setting the Location Policy 501Clearing Location Policy Rules and Disabling the Location Policy 503Configuring Accounting for Wireless Network Users 504Viewing Local Accounting Records 505Viewing Roaming Accounting Records 505Displaying the AAA Configuration 507Avoiding AAA Problems in Configuration Order 508Using the Wildcard “Any” as the SSID Name in AuthenticationRules 508Using Authentication and Accounting Rules Together 508Configuring a Mobility Profile 510Network User Configuration Scenarios 512General Use of Network User Commands 512Enabling RADIUS Pass-Through Authentication 514Enabling PEAP-MS-CHAP-V2 Authentication 514Enabling PEAP-MS-CHAP-V2 Offload 515Combining EAP Offload with Pass-Through Authentication 516Overriding AAA-Assigned VLANs 516
