D-Link DWS-1008 User Manual page 277
Wireless 8 port switch with poe
Hide thumbs
Also See for DWS-1008:
- Cli reference manual (531 pages) ,
- Product manual (502 pages) ,
- Installation manual (17 pages)
Table of Contents
Advertisement
DWS-1008 User's Manual
Web and last-resort are described in Authentication Types. None means the user is automatically
denied access. The fallthru authentication type for wireless access is associated with the
SSID (through a service profile). The fallthru authentication type for wired authentication
access is specified with the wired authentication port.
Note: The fallthru authentication type None is different from the authentication method none
you can specify for administrative access. The fallthru authentication type None denies
access to a network user. In contrast, the authentication method none allows access to the
switch by an administrator.
SSID Name "Any"
In authentication rules for wireless access, you can specify the name any for the SSID. This
value is a wildcard that matches on any SSID string requested by the user.
For 802.1X and WebAAA rules that match on SSID any, MSS checks the RADIUS servers
or local database for the username (and password, if applicable) entered by the user. If the
user information matches, MSS grants access to the SSID requested by the user, regardless
of which SSID name it is.
For MAC authentication rules that match on SSID any, MSS checks the RADIUS servers or
local database for the MAC address (and password, if applicable) of the user's device. If the
address matches, MSS grants access to the SSID requested by the user, regardless of which
SSID name it is.
However, in a last-resort authentication rule for wireless access, if the SSID name in the
authentication rule is any, MSS checks the RADIUS servers or local database for username
last-resort-any, exactly as spelled here. If checking RADIUS, MSS also checks for a password.
Access is granted only if this username (and password, if applicable) is found. Otherwise,
access is denied.
Last-Resort Processing
When a user without a username or password requests wireless access, MSS checks the
configuration for a last-resort authentication rule that matches on the SSID. If the configuration
contains the rule, MSS checks the local database for username last-resort-ssid, where ssid is
the SSID requested by the user. The guest user is granted access only if the database
or RADIUS server group contains last-resort-ssid for the SSID requested by the user.
Otherwise, access is denied.
This processing of the last-resort username is different from 802.1X, MAC, or WebAAA,
where MSS checks for the exact username or MAC address (and password, if applicable)
of the user. MSS does not append the SSID to the username (or MAC address) for 802.1X,
Web, or MAC authentication.
User Credential Requirements
The user credentials that MSS checks for on RADIUS servers or in the local database differ
depending on the type of authentication rule that matches on the SSID or wired access
requested by the user.
D-Link Systems, Inc.
Configuring AAA for Network Users
272
Advertisement
Table of Contents
