D-Link DWS-1008 User Manual page 288
Wireless 8 port switch with poe
Hide thumbs
Also See for DWS-1008:
- Cli reference manual (531 pages) ,
- Product manual (502 pages) ,
- Installation manual (17 pages)
Table of Contents
Advertisement
DWS-1008 User's Manual
The authentication rule for the machine must be higher up in the list of authentication rules
than the authentication rule for the user.
You must use 802.1X authentication rules. The 802.1X authentication rule for the machine
must use pass-through as the protocol. D-Link recommends that you also use pass-through
for the user's authentication rule.
The rule for the machine and the rule for the user must use a RADIUS server group as the
method. (Generally, in a Bonded Auth configuration, the RADIUS servers will use a user
database stored on an Active Directory server.)
D-Link recommends that you make the rules as general as possible. For example, if the
Active Directory domain is mycorp.com, the following userglobs match on all machine names
and users in the domain:
• host/*.mycorp.com (userglob for the machine authentication rule)
• *.mycorp.com (userglob for the user authentication rule)
If the domain name has more nodes (for example, nl.mycorp.com), use an asterisk in each
node that you want to match globally. For example, to match on all machines and users in
mycorp.com, use the following userglobs:
• host/*.*.mycorp.com (userglob for the machine authentication rule)
• *.*.mycorp.com (userglob for the user authentication rule)
Use more specific rules to direct machines and users to different server groups. For example,
to direct users in nl.mycorp.com to a different server group than users in de.mycorp.com, use
the following userglobs:
• host/*.nl.mycorp.com (userglob for the machine authentication rule)
• *.nl.mycorp.com (userglob for the user authentication rule)
• host/*.de.mycorp.com (userglob for the machine authentication rule)
• *.de.mycorp.com (userglob for the user authentication rule)
Bonded Auth Period
The Bonded Auth period is the number of seconds MSS allows a Bonded Auth user to
reauthenticate.
After successful machine authentication, a session for the machine appears in the session
table in MSS. When the user logs on and is authenticated, the user session replaces the
machine session in the table. However, since the user's authentication rule contains the
bonded option, MSS remembers that the machine was authenticated.
D-Link Systems, Inc.
Configuring AAA for Network Users
283
Advertisement
Table of Contents
