D-Link DWS-1008 User Manual page 293

DWS-1008 User's Manual
For example, to add the MAC user 00:01:02:03:04:05 to VLAN red:
DWS-1008# set mac-user 00:01:02:03:04:05 attr vlan-name red
success: change accepted
To change the value of an authorization attribute, reenter the command with the new value.
To clear an authorization attribute from a MAC user profile in the local database, use the
following command:
clear mac-user mac-addr attr attribute-name
For example, the following command clears the VLAN assignment from MAC user
01:0f:02:03:04:05:
DWS-1008# clear mac-user 01:0f:03:04:05:06 attr vlan-name
success: change accepted.
Changing the MAC Authorization Password for RADIUS
When you enable MAC authentication, the client does not supply a regular username or
password. The MAC address of the user's device is extracted from frames received from the
device.
To authenticate and authorize MAC users via RADIUS, you must configure a single predefined
password for MAC users, which is called the outbound authorization password. The same
password is used for all MAC user entries in the RADIUS database. Set this password by
typing the following command:
set radius server server-name author-password password
The default password is dlink.
Note: Before setting the outbound authorization password for a RADIUS server, you must
have set the address for the RADIUS server.
For example, the following command sets the outbound authorization password for MAC
users on server bigbird to h00per:
DWS-1008# set radius server bigbird author-password h00per
success: change accepted.
Note: A MAC address must be dash-delimited in the RADIUS database (00-00-01-03-04-05).
However, the MSS always displays colon-delimited MAC addresses.
If the MAC address is in the database, MSS uses the VLAN attribute and other attributes
associated with it for user authorization. Otherwise, MSS tries the fallthru authentication type,
which can be last-resort, Web, or none.
D-Link Systems, Inc.
Configuring AAA for Network Users
288