D-Link DWS-1008 User Manual page 323

DWS-1008 User's Manual
(mktg) group and RADIUS pass-through authentication for members of engineering. This
example assumes that engineering members are using DNS-style naming, such as is used
with EAP-TLS. A server certificate is also required. Because the switch requires a certificate
for authentication, a self-signed certificate is shown in this example.
1. Configure the RADIUS server r1 at IP address 10.1.1.1 with the string starry for the
key. Type the following command:
DWS-1008# set radius server r1 address 10.1.1.1 key starry
2. Configure the server group sg1 with member r1. Type the following command:
DWS-1008# set server group sg1 members r1
3. To authenticate all 802.1X users of SSID bobblehead in the group mktg using PEAP
on the switch and MS-CHAP-V2 on server sg1, type the following command:
DWS-1008# set authentication dot1x ssid bobblehead mktg\* peap-mschapv2 sg1
4. To authenticate all 802.1X users of SSID aircorp in @eng.example.com via pass-
through to sg1, type the following command:
DWS-1008# set authentication dot1x ssid aircorp *@eng.example.com pass-
through sg1
5. To generate a public-private key pair and a self-signed EAP certificate, type the
following commands:
DWS-1008# crypto generate key eap 1024
key pair generated
DWS-1008# crypto generate self-signed eap
Country Name: US
State Name: CA
Locality Name: Campus1
Organizational Name: Example
Organizational Unit: IT
Common Name: SW33
Email Address: admin@example.com
Unstructured Name: wiring closet south campus
6. Save the configuration:
DWS-1008 save config
success: configuration saved.
Overriding AAA-Assigned VLANs
The following example shows how to change the VLAN access of wireless users in an
organization housed in multiple buildings.
D-Link Systems, Inc.
Configuring AAA for Network Users
318