D-Link DWS-1008 Cli Reference Manual page 139
8 port 10/100 wireless switch with power over ethernet
Hide thumbs
Also See for DWS-1008:
- Cli reference manual (531 pages) ,
- Product manual (502 pages) ,
- User manual (454 pages)
Table of Contents
Advertisement
DWS-1008 CLI Reference Guide
method1
method2
method3
method4
Defaults: By default, authentication is unconfigured for all clients with network access through
AP ports or wired authentication ports on the switch. Connection, authorization, and
accounting are also disabled for these users.When using RADIUS for authentication,
the default well-known password for last-resort and MAC users is admin.
Access: Enabled
Usage: You can configure different authentication methods for different groups of users by
"globbing."You can configure a rule either for wireless access to an SSID, or for wired
access through a switch's wired authentication port. If the rule is for wireless access
to an SSID, specify the SSID name or specify any to match on all SSID names. If the
rule is for wired access, specify wired instead of an SSID name.
If you specify multiple authentication methods in the set authentication last-resort command,
MSS applies them in the order in which they appear in the command, with these results:
• If the first method responds with pass or fail, the evaluation is final.
• If the first method does not respond, MSS tries the second method, and so on.
• However, if local appears first, followed by a RADIUS server group, MSS overrides
any failed searches in the local database and sends an authentication request to
the server group.
MSS uses a last-resort authentication rule under the following conditions:
• The client is not denied access by 802.1X or does not support 802.1X.
• The client's MAC address does not match a MAC authentication rule.
• The fallthru method is last-resort. (For a wireless authentication rule, the fallthru
method is specified by the set service-profile auth-fallthru command. For a wired
authentication rule, the fallthru method is specified by the auth-fall-thru option of
the set port type wired-auth command.)
For wireless access, MSS appends the requested SSID name to the user name last-resort.
For example, if the requested SSID is mycorp, MSS attempts to authenticate the user
last-resort-mycorp. If the RADIUS server or local database used as the authentication method
has the user last-resort-mycorp, access is granted. Otherwise, access is denied.
D-Link Systems, Inc.
At least one of up to four methods that MSS uses to handle
authentication. Specify one or more of the following methods in priority
order. MSS applies multiple methods in the order you enter them.
A method can be one of the following:
• local - Uses the local database of usernames and user
groups on the switch for authentication.
• server-group-name - Uses the defined group of RADIUS
servers for authentication. You can enter up to four names of
existing RADIUS server groups as methods.
For more information, see "Usage."
AAA Commands
138
Advertisement
Table of Contents
