Configuring AAA for Network Users
About AAA for Network Users
Network users include the following types of users:
•
Wireless users—Users who access the network by associating with an SSID on a D-Link
radio.
Wired authentication users—Users who access the network over an Ethernet connection
•
to a switch port that is configured as a wired authentication (wired-auth) port.
You can configure authentication rules for each type of user, on an individual SSID or wired authentication
port basis. MSS authenticates users based on user information on RADIUS servers or in the switch's
local database. The RADIUS servers or local database authorize successfully authenticated users for
specific network access, including VLAN membership. Optionally, you also can configure accounting
rules to track network access information.
The following sections describe the MSS authentication, authorization, and accounting (AAA) features
in more detail.
When a user attempts to access the network, MSS checks for an authentication rule that matches the
following parameters:
•
For wireless access, the authentication rule must match the SSID the user is requesting,
and the user's username or MAC address.
•
For access on a wired authentication port, the authentication rule must match the user's
username or MAC address.
If a matching rule is found, MSS then checks RADIUS servers or the switch's local user database for
credentials that match those presented by the user.
Depending on the type of authentication rule that matches the SSID or wired authentication port, the
required credentials are the username or MAC address, and in some cases, a password.
D-Link DWS-1008 User Manual
Authentication