Authentication Algorithm; Ssid Name "Any; Last-Resort Processing - D-Link DWS-1008 - AirPremier MobileLAN Switch Product Manual
8 port 10/100 wireless switch with power over ethernet
Hide thumbs
Also See for DWS-1008 - AirPremier MobileLAN Switch:
- Cli reference manual (531 pages) ,
- User manual (454 pages) ,
- Installation manual (17 pages)
Table of Contents
Advertisement
MSS can try more than one of the authentication types described in "Authentication Types" to authenticate
a user. MSS tries 802.1X first. If the user's NIC supports 802.1X but fails authentication, MSS denies
access. Otherwise, MSS tries MAC authentication next. If MAC authentication is successful, MSS grants
access to the user. Otherwise, MSS tries the fallthru authentication type specified for the SSID or wired
authentication port. The fallthru authentication type can be one of the following:
• Web
• Last-resort
• None
Web and last-resort are described in "Authentication Types". None means the user is automatically
denied access. The fallthru authentication type for wireless access is associated with the SSID (through
a service profile). The fallthru authentication type for wired authentication access is specified with the
wired authentication port.
Note: The fallthru authentication type None is different from the authentication method none you can
specify for administrative access. The fallthru authentication type None denies access to a network
user. In contrast, the authentication method none allows access to the switch by an administrator.
In authentication rules for wireless access, you can specify the name any for the SSID. This value is a
wildcard that matches on any SSID string requested by the user.
For 802.1X and WebAAA rules that match on SSID any, MSS checks the RADIUS servers or local
database for the username (and password, if applicable) entered by the user. If the user information
matches, MSS grants access to the SSID requested by the user, regardless of which SSID name it is.
For MAC authentication rules that match on SSID any, MSS checks the RADIUS servers or local
database for the MAC address (and password, if applicable) of the user's device. If the address matches,
MSS grants access to the SSID requested by the user, regardless of which SSID name it is.
One of the fallthru authentication types you can set on a service profile or wired authentication port is
last-resort.
If no 802.1X or MAC access rules are configured for a service profile's SSID, and the SSID's fallthru
type is last-resort, MSS allows users onto the SSID or port without prompting for a username or
password. The default authorization attributes set on the SSID are applied to the user. For example, if the
vlan-name attribute on the service profile is set to guest-vlan, last-resort users are placed in guest-
vlan.
If no 802.1X or MAC access rules are configured for wired, and the wired authentication port's fallthru
type is last-resort, MSS allows users onto the port without prompting for a username or password. The
authorization attributes set on user last-resort-wired are applied to the user.
D-Link DWS-1008 User Manual
Authentication Algorithm
SSID Name "Any"
Last-Resort Processing
Advertisement
Table of Contents
