Using Pass-Through; Authenticating Via A Local Database; Binding User Authentication To Machine Authentication - D-Link DWS-1008 - AirPremier MobileLAN Switch Product Manual

The pass-through method causes EAP authentication requests to be processed entirely by remote
RADIUS servers in server groups.
For example, the following command enables users at EXAMPLE to be processed via server group
shorebirds or swampbirds:
DWS-1008# set authentication dot1X ssid marshes EXAMPLE/* pass-through
shorebirds swampbirds
The server group swampbirds is contacted only if all the RADIUS servers in shorebirds do not
respond.
(For an example of the use of pass-through servers plus the local database for authentication, see
"Remote Authentication with Local Backup".)

Authenticating via a Local Database

To configure the switch to authenticate and authorize a user against the local database in the switch,
use the following command:
set authentication dot1x {ssid ssid-name | wired} user-glob [bonded] protocol local
For example, the following command authenticates 802.1X user Jose for wired authentication access
via the local database:
DWS-1008# set authentication dot1X Jose wired peap-mschapv2 local
success: change accepted.

Binding User Authentication to Machine Authentication

Bonded Auth™ (bonded authentication) is a security feature that binds an 802.1X user's authentication
to authentication of the machine from which the user is attempting to log on. When this feature is
enabled, MSS authenticates a user only if the machine from which the user logs on has already been
authenticated separately.
By default, MSS does not bind user authentication to machine authentication. A trusted user can log on
from any machine attached to the network.
You can use Bonded Auth with Microsoft Windows
for the machine itself and for a user who uses the machine to log on to the network.
D-Link DWS-1008 User Manual

Using Pass-Through

clients that support separate 802.1X authentication
®
8