Avoiding Aaa Problems In Configuration Order; Using The Wildcard "Any" As The Ssid Name In Authentication Rules - D-Link DWS-1008 - AirPremier MobileLAN Switch Product Manual

Password = 082c6c64060b (encrypted)
Filter-Id = acl-999.in
Filter-Id = acl-999.out
mac-user 01:02:03:04:05:06
usergroup eastcoasters
session-timeout = 99
Avoiding AAA Problems in Configuration
Using the Wildcard "Any" as the SSID Name in
You can configure an authentication rule to match on all SSID strings by using the SSID string any in
the rule. For example, the following rule matches on all SSID strings requested by all users:
set authentication web ssid any ** sg1
MSS checks authentication rules in the order they appear in the configuration file. As a result, if a rule
with SSID any appears in the configuration before a rule that matches on a specific SSID for the same
authentication type and userglob, the rule with any always matches first.
To ensure the authentication behavior that you expect, place the most specific rules first and place rules
with SSID any last. For example, to ensure that users who request SSID corpa are authenticated using
RADIUS server group corpasrvr, place the following rule in the configuration before the rule with SSID
any:
set authentication web ssid corpa ** corpasrvr
Here is an example of a AAA configuration where the most-specific rules for 802.1X are first and the
rules with any are last:
DWS-1008# show aaa
...
set authentication dot1x ssid mycorp Geetha eap-tls
set authentication dot1x ssid mycorp * peap-mschapv2 sg1 sg2 sg3
set authentication dot1x ssid any ** peap-mschapv2 sg1 sg2 sg3
D-Link DWS-1008 User Manual
Order
Authentication Rules
1