In the FreeRADIUS database, the MAC address is case sensitive, and the
NOTE:
octets must be separated by hyphens.
00-11-95-a3-32-80
Configuring RADIUS Settings for Wireless Clients
You can configure D-Link Access Points to use 802.1X authentication on the RADIUS server
to allow or deny specific users on client stations access to the wireless network. If you enable
802.1X authentication, the client entry on a RADIUS server can support user-based VLANs
and subnet assignments for IP tunneling.
clients within the RADIUS server.
Table 81. RADIUS Attributes for Wireless Clients
RADIUS Server
Attribute
User-Name (1)
User-Password (2)
Tunnel-Medium-Type
(65)
Configuring RADIUS for Client MAC Authentication
You can configure the AP to use RADIUS-based MAC authentication to allow or deny
specific client stations access to the wireless network. Although this method is less secure than
802.1X, you can use it for client stations that do not support 802.1X.
The addresses you enter are either allowed or denied based on the global default action within
the AP profile.
Table 82
indicates the attributes that you configure in the RADIUS server entry.
Table 82. RADIUS Attributes for Wireless Client MAC Authentication
RADIUS Server
Attribute
User-Name (1)
User-Password (2)
Auth-Type := Local, User-Password=="NOPASSWORD"
D-Link-Wireless-AP-Mode = WS-Managed,
D-Link-Wireless-AP-Location = "Lobby AP",
D-Link-Wireless-AP-Profile-ID = 1,
D-Link-Wireless-AP-Switch-IP = 192.168.30.4,
D-Link-Wireless-AP-Radio-1-Chan = Auto,
D-Link-Wireless-AP-Radio-2-Chan = Auto,
D-Link-Wireless-AP-Radio-1-Power = Auto,
D-Link-Wireless-AP-Radio-2-Power = Auto
Table 81
Description
1-32 characters
1-128 characters
802
Description
Ethernet Address of the client
station.
A fixed password used to
lookup a client MAC entry.
Configuring RADIUS Settings for Wireless Clients
Configuring the External RADIUS Server
shows the attributes to set for wireless
Range
Required
Required
Optional
Range
Valid Ethernet
MAC Address.
NOPASSWORD
Usage
Usage
Required
Required
211