Authentication Types - D-Link DWS-1008 - AirPremier MobileLAN Switch Product Manual
8 port 10/100 wireless switch with power over ethernet
Hide thumbs
Also See for DWS-1008 - AirPremier MobileLAN Switch:
- Cli reference manual (531 pages) ,
- User manual (454 pages) ,
- Installation manual (17 pages)
Table of Contents
Advertisement
Each authentication rule specifies where the user credentials are stored. The location can be a group
of RADIUS servers or the switch's local database. In either case, if MSS has an authentication rule that
matches on the required parameters, MSS checks the username or MAC address of the user and, if
required, the password to make sure they match the information configured on the RADIUS servers or
in the local database.
The username or MAC address can be an exact match or can match a userglob or MAC address glob,
which allow wildcards to be used for all or part of the username or MAC address. (For more information
about globs, see "AAA Tools for Network Users".)
MSS provides the following types of authentication:
IEEE 802.1X—If the network user's network interface card (NIC) supports 802.1X, MSS
•
checks for an 802.1X authentication rule that matches the username (and SSID, if wireless
access is requested), and that uses the Extensible Authentication Protocol (EAP) requested
by the NIC. If a matching rule is found, MSS uses the requested EAP to check the RADIUS
server group or local database for the username and password entered by the user. If
matching information is found, MSS grants access to the user.
MAC—If the username does not match an 802.1X authentication rule, but the MAC address
•
of the user's NIC or Voice-over-IP (VoIP) phone and the SSID (if wireless) do match a
MAC authentication rule, MSS checks the RADIUS server group or local database for
matching user information. If the MAC address (and password, if on a RADIUS server)
matches, MSS grants access. Otherwise, MSS attempts the fallthru authentication type,
which can be Web, last-resort, or none. (Fallthru authentication is described in more detail
in "Authentication Algorithm".)
•
Web—A network user attempts to access a web page over the network. The switch
intercepts the HTTP or HTTPS request and serves a login Web page to the user. The
user enters the username and password, and MSS checks the RADIUS server group or
local database for matching user information. If the username and password match, MSS
redirects the user to the web page she requested. Otherwise, MSS denies access to the
user.
•
Last-resort—A network user associates with an SSID or connects to a wired authentication
port, and does not enter a username or password.
•
SSID—If 802.1X or MAC authentication do not apply to the SSID (no 802.1X or MAC
access rules are configured for the SSID), the default authorization attributes set on the
SSID are applied to the user and the user is allowed onto the network.
•
Wired authentication port—If 802.1X or MAC authentication do not apply to the port
(no 802.1X or MAC access rules have the wired option set), MSS checks for user last-
resort-wired. If this user is configured, the authorization attributes set for the user are
applied to the user who is on the wired authentication port and the user is allowed onto the
network.
D-Link DWS-1008 User Manual
Authentication Types
Advertisement
Table of Contents
