Portal Acl And User Acls; Network Requirements; Switch Recommendations; Client Nic Recommendations - D-Link DWS-1008 - AirPremier MobileLAN Switch Product Manual
8 port 10/100 wireless switch with power over ethernet
Hide thumbs
Also See for DWS-1008 - AirPremier MobileLAN Switch:
- Cli reference manual (531 pages) ,
- User manual (454 pages) ,
- Installation manual (17 pages)
Table of Contents
Advertisement
The portalacl ACL, which MSS creates automatically, applies only when a user's session is in the portal
state. After the user is authenticated and authorized, the ACL is no longer applicable.
To modify a user's access while the user is still being authenticated and authorized, you can configure
another ACL and map that ACL instead to the service profile or the web-portal-wired user. Make
sure to use the capture option for traffic you do not want to allow. D-Link recommends that you do not
change the portalacl ACL. Leave the ACL as a backup in case you need to refer to it or you need to use
it again.
For example, if you want to allow the user to access a credit card server while MSS is still authenticating
and authorizing the user, create a new ACL, add ACEs that are the same as the ACEs in portalacl, and
add a new ACE before the last one, to allow access to the credit card server. Make sure the last ACE in
the ACL is the deny ACE that captures all traffic that is not allowed by the other ACEs.
To modify a WebAAA user's access after the user is authenticated and authorized, map an ACL
to the individual WebAAA user. Changes you make to the ACL mapped to the service profile or
web-portal-wired user do not affect user access after authentication and authorization are complete.
Note: The filter-id attribute in a service profile applies only to authenticated users. If this attribute is set
in a service profile for an SSID accessed by Web-Portal users, the attribute applies only after users
have been authenticated. While a Web-Portal user is still being authenticated, the ACL set by the
web-portal-acl applies instead.
The VLAN where users will be placed must have an IP interface, and the subnet the interface is in must
have access to DHCP and DNS servers.
• Consider installing a WebAAA certificate signed by a trusted CA, instead of one signed
by the switch itself. Unless the client's browser is configured to trust the signature on the
switch's WebAAA certificate, display of the login page can take several seconds longer than
usual, and might be interrupted by a dialog asking the user what to do about the untrusted
certificate. Generally, the browser is already configured to trust certificates signed by a
CA.
• Configure the NIC to use DHCP to obtain its IP address.
D-Link DWS-1008 User Manual
Portal ACL and User ACLs
Network Requirements
Switch Recommendations
Client NIC Recommendations
Advertisement
Table of Contents
