D-Link Unified Access System
Note: Do not use the management VLAN ID of the AP for the value of the Tunnel-Private-Group-ID. The
dynamically-assigned RADIUS VLAN cannot be the same as the management VLAN. If the RADIUS server
attempts to assign a dynamic VLAN that is also the management VLAN, the AP ignores the dynamic VLAN
assignment, and a newly associated client is assigned to the default VLAN for that VAP. A re-authenticating client
retains its previous VLAN ID. The limitation is only on the DWL-8500APs. When the DWL-8600APs are managed
by the DWS-3000 switch, the limitation does not apply.
The dynamically-assigned RADIUS VLAN cannot be the same as the AP's management VLAN. If the RADIUS server
attempts to assign a dynamic VLAN to a client that associates with an AP with that VLAN as the management VLAN, the AP
ignores the dynamic VLAN assignment and a newly associated client is assigned to the default VLAN for that VAP. A re-
authenticating client retains its previous VLAN ID.
The default management VLAN ID for all APs is 1. The only way to change an AP's management VLAN ID is by using the
set management vlan-id command from the CLI.
After you change the etc/raddb/users file, you must restart the RADIUS server daemon to apply the changes.
Configuring MAC Authentication
For each network, you can configure whether to use a local or RADIUS database for client MAC authentication. To use
RADIUS-based MAC authentication for wireless clients, you add an entry for each client in the etc/raddb/users file. If
the default action for MAC Authentication on the switch is set to "Allow," only clients that have an entry in the users file are
allowed access to the network through the AP. If the default action is set to "deny" the clients with a MAC address in the
users file cannot authenticate with the AP.
The following line is an example of an entry for a client in the etc/raddb/users file.
00-0F-FE-1C-F2-67 Auth-Type: = Local, User-Password == "NOPASSWORD"
Note: The password is always NOPASSWORD, and the MAC address of the client uses hyphens, not colons.
Page 212
Software User Manual
02/15/2011
Document 34CS3000-SWUM104-D10