Configuring Mac Authentication - D-Link DWS-3000 Series User Manual

Unified wired & wireless access system

Hide thumbs Also See for DWS-3000 Series:

User manual (262 pages)

Configuration manual (192 pages)

Deployment manual (7 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

page of 266

/ 266
Contents
Table of Contents
Bookmarks

Table of Contents

D-Link Unified Access System

Note: Do not use the management VLAN ID of the AP for the value of the Tunnel-Private-Group-ID. The

dynamically-assigned RADIUS VLAN cannot be the same as the management VLAN. If the RADIUS server

attempts to assign a dynamic VLAN that is also the management VLAN, the AP ignores the dynamic VLAN

assignment, and a newly associated client is assigned to the default VLAN for that VAP. A re-authenticating client

retains its previous VLAN ID. The limitation is only on the DWL-8500APs. When the DWL-8600APs are managed

by the DWS-3000 switch, the limitation does not apply.

The dynamically-assigned RADIUS VLAN cannot be the same as the AP's management VLAN. If the RADIUS server

attempts to assign a dynamic VLAN to a client that associates with an AP with that VLAN as the management VLAN, the AP

ignores the dynamic VLAN assignment and a newly associated client is assigned to the default VLAN for that VAP. A re-

authenticating client retains its previous VLAN ID.

The default management VLAN ID for all APs is 1. The only way to change an AP's management VLAN ID is by using the

set management vlan-id command from the CLI.

After you change the etc/raddb/users file, you must restart the RADIUS server daemon to apply the changes.

Configuring MAC Authentication

For each network, you can configure whether to use a local or RADIUS database for client MAC authentication. To use

RADIUS-based MAC authentication for wireless clients, you add an entry for each client in the etc/raddb/users file. If

the default action for MAC Authentication on the switch is set to "Allow," only clients that have an entry in the users file are

allowed access to the network through the AP. If the default action is set to "deny" the clients with a MAC address in the

users file cannot authenticate with the AP.

The following line is an example of an entry for a client in the etc/raddb/users file.

00-0F-FE-1C-F2-67 Auth-Type: = Local, User-Password == "NOPASSWORD"

Note: The password is always NOPASSWORD, and the MAC address of the client uses hyphens, not colons.

Page 212

Software User Manual

02/15/2011

Document 34CS3000-SWUM104-D10

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

This manual is also suitable for:

Dwl-8500ap Dwl-3500ap Dwl-8600ap

Configuring Mac Authentication - D-Link DWS-3000 Series User Manual

Configuring MAC Authentication

Hide quick links:

Related Manuals for D-Link DWS-3000 Series

Related Content for D-Link DWS-3000 Series

This manual is also suitable for:

Table of Contents