Support User Manuals

D-Link dws-1008 Switch User Manual

Open as PDF

of 531

D-Link DWS-1008 CLI Manual 191

method1-4 At least one of up to four methods that MSS uses to handle authentication. Specify

one or more of the following methods in priority order. MSS applies multiple methods

in the order you enter them.

A method can be one of the following:

• local—Uses the local database of usernames and user groups on the switch

for authentication.

• server-group-name—Uses the deﬁned group of RADIUS servers for

authentication. You can enter up to four names of existing RADIUS server

groups as methods.

• none—For users with administrative access only, MSS performs no

authentication, but prompts for a username and password and accepts any

combination of entries, including blanks.

Defaults: By default, authentication is unconﬁgured for all clients with network access through

AP ports or wired authentication ports on the switch. Connection, authorization, and accounting

are also disabled for these users. Bonded authentication is disabled by default.

Access: Enabled.

Usage: You can conﬁgure different authentication methods for different groups of users by

“globbing.” (For details, see “User Globs” on page 6.)

You can conﬁgure a rule either for wireless access to an SSID, or for wired access through a

switch’s wired authentication port. If the rule is for wireless access to an SSID, specify the SSID

name or specify any to match on all SSID names. If the rule is for wired access, specify wired

instead of an SSID name. You cannot conﬁgure client authentication that uses both the EAP-TLS

protocol and one or more RADIUS servers. EAP-TLS authentication is supported only on the

local database.

If you specify multiple authentication methods in the set authentication dot1x command, MSS

applies them in the order in which they appear in the command, with these results:

• If the ﬁrst method responds with pass or fail, the evaluation is ﬁnal.

• If the ﬁrst method does not respond, MSS tries the second method, and so on.

• However, if local appears ﬁrst, followed by a RADIUS server group, MSS overrides any failed

searches in the local database and sends an authentication request to the server group.

If the user does not support 802.1X, MSS attempts to perform MAC authentication for the user.

In this case, if the switch’s conﬁguration contains a set authentication mac command that

matches the SSID the user is attempting to access and the user’s MAC address, MSS uses the

method speciﬁed by the command. Otherwise, MSS uses local MAC authentication by default.

previous next