Support User Manuals

D-Link dws-1008 Switch User Manual

Open as PDF

of 531

D-Link DWS-1008 CLI Manual 202

Attribute Description Valid Value(s)

ﬁlter-id (network

access mode only)

Security access control list (ACL), to permit or

deny trafﬁc received (input) or sent (output) by

the switch.

Name of an existing security ACL, up to 253

alphanumeric characters, with no tabs or

spaces.

• Use acl-name.in to ﬁlter trafﬁc that enters

the switch from users via an AP access

port or wired authentication port, or from

the network via a network port.

• Use acl-name.out to ﬁlter trafﬁc sent from

the switch to users via an AP access port

or wired authentication port, or from the

network via a network port.

Note: If the Filter-Id value returned through the

authentication and authorization process does

not match the name of a committed security

ACL in the switch, the user fails authorization

and is unable to authenticate.

service-type Type of access the user is requesting.

One of the following numbers:

• 2—Framed; for network user access

• 6—Administrative; for administrative access

to the switch, with authorization to access

the enabled (conﬁguration) mode. The user

must enter the enable command and the

correct enable password to access the

enabled mode.

• 7—NAS-Prompt; for administrative access

to the nonenabled mode only. In this mode,

the user can still enter the enable command

and the correct enable password to access

the enabled mode.

For administrative sessions, the switch always

sends 6 (Administrative). The RADIUS server

can reply with one of the values listed above.

If the service-type is not set on the RADIUS

server, administrative users receive NAS-

Prompt access, and network users receive

Framed access.

session-timeout

(network access mode

only)

Maximum number of seconds for the user’s

session.

Number between 0 and 4,294,967,296 seconds

(approximately 136.2 years).

Note: If the global reauthentication timeout

(set by the set dot1x reauth-period command)

is shorter than the session-timeout, MSS uses

the global timeout instead.

ssid (network access

mode only)

SSID the user is allowed to access after

authentication.

Name of the SSID you want the user to use.

The SSID must be conﬁgured in a service

proﬁle, and the service proﬁle must be used by

a radio proﬁle assigned to D-Link radios in the

network.

start-date

Date and time at which the user becomes

eligible to access the network. MSS does

not authenticate the user unless the attempt

to access the network occurs at or after the

speciﬁed date and time, but before the end-

date (if speciﬁed).

Date and time, in the following format:

YY/MM/DD-HH:MM

You can use start-date alone or with end-date.

You also can use start-date, end-date, or both

in conjunction with time-of-day.

previous next