D-Link DWS-1008 Informations techniques télécharger pdf (Page 138)

137

DWS-1008 CLI Reference Guide

D-Link Systems, Inc.

AAA Commands

If the user does not support 802.1X, MSS attempts to perform MAC authentication for the

user. In this case, if the switch’s conﬁguration contains a set authentication mac command

that matches the SSID the user is attempting to access and the user’s MAC address, MSS

uses the method speciﬁed by the command. Otherwise, MSS uses local MAC authentication

by default.

If the username does not match an authentication rule for the SSID the user is attempting

to access, MSS uses the fallthru authentication type conﬁgured for the SSID, which can be

last-resort or none.

Examples: The following command conﬁgures EAP-TLS authentication in the local database

for SSID mycorp and 802.1X client Geetha:

DWS-1008# set authentication dot1x ssid mycorp Geetha eap-tls local

success: change accepted.

The following command conﬁgures PEAP-MS-CHAP-V2 authentication at RADIUS server

groups sg1 through sg3 for all 802.1X clients at example.com who want to access SSID

examplecorp:

DWS-1008# set authentication dot1x ssid examplecorp *@example.com

peap-mschapv2 sg1 sg2 sg3

success: change accepted.

set authentication last-resort

Conﬁgures an authentication rule to grant network access to a user who is not otherwise

granted or denied access by 802.1X, or granted access by MAC authentication.

Syntax: set authentication last-resort {ssid ssid-name | wired}

method1 [method2] [method3] [method4]

ssid ssid-name SSID name to which this authentication rule applies. To apply the rule to

all SSIDs, type any.

wired Applies this authentication rule speciﬁcally to users connected to a wired

authentication port.

If you specify multiple authentication methods in the set authentication dot1x command,

MSS applies them in the order in which they appear in the command, with these results:

• If the ﬁrst method responds with pass or fail, the evaluation is ﬁnal.

• If the ﬁrst method does not respond, MSS tries the second method, and so on.

• However, if local appears ﬁrst, followed by a RADIUS server group, MSS overrides

any failed searches in the local database and sends an authentication request to

the server group.

1 2 ... 133 134 135 136 137 138 139 140 141 142 143 ... 405 406

Pas de commentaire

D-Link DWS-1008 Informations techniques Page 138