D-Link DWS-1008 User Manual
8
Using Pass-Through
The pass-through method causes EAP authentication requests to be processed entirely by remote
RADIUS servers in server groups.
For example, the following command enables users at EXAMPLE to be processed via server group
shorebirds
or
swampbirds
:
DWS-1008#
set authentication dot1X ssid marshes EXAMPLE/* pass-through
shorebirds swampbirds
The server group
swampbirds
is contacted only if all the RADIUS servers in
shorebirds
do not
respond.
(For an example of the use of pass-through servers plus the local database for authentication, see
“Remote Authentication with Local Backup”.)
Authenticating via a Local Database
To configure the switch to authenticate and authorize a user against the local database in the switch,
use the following command:
set authentication dot1x {ssid
ssid-name
| wired}
user-glob
[bonded]
protocol
local
For example, the following command authenticates 802.1X user
Jose
for wired authentication access
via the local database:
DWS-1008#
set authentication dot1X Jose wired peap-mschapv2 local
success: change accepted.
Binding User Authentication to Machine Authentication
Bonded Auth™ (bonded authentication) is a security feature that binds an 802.1X user’s authentication
to authentication of the machine from which the user is attempting to log on. When this feature is
enabled, MSS authenticates a user only if the machine from which the user logs on has already been
authenticated separately.
By default, MSS does not bind user authentication to machine authentication. A trusted user can log on
from any machine attached to the network.
You can use Bonded Auth with Microsoft Windows
®
clients that support separate 802.1X authentication
for the machine itself and for a user who uses the machine to log on to the network.
Summary of Contents for DWS-1008
Page 1: ......