274
DWS-1008 User’s Manual
D-Link Systems, Inc.
Configuring AAA for Network Users
•
Mobility-Profile - Controls the switch ports a user can access. For wireless users, an
MSS Mobility Profile specifies the access points through which the user can access
the network. For wired authentication users, the Mobility Profile specifies the wired
authentication ports through which the user can access the network.
•
SSID - SSID the user is allowed to access after authentication.
•
Start-Date - Date and time at which the user becomes eligible to access the network.
MSS does not authenticate the user unless the attempt to access the network occurs
at or after the specified date and time, but before the end-date (if specified).
•
Time-of-Day - Day(s) and time(s) during which the user is permitted to log into the
network.
•
URL - URL to which the user is redirected after successful WebAAA.
•
VLAN-Name - VLAN to place the user on.
You also can assign the following RADIUS attributes to users configured in the local
database.
•
Filter-Id - Security ACL that permits or denies traffic received (input) or sent (output)
the switch.
•
Service-Type - Type of access the user is requesting, which can be network access,
administrative access to the enabled (configuration) mode of the MSS CLI, or
administrative access to the nonenabled mode of the CLI
•
Session-Timeout - Maximum number of seconds allowed for the user’s session.
Regardless of whether you configure the user and attributes on RADIUS servers or the
switch’s local database, the VLAN attribute is required. The other attributes are optional.
Accounting
MSS also supports accounting. Accounting collects and sends information used for billing,
auditing, and reporting - for example, user identities, connection start and stop times, the
number of packets received and sent, and the number of bytes transferred. You can track
sessions through accounting information stored locally or on a remote RADIUS server.
Summary of AAA Features
Depending on your network configuration, you can configure authentication, authorization,
and accounting (AAA) for network users to be performed locally on the switch or remotely
on a RADIUS server. The number of users that the local database can support depends on
your platform.
Summary of Contents for DWS-1008
Page 1: ......