286
DWS-1008 User’s Manual
D-Link Systems, Inc.
Configuring AAA for Network Users
Users authorized by MAC address require a MAC authorization password if RADIUS
authentication is desired. The default well-known password is
dlink
.
Caution:
Use this method with care. IEEE 802.11 frames can be forged and can result in
unauthorized network access if MAC authentication is employed.
Adding and Clearing MAC Users and User Groups Locally
MAC users and groups can gain network access only
through
the switch. They cannot create
administrative connections
to
the switch. A MAC user is created in a similar fashion to other
local users except for having a MAC address instead of a username. MAC user groups are
created in a similar fashion to other local user groups.
(To create a MAC user profile or MAC user group on a RADIUS server, see the documentation
for your RADIUS server.)
Adding MAC Users and Groups
To create a MAC user group in the local database, you must associate it with an
authorization attribute and value. Use the following command:
set mac-usergroup
group-name
attr
attribute-name value
For example, to create a MAC user group called
mac-easters
with a 3000-second Session-
Timeout value, type the following command:
DWS-1008#
set mac-usergroup mac-easters attr session-timeout 3000
success: change accepted.
To configure a MAC user in the local database and optionally add the user to a group, use
the following command:
set mac-user
mac-addr
[
group
group-name
]
For example, type the following command to add MAC user 01:0f:03:04:05:06 to group
macfans:
DWS-1008#
set mac-user 01:0f:03:04:05:06 group macfans
success: change accepted.
Clearing MAC Users and Groups
To clear a MAC user from a user group, use the following command:
clear mac-user
mac-addr
group
Summary of Contents for DWS-1008
Page 1: ......