311
DWS-1008 User’s Manual
D-Link Systems, Inc.
Configuring AAA for Network Users
You then set up PEAP-MS-CHAP-V2 authentication and authorization for all users at
EXAMPLE/ at server group 1. Finally, you set up PEAP-MS-CHAP-V2 authentication and
authorization for all users in the local DWS-1008 switch database, with the intention that
EXAMPLE users are to be processed first:
DWS-1008#
set authentication dot1x ssid mycorp EXAMPLE/* peap-mschapv2
group1
success: change accepted.
DWS-1008#
set authentication dot1x ssid mycorp * peap-mschapv2 local
success: change accepted.
The following configuration order results. The authentication commands are reversed, and
MSS processes the authentication of all 802.1X users in the local database and ignores the
command for EXAMPLE/ users.
DWS-1008#
show aaa
...
set accounting dot1x ssid mycorp * start-stop group1
set authentication dot1x ssid mycorp * peap-mschapv2 local
set authentication dot1x ssid mycorp EXAMPLE/* peap-mschapv2 group1
Configuration for a Correct Processing Order
To avoid processing errors for authentication and accounting commands that include order-
sensitive user globs, enter the commands for each user glob in pairs.
For example, to set accounting and authorization for 802.1X users as you intended in
Configuration Producing an Incorrect Processing Order, enter an accounting and authentication
command for each user glob in the order in which you want them processed:
DWS-1008#
set accounting dot1x ssid mycorp EXAMPLE/* start-stop group1
success: change accepted.
DWS-1008#
set authentication dot1x ssid mycorp EXAMPLE/* peap-mschapv2
group1
success: change accepted.
DWS-1008#
set accounting dot1x ssid mycorp * start-stop group1
success: change accepted.
DWS-1008#
set authentication dot1x ssid mycorp * peap-mschapv2 local
success: change accepted.
The configuration order now shows that all 802.1X users are processed as you intended:
DWS-1008#
show aaa
...
set accounting dot1x ssid mycorp EXAMPLE/* start-stop group1
set authentication dot1x ssid mycorp EXAMPLE/* peap-mschapv2 group1
set accounting dot1x ssid mycorp * start-stop group1
set authentication dot1x ssid mycorp * peap-mschapv2 local
Configuring a Mobility Profile
Summary of Contents for DWS-1008
Page 1: ......