D-Link DWS-1008 User Manual
DWS-1008 Switch Requirements
•
WebAAA certificate—A WebAAA certificate must be installed on the switch. You can
use a self-signed (signed by the switch) WebAAA certificate automatically generated by
MSS, manually generate a self-signed one, or install one signed by a trusted third-party
certificate authority (CA).
If you choose to install a self-signed WebAAA certificate, use a common name (a required
field in the certificate), that resembles a web address and contains at least one dot. When
MSS serves the login page to the browser, the page’s URL is based on the common name in
the WebAAA certificate. Here are some examples of common names in the recommended
format:
• webaaa.login
• webaaa.customername.com
• portal.local
Here are some examples of common names that are not in the recommended format:
• webaaa
• dlink_webaaa
• webportal
•
User VLAN—An IP interface must be configured on the user’s VLAN. The interface must
be in the subnet on which the DHCP server will place the user, so that the switch can
communicate with both the client and the client’s preferred DNS server.
If users will roam from the switch where they connect to the network to other switches, the
system IP addresses of the switches should not be in the web-portal VLAN.
Although the SSID’s default VLAN and the user VLAN must be the same, you can use a
location policy on the switch where the service profile is configured to move the user to
another VLAN. The other VLAN is not required to be statically configured on the switch. The
VLAN does have the same requirements as other user VLANs, as described above. For
example, the user VLAN on the roamed-to switch must have an IP interface, the interface
must be in the subnet that has DHCP, and the subnet must be the same one the DHCP
server will place the user in.
•
Fallthru authentication type—The fallthru authentication type for each SSID and wired
authentication port that you want to support WebAAA, must be set to web-portal. The
default authentication type for wired authentication ports and for SSIDs is None (no fallthru
authentication is used).
To set the fallthru authentication type for an SSID, set it in the service profile for the SSID,
using the
set service-profile auth-fallthru command. To set it on a wired authentication
port, use the
auth-fall-thru web-portal parameter of the set port type wired-auth
command.
Содержание DWS-1008
Страница 1: ......