D-Link DWS-1008 User Manual
1
Configuring Authentication for Non-802.1X Users of a
Third-Party AP with Tagged SSIDs
To configure MSS to authenticate non-802.1X users of a third-party AP, use the same commands as
those required for 802.1X users. Additionally, when configuring the wired authentication port, use the
auth-fall-thru option to change the fallthru authentication type to last-resort or web-portal.
On the RADIUS server, configure username
web-portal-ssid or last-resort-ssid, depending on the
fallthru authentication type you specify for the wired authentication port.
Configuring Access for Any Users of a Non-Tagged
SSID
If SSID traffic from the third-party AP is untagged, use the same configuration commands as the ones
required for 802.1X users, except the
set radius proxy port command. This command is not required
and is not applicable to untagged SSID traffic. In addition, when configuring the wired authentication
port, use the
auth-fall-thru option to change the fallthru authentication type to last-resort or
web-portal. On the RADIUS server, configure username web-portal-wired or last-resort-wired,
depending on the fallthru authentication type specified for the wired authentication port.
Assigning Authorization Attributes
Authorization attributes can be assigned to users in the local database, on remote servers, or in the
service profile of the SSID the user logs into. The attributes, which include access control list (ACL)
filters, VLAN membership, encryption type, session time-out period, and other session characteristics,
let you control how and when users access the network. When a user or group is authenticated, the local
database, RADIUS server, or service profile passes the authorization attributes to MSS to characterize
the user’s session.
If attributes are configured for a user and also for the group the user is in, the attributes assigned to
the individual user take precedence for that user. For example, if the start-date attribute configured
for a user is sooner than the start-date configured for the user group the user is in, the user’s network
access can begin as soon as the user start-date. The user does not need to wait for the user group’s
start date.
The VLAN attribute is required. MSS can authorize a user to access the network only if the VLAN to
place the user on is specified.
Содержание DWS-1008
Страница 1: ......