270
DWS-1008 User’s Manual
D-Link Systems, Inc.
Configuring AAA for Network Users
Configuring AAA for Network Users
About AAA for Network Users
Network users include the following types of users:
•
Wireless users - Users who access the network by associating with an SSID on a
D-Link radio.
•
Wired authentication users - Users who access the network over an Ethernet
connection to a switch port that is configured as a wired authentication (
wired-auth
)
port.
You can configure authentication rules for each type of user, on an individual SSID or wired
authentication port basis. MSS authenticates users based on user information on RADIUS
servers or in the switch’s local database. The RADIUS servers or local database authorize
successfully authenticated users for specific network access, including VLAN membership.
Optionally, you also can configure accounting rules to track network access information.
The following sections describe the MSS authentication, authorization, and accounting (AAA)
features in more detail.
Authentication
When a user attempts to access the network, MSS checks for an authentication rule that
matches the following parameters:
•
For wireless access, the authentication rule must match the SSID the user is
requesting, and the user’s username or MAC address.
•
For access on a wired authentication port, the authentication rule must match the
user’s username or MAC address.
If a matching rule is found, MSS then checks RADIUS servers or the switch’s local user
database for credentials that match those presented by the user. Depending on the type of
authentication rule that matches the SSID or wired authentication port, the required credentials
are the username or MAC address, and in some cases, a password.
Each authentication rule specifies where the user credentials are stored. The location can
be a group of RADIUS servers or the switch’s local database. In either case, if MSS has an
authentication rule that matches on the required parameters, MSS checks the username
or MAC address of the user and, if required, the password to make sure they match the
information configured on the RADIUS servers or in the local database.