280
DWS-1008 User’s Manual
D-Link Systems, Inc.
Configuring AAA for Network Users
Effects of Authentication Type on Encryption Method
Wireless users who are authenticated on an encrypted service set identifier (SSID) can
have their data traffic encrypted by the following methods:
•
Wi-Fi Protected Access (WPA) encryption
•
Non-WPA dynamic Wired Equivalent Privacy (WEP) encryption
•
Non-WPA static WEP encryption
The authentication method you assign to a user determines the encryption available to the
user. Users configured for EAP authentication, MAC authentication, Web, or last-resort
authentication can have their traffic encrypted as follows:
EAP Authentication MAC Authentication
Last-Resort
Authentication
WebAAA
WPA encryption
Static WEP
Static WEP
Static WEP
Dynamic WEP
encryption
No encryption
(if SSID is unencrypted)
No encryption
(if SSID is
unencrypted)
No encryption
(if SSID is
unencrypted)
Wired users are not eligible for the encryption performed on the traffic of wireless users, but
they can be authenticated by an EAP method, a MAC address, a Web login page served by
the switch, or a last-resort username.
Configuring 802.1X Authentication
The IEEE 802.1X standard is a framework for passing EAP protocols over a wired or wireless
LAN. Within this framework, you can use TLS, PEAP-TTLS, or EAP-MD5. Most EAP protocols
can be passed through the switch to the RADIUS server. Some protocols can be processed
locally on the switch.
The following 802.1X authentication command allows differing authentication treatments for
multiple users:
set authentication dot1x
{
ssid
ssid-name
|
wired
}
user-glob
[
bonded
]
protocol
method1
[
method2
] [
method3
] [
method4
]
For example, the following command authenticates wireless user
Tamara
, when requesting
SSID
wetlands
, as an 802.1X user using the PEAP-MS-CHAP-V2 method via the server
group
shorebirds
, which contains one or more RADIUS servers:
DWS-1008#
set authentication dot1x ssid wetlands Tamara peap-mschapv2 shorebirds
When a user attempts to connect through 802.1X, the following events occur:
1.
For each 802.1X login attempt, MSS examines each command in the configuration
file in strict configuration order.