287
DWS-1008 User’s Manual
D-Link Systems, Inc.
Configuring AAA for Network Users
For example, the following command removes MAC user 01:0f:03:04:05:06 from the group
the user is in
:
DWS-1008#
clear mac-user 01:0f:03:04:05:06 group
success: change accepted.
The
clear mac-usergroup
command removes the group.
To remove a MAC user profile from the local database on the switch, type the following
command:
clear mac-user
mac-address
For example, the following command removes MAC user 01:0f:03:04:05:06 from the local
database:
DWS-1008#
clear mac-user 01:0f:03:04:05:06
success: change accepted.
Configuring MAC Authentication and Authorization
The
set authentication mac
command defines the AAA methods by which MAC addresses
can be used for authentication. You can configure authentication for users through the MAC
addresses of their devices with the following command:
set authentication
mac
{
ssid
ssid-name
|
wired
}
mac-addr-glob method1
[
method2
]
[
method3
] [
method4
]
MAC addresses can be authenticated by either the switch’s local database or by a RADIUS
server group. For example, the following command sets the authentication for MAC address
01:01:02:03:04:05 when requesting SSID
voice
, via the local database:
DWS-1008#
set authentication mac ssid voice 01:01:02:03:04:05 local
success: change accepted
If the switch’s configuration does not contain a
set authentication mac
command that
matches a non-802.1X client’s MAC address, MSS tries MAC authentication by default.
You can also glob MAC addresses. For example, the following command locally
authenticates all MAC addresses that begin with the octets 01:01:02:
DWS-1008#
set authentication mac ssid voice 01:01:02:* local
success: change accepted
You can add authorization attributes to authenticated MAC users with the following
command:
set mac-user
mac-addr
attr
attribute-name value