292
DWS-1008 User’s Manual
D-Link Systems, Inc.
Configuring AAA for Network Users
Configuring Authentication for 802.1X Users of a Third-Party AP with
Tagged SSIDs
To configure MSS to authenticate 802.1X users of a third-party AP, use the commands
below to do the following:
•
Configure the port connected to the AP as a wired authentication port. Use the
following command:
set port type wired-auth
port-list
[
tag
tag-list
] [
max-sessions
num
]
[
auth-fall-thru
{
last-resort
|
none
|
web-portal
}]
•
Configure a MAC authentication rule for the AP. Use the following command:
set authentication
mac
wired
mac-addr-glob method1
•
Configure the switch port connected to the AP as a RADIUS proxy for the SSID
supported by the AP. If SSID traffic from the AP is tagged, assign the same tag value
to the switch port. Use the following command:
set
radius proxy
port
port-list
[
tag
tag-value
]
ssid
ssid-name
•
Add a RADIUS proxy entry for the AP. The proxy entry specifies the IP address of the
AP and the UDP ports on which the switch listens for RADIUS access-requests and
stop-accounting records from the AP. Use the following command:
set
radius
proxy
client
address
ip-address
[
port
udp-port-number
] [
acct-port
acct-
udp-port-number
]
key
string
•
Configure a proxy authentication rule for the AP’s users. Use the following command:
set
authentication
proxy
ssid
ssid-name
user-glob
radius-server-group
For the
port-list
of the
set port type wired-auth
and
set radius proxy port
commands,
specify the port(s) connected to the third-party AP.
For the
ip-address
of the
set radius proxy client address
command, specify the IP address
of the RADIUS client (the third-party AP). For the
udp-port-number
, specify the UDP port on
which the switch will listen for RADIUS access-requests. The default is UDP port 1812. For
the
acct-udp-port-number
, specify the UDP port on which the switch will listen for RADIUS
stop-accounting records. The default is UDP port 1813.
The following command configures ports 3 and 4 as wired authentication ports, and assigns
tag value 104 to the ports:
DWS-1008#
set port type wired-auth 3-4 tag 104
success: change accepted.
You can specify multiple tag values. Specify the tag value for each SSID you plan to
support.