301
DWS-1008 User’s Manual
D-Link Systems, Inc.
Configuring AAA for Network Users
The following command applies the incoming filters of
acl-101
to the users who belong to the
group
eastcoasters
:
DWS-1008#
set usergroup eastcoasters attr filter-id acl-101.in
success: change accepted.
Assigning a Security ACL on a RADIUS Server
To assign a security ACL name as the Filter-Id authorization attribute of a user or group
record on a RADIUS server, see the documentation for your RADIUS server.
Clearing a Security ACL from a User or Group
To clear a security ACL from the profile of a user, MAC user, or group of users or MAC users
in the local DWS-1008 switch database, use the following commands:
clear
user
username
attr
filter-id
clear
usergroup
groupname
attr
filter-id
clear
mac-user
username
attr
filter-id
clear mac-usergroup
groupname
attr filter-id
If you have assigned both an incoming and an outgoing filter to a user or group, enter the
appropriate command twice to delete both security ACLs. Verify the deletions by entering the
show aaa
command and checking the output.
To delete a security ACL from a user’s configuration on a RADIUS server, see the documentation
for your RADIUS server.
Assigning Encryption Types to Wireless Users
When a user turns on a wireless laptop or PDA, the device attempts to find an access point
and form an association with it. Because DWL-8220AP access points support the encryption
of wireless traffic, clients can choose an encryption type to use. You can configure DWL-
8220AP access points to use the encryption algorithms supported by the Wi-Fi Protected
Access (WPA) security enhancement to the IEEE 802.11 wireless standard.
If you have configured DWL-8220AP access points to use specific encryption algorithms,
you can enforce the type of encryption a user or group must have to access the network.
When you assign the Encryption-Type attribute to a user or group, the encryption type or
types are entered as an authorization attribute into the user or group record in the local DWS-
1008 switch database or on the RADIUS server. Encryption-Type is a D-link vendor-specific
attribute (VSA).
Clients who attempt to use an unauthorized encryption method are rejected.