306
DWS-1008 User’s Manual
D-Link Systems, Inc.
Configuring AAA for Network Users
To move the first rule to the end of the list and display the results, type the following
commands:
DWS-1008
clear location policy 1
success: clause 1 is removed.
DWS-1008
set location policy deny if user eq *.theirfirm.com
DWS-1008
show location policy
Id Clauses
----------------------------------------------------------------
1) permit vlan guest_1 if vlan neq *.ourfirm.com
2) permit vlan bld4.tac inacl tac_24.in if user eq *.ny.ourfirm.com
3) permit inacl svcs_2.in outacl svcs_3.out if vlan eq bldg4.*
4) deny if user eq *.theirfirm.com
Clearing Location Policy Rules and Disabling the Location Policy
To delete a location policy rule, use the following command:
clear location policy
rule-number
Type
show location policy
to display the numbers of configured location policy rules. To
disable the location policy on a switch, delete all the location policy rules.
Configuring Accounting for Wireless Network Users
Accounting records come in three types: start-stop, stop-only, and update for network users.
The records provide information about network resource usage. To set accounting, type the
following command:
set
accounting
{
admin
|
console
|
dot1x
|
mac
|
web
}
{
ssid
ssid-name
|
wired
} {
user-glob
|
mac-addr-glob
}
{
start-stop
|
stop-only
}
method1
[
method2
] [
method3
] [
method4
]
For example, to store start-stop accounting records at example.com for 802.1X users of
SSID
mycorp
in the local database, type the following command:
DWS-1008#
set accounting dot1x ssid mycorp *@example.com start-stop local
success: change accepted.
The accounting records can contain the following session information:
Start Records
Update and Stop Records
Session date and time
Session date and time
Location of authentication (if any): RADIUS
server (1) or local database (2)
Location of authentication (if any):
RADIUS server (1) or local database (2)
ID for related sessions
ID for related sessions