313
DWS-1008 User’s Manual
D-Link Systems, Inc.
Configuring AAA for Network Users
DWS-1008#
show mobility-profile
Mobility Profiles
Name Ports
=========================
roses-profile
AP 2
AP 3
AP 4
AP 7
AP 9
To remove a Mobility Profile, type the following command:
clear mobility-profile
name
Network User Configuration Scenarios
The following scenarios provide examples of ways in which you use AAA commands to
configure access for users:
•
General Use of Network User Commands
•
Enabling RADIUS Pass-Through Authentication
•
Enabling PEAP-MS-CHAP-V2 Authentication
•
Enabling PEAP-MS-CHAP-V2 Offload
•
Combining EAP Offload with Pass-Through Authentication
•
Overriding AAA-Assigned VLANs
General Use of Network User Commands
The following example illustrates how to configure IEEE 802.1X network users for
authentication, accounting, ACL filtering, and Mobility Profile assignment:
1.
Configure all 802.1X users of SSID
mycorp
at EXAMPLE to be authenticated by
server group
shorebirds.
Type the following command:
DWS-1008#
set authentication dot1x ssid mycorp EXAMPLE\* pass-through
shorebirds
2.
Configure stop-only accounting for all
mycorp
users at EXAMPLE, for accounting
records to be stored locally. Type the following command:
DWS-1008#
set accounting dot1x ssid mycorp EXAMPLE\* stop-only local
success: change accepted.
3.
Configure an ACL to filter the inbound packets for each user at EXAMPLE. Type the
following command for
each
user:
DWS-1008#
set user EXAMPLE\
username
attr filter-id acl-101.in
This command applies the access list named
acl-101
to each user at EXAMPLE.