316
DWS-1008 User’s Manual
D-Link Systems, Inc.
Configuring AAA for Network Users
for all 802.1X network users. This example includes local usernames, passwords, and
membership in a VLAN. This example includes one username and an optional attribute for
session-timeout in seconds. Because the switch requires a certificate for authentication,
configuration of a self-signed certificate is shown.
1.
To set authentication for all 802.1X users of SSID
thiscorp
, type the following
command:
DWS-1008#
set authentication dot1x ssid thiscorp * peap-mschapv2
local
2.
To add user Natasha to the local database on the switch, type the following
command:
DWS-1008#
set user Natasha password moon
3.
To assign Natasha to a VLAN named
red
, type the following command:
DWS-1008#
set user Natasha attr vlan-name red
4.
To assign Natasha a session timeout value of 1200 seconds, type the following
command:
DWS-1008#
set user Natasha attr session-timeout 1200
5.
To generate a public-private key pair and a self-signed EAP certificate, type the
following commands:
DWS-1008#
crypto generate key eap 1024
key pair generated
DWS-1008#
crypto generate self-signed eap
Country Name:
US
State Name:
CA
Locality Name:
Campus1
Organizational Name:
Example
Organizational Unit:
IT
Common Name:
SW33
Email Address:
Unstructured Name:
wiring closet 22
6.
Save the configuration:
DWS-1008
save config
success: configuration saved.
Enabling PEAP-MS-CHAP-V2 Offload
The following example illustrates how to enable PEAP-MS-CHAP-V2 offload. In this example,