56
DWS-1008 User’s Manual
D-Link Systems, Inc.
Configuring AAA for Administrative and Local Access
2
To enforce the use of console authentication via the local database, type the following
command:
DWS-1008#
set authentication console * local
Caution:
If you type this command before you have created a local username and password,
you can lock yourself out of the DWS-1008 switch. Before entering this command, you
must
configure a local username and password.
3
To store this configuration into nonvolatile memory, type the following command:
DWS-1008#
save config
success: configuration saved.
By default, no authentication is required at the console. If you have previously required
authentication and have decided not to require it (during testing, for example), type the
following command to configure the console so that it does
not
require username and
password authentication:
DWS-1008#
set authentication console * none
Customizing AAA with “Globs” and Groups
“Globbing” lets you classify users by username or media access control (MAC) address for
different AAA treatments. A user glob is a string, possibly containing wildcards, for matching
AAA and IEEE 802.1X authentication methods to a user or set of users. The switch supports
the following wildcard characters for user globs:
• Single asterisk (*) matches the characters in a username up to but not including a
separator character, which can be an
at
(@) sign or a period (.).
• Double asterisk (**) matches all usernames.
In a similar fashion, MAC address globs match authentication methods to a MAC address or
set of MAC addresses.
Note.
The authentication method
none
you can specify for administrative access is different
from the fallthru authentication type None, which applies only to network access. The
authentication method
none
allows access to the switch by an administrator. The fallthru
authentication type None denies access to a network user.
A user group is a named collection of users or MAC addresses sharing a common
authorization policy. For example, you might group all users on the first floor of building 17 into
the group
bldg-17-1st-floor
, or group all users in the IT group into the group
infotech-people
.
Individual user entries override group entries if they both configure the same attribute.