How to Configure a BYOD Environment with the DWS-3160
Situation Note
The trend of Bring Your Own Device (BYOD) in working place is a new challenge on network security and
management. Many corporations that allow employees to use their own device at work expecting have
better performance and productivity; however, on the downside, corporations also concern the network
security and information leakage by using private device. How to distinguish corporate-provided device
and private device (BYOD device), and give different authorities is the major task for IT teams.
The scenario in this guide shows you how to implement a BYOD environment with single SSID on DWS-
3160 and external RADIU (FreeRADIUS) server. Use username, password, and device MAC info to assign
particular VLAN. All connection from the SSID required performing authentication before granted
authority.
The security protocol on SSID dlink_employee is WPA2 Enterprise. The authentication database is
external RADIUS server. In the RADIUS database, one user account includes username, password, and
device MAC address which is the corporate-provided. The authorized network is assigned based on
authentication information:
If authentication info matches username, password, and device MAC address of the user
account, the user is authorized in VLAN2 network.
If authentication info matches username and password, but it doesn’t match the device MAC
address (for example, use the Private NB to log on), the user is authorized in VLAN3 network.
If authentication info doesn’t match either username or password, the user doesn’t get any
access.
NOTE
: The screenshots in this guide are from the DWS-3160’s firmware version 4.3.0.5. If you are using an earlier
version of the firmware, the screenshots may not be identical to what you see on your browser.