User`s manual

ManualsBrandsD-Link ManualsComputer equipmentDWL-8220AP - AirPremier Wireless Switch Dualband Access Point

271

272

273

274

275

276

277

278

279

280

271

DWS-1008 User’s Manual

D-Link Systems, Inc.

Conguring AAA for Network Users

The username or MAC address can be an exact match or can match a userglob or MAC

address glob, which allow wildcards to be used for all or part of the username or MAC

address.

Authentication Types

MSS provides the following types of authentication:

• IEEE 802.1X - If the network user’s network interface card (NIC) supports 802.1X,

MSS checks for an 802.1X authentication rule that matches the username (and

SSID, if wireless access is requested), and that uses the Extensible Authentication

Protocol (EAP) requested by the NIC. If a matching rule is found, MSS uses

the requested EAP to check the RADIUS server group or local database for the

username and password entered by the user. If matching information is found, MSS

grants access to the user.

• MAC - If the username does not match an 802.1X authentication rule, but the MAC

address of the user’s NIC or Voice-over-IP (VoIP) phone and the SSID (if wireless)

do match a MAC authentication rule, MSS checks the RADIUS server group or local

database for matching user information. If the MAC address (and password, if on a

RADIUS server) matches, MSS grants access. Otherwise, MSS attempts the fallthru

authentication type, which can be last-resort or none. (Fallthru authentication is

described in more detail in Authentication Algorithm.)

• Last-resort - A network user requests access to the network, without entering a

username or password. MSS checks for a last-resort authentication rule for the

requested SSID (or for wired, if the user is on a wired authentication port). If a

matching rule is found, MSS checks the RADIUS server group or local database

for username last-resort-wired (for wired authentication access) or last-resort-ssid,

where ssid is the SSID requested by the user. If the user information is on a RADIUS

server, MSS also checks for a password.

Authentication Algorithm

MSS can try more than one of the authentication types described in Authentication Types

to authenticate a user. MSS tries 802.1X rst. If the user’s NIC supports 802.1X but fails

authentication, MSS denies access. Otherwise, MSS tries MAC authentication next. If MAC

authentication is successful, MSS grants access to the user. Otherwise, MSS tries the

fallthru authentication type specied for the SSID or wired authentication port. The fallthru

authentication type can be one of the following:

• Last-resort

• None