User`s manual
287
DWS-1008 User’s Manual
D-Link Systems, Inc.
Conguring AAA for Network Users
For example, the following command removes MAC user 01:0f:03:04:05:06 from the group
the user is in:
DWS-1008# clear mac-user 01:0f:03:04:05:06 group
success: change accepted.
The clear mac-usergroup command removes the group.
To remove a MAC user prole from the local database on the switch, type the following
command:
clear mac-user mac-address
For example, the following command removes MAC user 01:0f:03:04:05:06 from the local
database:
DWS-1008# clear mac-user 01:0f:03:04:05:06
success: change accepted.
Conguring MAC Authentication and Authorization
The set authentication mac command denes the AAA methods by which MAC addresses
can be used for authentication. You can congure authentication for users through the MAC
addresses of their devices with the following command:
set authentication mac {ssid ssid-name | wired} mac-addr-glob method1 [method2]
[method3] [method4]
MAC addresses can be authenticated by either the switch’s local database or by a RADIUS
server group. For example, the following command sets the authentication for MAC address
01:01:02:03:04:05 when requesting SSID voice, via the local database:
DWS-1008# set authentication mac ssid voice 01:01:02:03:04:05 local
success: change accepted
If the switch’s conguration does not contain a set authentication mac command that
matches a non-802.1X client’s MAC address, MSS tries MAC authentication by default.
You can also glob MAC addresses. For example, the following command locally
authenticates all MAC addresses that begin with the octets 01:01:02:
DWS-1008# set authentication mac ssid voice 01:01:02:* local
success: change accepted
You can add authorization attributes to authenticated MAC users with the following
command:
set mac-user mac-addr attr attribute-name value