User`s manual

ManualsBrandsD-Link ManualsComputer equipmentDWL-8220AP - AirPremier Wireless Switch Dualband Access Point

301

302

303

304

305

306

307

308

309

310

300

DWS-1008 User’s Manual

D-Link Systems, Inc.

Conguring AAA for Network Users

Assigning a Security ACL to a User or a Group

Once a security access control list (ACL) is dened and committed, it can be applied

dynamically and automatically to users and user groups through the 802.1X authentication

and authorization process. When you assign a Filter-Id attribute to a user or group, the security

ACL name value is entered as an authorization attribute into the user or group record in the

local database or RADIUS server.

Note: If the Filter-Id value returned through the authentication and authorization process

does not match the name of a committed security ACL in the DWS-1008 switch, the user fails

authorization and cannot be connected.

Assigning a Security ACL Locally

To use the local DWS-1008 switch database to restrict a user, a MAC user, or a group of

users or MAC users to the permissions stored within a committed security ACL, use the

following commands:

Security ACL Target Commands

User authenticated by a

password

set user username attr lter-id acl-name.in

set user username attr lter-id acl-name.out

Group of users authenticated by

a password

set usergroup groupname attr lter-id acl-name.in

set usergroup groupname attr lter-id acl-name.out

User authenticated by a MAC

address

set mac-user username attr lter-id acl-name.in

set mac-user username attr lter-id acl-name.out

Group of users authenticated by

a MAC address

set mac-usergroup groupname attr lter-id acl-name.

out

You can set lters for incoming and outgoing packets:

• Use acl-name.in to lter trafc that enters the switch from users via an DWL-8220AP

access port or wired authentication port, or from the network via a network port.

• Use acl-name.out to lter trafc sent from the switch to users via an DWL-8220AP

access port or wired authentication port, or from the network via a network port.

For example, the following command applies security ACL acl-101 to packets coming into the

DWS-1008 switch from user Jose:

DWS-1008# set user Jose attr lter-id acl-101.in

success: change accepted.