Manualshelf

User`s manual

ManualsBrandsD-Link ManualsComputer equipmentDWL-8220AP - AirPremier Wireless Switch Dualband Access Point
311312313314315316317318319320
311
DWS-1008 User’s Manual
D-Link Systems, Inc.
Conguring AAA for Network Users
You then set up PEAP-MS-CHAP-V2 authentication and authorization for all users at
EXAMPLE/ at server group 1. Finally, you set up PEAP-MS-CHAP-V2 authentication and
authorization for all users in the local DWS-1008 switch database, with the intention that
EXAMPLE users are to be processed rst:
DWS-1008# set authentication dot1x ssid mycorp EXAMPLE/* peap-mschapv2
group1
success: change accepted.
DWS-1008# set authentication dot1x ssid mycorp * peap-mschapv2 local
success: change accepted.
The following conguration order results. The authentication commands are reversed, and
MSS processes the authentication of all 802.1X users in the local database and ignores the
command for EXAMPLE/ users.
DWS-1008# show aaa
...
set accounting dot1x ssid mycorp * start-stop group1
set authentication dot1x ssid mycorp * peap-mschapv2 local
set authentication dot1x ssid mycorp EXAMPLE/* peap-mschapv2 group1
Conguration for a Correct Processing Order
To avoid processing errors for authentication and accounting commands that include order-
sensitive user globs, enter the commands for each user glob in pairs.
For example, to set accounting and authorization for 802.1X users as you intended in
Conguration Producing an Incorrect Processing Order, enter an accounting and authentication
command for each user glob in the order in which you want them processed:
DWS-1008# set accounting dot1x ssid mycorp EXAMPLE/* start-stop group1
success: change accepted.
DWS-1008# set authentication dot1x ssid mycorp EXAMPLE/* peap-mschapv2
group1
success: change accepted.
DWS-1008# set accounting dot1x ssid mycorp * start-stop group1
success: change accepted.
DWS-1008# set authentication dot1x ssid mycorp * peap-mschapv2 local
success: change accepted.
The conguration order now shows that all 802.1X users are processed as you intended:
DWS-1008# show aaa
...
set accounting dot1x ssid mycorp EXAMPLE/* start-stop group1
set authentication dot1x ssid mycorp EXAMPLE/* peap-mschapv2 group1
set accounting dot1x ssid mycorp * start-stop group1
set authentication dot1x ssid mycorp * peap-mschapv2 local