User`s manual

ManualsBrandsD-Link ManualsComputer equipmentDWL-8220AP - AirPremier Wireless Switch Dualband Access Point

311

312

313

314

315

316

317

318

319

320

312

DWS-1008 User’s Manual

D-Link Systems, Inc.

Conguring AAA for Network Users

Conguring a Mobility Prole

A Mobility Prole is a way of specifying, on a per-user basis, those users who are allowed

access to specied DWL-8220AP access ports and wired authentication ports on a switch.

In this way, you can constrain the areas to which a user can roam. You rst create a

Mobility Prole, assign it to one or more users, and nally enable the Mobility Prole feature

on the DWS-1008 switch.

Use the following command to create a Mobility Prole by giving it a name and identifying

the accessible port or ports:

set mobility-prole name name {port {none | all | port-list}} | {dap {none | all | dap-num}}

Specifying none prevents users assigned to the Mobility Prole from accessing any DWL-8220AP

access ports, Distributed APs, or wired authentication ports on the DWS-1008 switch.

Specifying all allows the users access to all of the ports or Distributed APs.

Specifying an individual port or Distributed AP number or a list limits access to those ports or

APs. For example, the following command creates a Mobility Prole named roses-proﬁle that

allows access through ports 2 through 4, port 7, and port 9:

DWS-1008# set mobility-prole name roses-prole port 2-4,7,9

success: change accepted.

You can then assign this Mobility Prole to one or more users. For example, to assign the

Mobility Prole roses-proﬁle to all users at EXAMPLE\, type the following command:

DWS-1008# set user EXAMPLE\* attr mobility-prole roses-prole

success: change accepted.

During 802.1X authorization for clients at EXAMPLE\, MSS must search for the Mobility Prole

named roses-proﬁle. If it is not found, the authorization fails and clients with usernames like

EXAMPLE\jose and EXAMPLE\tamara are rejected.

If roses-proﬁle is congured for EXAMPLE\ users on your DWS-1008 switch, MSS checks

its port list. If, for example, the current port for EXAMPLE\jose’s connection is on the list of

allowed ports specied in roses-proﬁle, the connection is allowed to proceed. If the port is

not in the list (for example, EXAMPLE\jose is on port 12, which is not in the port list), the

authorization fails and client EXAMPLE\jose is rejected.

The Mobility Prole feature is disabled by default. You must enable Mobility Prole attributes

on the switch to use it. You can enable or disable the feature for the whole DWS-1008 switch

only. If the Mobility Prole feature is disabled, all Mobility Prole attributes are ignored.

To put Mobility Prole attributes into effect on an DWS-1008 switch, type the following

command:

DWS-1008# set mobility-prole mode enable

success: change accepted.