User`s manual
47
DWS-1008 User’s Manual
D-Link Systems, Inc.
Configuration (continued)
Conguration
DWS-1008# show aaa
Default Values
authport=1812 acctport=1813 timeout=5 acct-timeout=5
retrans=3 deadtime=0 key=(null) author-pass=(null)
Radius Servers
Server Addr Ports T/o Tries Dead State
------------------------------------------------------------------------------------------
svr1 10.10.70.20 1812 1813 5 3 0 UP
svr2 10.10.70.40 1812 1813 5 3 0 UP
Server groups
grp1 (load-balanced): svr1 svr2
Conguring the Authentication Protocol for Pass-Through Authentication
To congure the authentication protocol for 802.1X users, use the following command:
set authentication dot1x {ssid ssid-name | wired} user-glob [bonded]
protocol method1 [method2] [method3] [method4]
To verify the change, use the following command:
show aaa
Note: The asterisk in the example below is a wildcard. You cannot use a wildcard to represent
the delimiter characters in user globs, which are the at sign (@) and the dot (.). To match a
username that contains a delimiter, you must specify the delimiter in the user glob as shown
in these examples. Alternatively, use a double asterisk (**) with no delimiters to match all
usernames.
If you have more than one authentication rule, add the rules in the order you want MSS to
use them. For example, add the most specic rules rst and the most general rules (rules
that match most widely) last.
Authentication Example for Users in a Windows Domain
The following command congures an authentication rule for a set of users, known as
a user glob, in a Microsoft Windows
®
domain. The command congures all users in the
EXAMPLE Windows
®
domain to use any supported EAP type to communicate with EAP-
capable RADIUS server group grp1, when attempting to access SSID private_wlan. The
server group authenticates the users.
DWS-1008# set authentication dot1x ssid private_wlan EXAMPLE\* pass-through grp1
success: change accepted.