Manualshelf

User`s manual

ManualsBrandsD-Link ManualsComputer equipmentDWL-8220AP - AirPremier Wireless Switch Dualband Access Point
51525354555657585960
49
DWS-1008 User’s Manual
D-Link Systems, Inc.
Configuration (continued)
Conguration
Conguring EAP Ofoad with Server Authentication
You can congure a DWS-1008 switch to perform all EAP processing locally and use RADIUS
servers for authentication and authorization. To congure the DWS-1008 switch to perform
EAP processing locally and use RADIUS servers for MS-CHAP-V2:
1. Install server certicates on the switch. You can install certicates assigned by a CA
or generate self-signed certicate on the switch.
2. Congure the RADIUS servers and add them to server group. You must congure a
server group even if you have only one server.
3. Set the 802.1X authentication protocol to PEAP-MS-CHAP-V2. With this protocol
setting, the switch performs EAP locally and uses a RADIUS server to complete the
process by performing authentication and authorization with MS-CHAP-V2.
Conguring the Authentication Protocol for Ofoad Authentication
To congure the authentication protocol for 802.1X users, use the following command. A
user glob represents a set of users.
set authentication dot1x {ssid ssid-name | wired} user-glob [bonded]
protocol method1 [method2] [method3] [method4]
To verify the change, use the following command:
show aaa
The following command congures a switch to authenticate users in the EXAMPLE Windows
domain who request access to SSID private_wlan, by processing EAP locally on the switch,
and by using a RADIUS server in server group grp1 for MS-CHAP-V2 authentication and
authorization:
DWS-1008# set authentication dot1x ssid private_wlan EXAMPLE\* peap-mschapv2 grp1
success: change accepted.
Note: The asterisk in this example is a wildcard. You cannot use a wildcard to represent
the delimiter characters in user globs, which are the at sign (@) and the dot (.). To match a
username that contains a delimiter, you must specify the delimiter in the user glob as shown
in these examples. Alternatively, use a double asterisk (**) with no delimiters to match all
usernames.
If you have more than one authentication rule, add the rules in the order you want MSS to
use them. For example, add the most specic rules rst and the most general rules (rules
that match most widely) last.