bonded

Enables Bonded Auth™ (bonded authentication).When this feature is enabled,

 

MSS authenticates the user only if the machine the user is on has already

 

been authenticated.

protocol

Protocol used for authentication. Specify one of the following:

eap-md5—Extensible Authentication Protocol (EAP) with message-digest algorithm 5. For wired authentication clients:

Uses challenge-response to compare hashes

Provides no encryption or integrity checking for the connection

Note: The eap-md5option does not work with Microsoft® wired authentication clients.

eap-tls—EAP with Transport Layer Security (TLS):

Provides mutual authentication, integrity-protected negotiation, and key exchange

Requires X.509 public key certificates on both sides of the connection

Provides encryption and integrity checking for the connection

Cannot be used with RADIUS server authentication (requires user information to be in the switch’s local database)

peap-mschapv2—Protected EAP (PEAP) with Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP-V2). For wireless clients:

Uses TLS for encryption and data integrity checking and server-side authentication

Provides MS-CHAP-V2 mutual authentication

Only the server side of the connection needs a certificate.

The wireless client authenticates using TLS to set up an encrypted session. Then MS-CHAP-V2 performs mutual authentication using the specified AAA method.

pass-through—MSS sends all the EAP protocol processing to a RADIUS server.

D-Link DWS-1008 CLI Manual

190

Page 193
Image 193
D-Link dws-1008 manual Bonded, Been authenticated, Protocol