If the username does not match an authentication rule for the SSID the user is attempting to access, MSS uses the fallthru authentication type configured for the SSID, which can be last-resort, web-portal (for WebAAA), or none.

Examples: The following command configures EAP-TLS authentication in the local database for SSID mycorp and 802.1X client Geetha:

DWS-1008# set authentication dot1x ssid mycorp Geetha eap-tls local success: change accepted.

The following command configures PEAP-MS-CHAP-V2 authentication at RADIUS server groups sg1 through sg3 for all 802.1X clients at example.com who want to access SSID examplecorp:

DWS-1008#set authentication dot1x ssid examplecorp *@example.com peap-mschapv2 sg1 sg2 sg3

success: change accepted.

See Also:

clear authentication dot1x

set authentication admin

set authentication console

set authentication mac

set authentication web

set service-profile auth-fallthru

show aaa

set authentication mac

Configures authentication and defines where it is performed for specified non-802.1X users with network access through a media access control (MAC) address.

Syntax: set authentication mac {ssid ssid-name wired} mac-addr-glob method1 [method2] [method3] [method4]

ssid ssid-name

SSID name to which this authentication rule applies. To apply the rule to all

 

SSIDs, type any.

wired

Applies this authentication rule specifically to users connected to a wired

 

authentication port.

mac-addr-glob

A single user or set of users with access via a MAC address. Specify a

 

MAC address, or use the wildcard (*) character to specify a set of MAC

 

addresses. (For details, see “MAC Address Globs” on page 7.)

D-Link DWS-1008 CLI Manual

192

Page 195
Image 195
D-Link dws-1008 manual Set authentication mac, Authentication port, Link DWS-1008 CLI Manual 192