Attribute

Description

Valid Value(s)

 

 

Name of an existing security ACL, up to 253

 

 

alphanumeric characters, with no tabs or

 

 

spaces.

 

 

• Use acl-name.in to filter traffic that enters

 

 

the switch from users via an AP access

 

 

port or wired authentication port, or from

 

 

the network via a network port.

filter-id (network

Security access control list (ACL), to permit or

 

deny traffic received (input) or sent (output) by

• Use acl-name.out to filter traffic sent from

access mode only)

the switch.

the switch to users via an AP access port

 

 

 

or wired authentication port, or from the

 

 

network via a network port.

 

 

Note: If the Filter-Id value returned through the

 

 

authentication and authorization process does

 

 

not match the name of a committed security

 

 

ACL in the switch, the user fails authorization

 

 

and is unable to authenticate.

 

 

 

 

 

One of the following numbers:

 

 

2—Framed; for network user access

 

 

6—Administrative; for administrative access

 

 

to the switch, with authorization to access

 

 

the enabled (configuration) mode. The user

 

 

must enter the enable command and the

 

 

correct enable password to access the

 

 

enabled mode.

 

 

7—NAS-Prompt; for administrative access

service-type

Type of access the user is requesting.

to the nonenabled mode only. In this mode,

the user can still enter the enable command

 

 

 

 

and the correct enable password to access

 

 

the enabled mode.

 

 

For administrative sessions, the switch always

 

 

sends 6 (Administrative). The RADIUS server

 

 

can reply with one of the values listed above.

 

 

If the service-type is not set on the RADIUS

 

 

server, administrative users receive NAS-

 

 

Prompt access, and network users receive

 

 

Framed access.

 

 

 

 

 

Number between 0 and 4,294,967,296 seconds

session-timeout

 

(approximately 136.2 years).

Maximum number of seconds for the user’s

Note: If the global reauthentication timeout

(network access mode

session.

(set by the set dot1x reauth-period command)

only)

 

is shorter than the session-timeout, MSS uses

 

 

 

 

the global timeout instead.

 

 

 

 

 

Name of the SSID you want the user to use.

ssid (network access

SSID the user is allowed to access after

The SSID must be configured in a service

profile, and the service profile must be used by

mode only)

authentication.

a radio profile assigned to D-Link radios in the

 

 

 

 

network.

 

 

 

 

Date and time at which the user becomes

Date and time, in the following format:

 

eligible to access the network. MSS does

YY/MM/DD-HH:MM

start-date

not authenticate the user unless the attempt

You can use start-date alone or with end-date.

to access the network occurs at or after the

You also can use start-date, end-date, or both

 

 

specified date and time, but before the end-

in conjunction with time-of-day.

 

date (if specified).

 

 

 

 

 

 

 

D-Link DWS-1008 CLI Manual

202

Page 205
Image 205
D-Link dws-1008 manual Link DWS-1008 CLI Manual 202, Yy/Mm/Dd-Hhmm