D-Link DWS-1008 Product Manual - Page 293
Authentication Algorithm, SSID Name “Any”, Last-Resort Processing
UPC - 790069282911
View all D-Link DWS-1008 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 293 highlights
Authentication Algorithm MSS can try more than one of the authentication types described in "Authentication Types" to authenticate a user. MSS tries 802.1X first. If the user's NIC supports 802.1X but fails authentication, MSS denies access. Otherwise, MSS tries MAC authentication next. If MAC authentication is successful, MSS grants access to the user. Otherwise, MSS tries the fallthru authentication type specified for the SSID or wired authentication port. The fallthru authentication type can be one of the following: • Web • Last-resort • None Web and last-resort are described in "Authentication Types". None means the user is automatically denied access. The fallthru authentication type for wireless access is associated with the SSID (through a service profile). The fallthru authentication type for wired authentication access is specified with the wired authentication port. Note: The fallthru authentication type None is different from the authentication method none you can specify for administrative access. The fallthru authentication type None denies access to a network user. In contrast, the authentication method none allows access to the switch by an administrator. SSID Name "Any" In authentication rules for wireless access, you can specify the name any for the SSID. This value is a wildcard that matches on any SSID string requested by the user. For 802.1X and WebAAA rules that match on SSID any, MSS checks the RADIUS servers or local database for the username (and password, if applicable) entered by the user. If the user information matches, MSS grants access to the SSID requested by the user, regardless of which SSID name it is. For MAC authentication rules that match on SSID any, MSS checks the RADIUS servers or local database for the MAC address (and password, if applicable) of the user's device. If the address matches, MSS grants access to the SSID requested by the user, regardless of which SSID name it is. Last-Resort Processing One of the fallthru authentication types you can set on a service profile or wired authentication port is last-resort. If no 802.1X or MAC access rules are configured for a service profile's SSID, and the SSID's fallthru type is last-resort, MSS allows users onto the SSID or port without prompting for a username or password. The default authorization attributes set on the SSID are applied to the user. For example, if the vlan-name attribute on the service profile is set to guest-vlan, last-resort users are placed in guestvlan. If no 802.1X or MAC access rules are configured for wired, and the wired authentication port's fallthru type is last-resort, MSS allows users onto the port without prompting for a username or password. The authorization attributes set on user last-resort-wired are applied to the user. D-Link DWS-1008 User Manual 274