Support User Manuals

D-Link DES-7200 Refrigerator User Manual

Open as PDF

of 1968

DES-7200 Configuration Guide Chapter 4 802.1x Configuration

4-40

Caution

In single-host authentication mode, it supports to renew acl when

reauthenticating. That is, acl takes effect when the authenticated user

sets acl on the server and reauthenticates.

The mac-based authentication mode does not support ACL update

when re-authenticating. That is to say, ACL of the authenticated user

can only be assigned once. The new acl is ignored and the original acl

remains if the acl changes when re-authenticating.

Supported acl type: extension type which can explain acl function on

our switch.

Execute the following command if you need to support dynamic acl

assignment on the server which is not authenticated by our company.

DES-7200#configure terminal

DES-7200(config)# radius vendor-specific extend

4.2.32 Configuring Dot1x MAC

Authentication Bypass

GUEST VLAN provides a method of network accessing without the 802.1x authentication

client, but this technology is unable to determine whether the access device is secure or

insecure. In some conditions, for the network management and security, although there is no

802.1x authentication client, the administrator still needs to control the validity of the access

device. MAB(MAC Authentication Bypass) provides a solution for this application.

With the MAB function enabled on the 802.1x authentication port, the authentication request

packets are sent continuously to the port and the client response is expected. If there is no

client response within the time of “tx-period*reauth-max”, the MAC address learned on the

802.1x authentication port will be monitored, and the authentication will be initiated by sending

the username(the learned MAC address) and keyword to the server. It determines whether the

learned MAC address is accessible to the network or not according to the returned

authentication result from the server.

To configure the MAB function, run the following commands:

Command Function

configure terminal

Enter the global configuration mode.

interface <interface-id>

Enter the interface configuration mode.

dot1x mac-auth-bypass

Set the dot1x MAC authentication bypass.

end

Return to the privileged mode.

Write

Save the configurations.

show running-config

Show all configurations.

Following example shows how to configure the MAB function.

previous next