D-Link DWS-1008 CLI Manual 193
method1-4 At least one of up to four methods that MSS uses to handle authentication. Specify
one or more of the following methods in priority order. MSS applies multiple methods
in the order you enter them.
A method can be one of the following:
• local—Uses the local database of usernames and user groups on the switch
for authentication.
• server-group-name—Uses the defined group of RADIUS servers for
authentication. You can enter up to four names of existing RADIUS server
groups as methods. For more information, see “Usage.”
Defaults: By default, authentication is deactivated for all MAC users, which means MAC address
authentication fails by default. When using RADIUS for authentication, the default well-known
password for MAC and last-resort users is dlink.
Access: Enabled.
Usage: You can configure different authentication methods for different groups of MAC addresses
by “globbing.” (For details, see “User Globs, MAC Address Globs, and VLAN Globs” on page 7.)
If you specify multiple authentication methods in the set authentication mac command, MSS
applies them in the order in which they appear in the command, with these results:
• If the first method responds with pass or fail, the evaluation is final.
• If the first method does not respond, MSS tries the second method, and so on.
• However, if local appears first, followed by a RADIUS server group, MSS ignores any failed
searches in the local database and sends an authentication request to the RADIUS server
If the switch’s configuration contains a set authentication mac command that matches the SSID
the user is attempting to access and the user’s MAC address, MSS uses the method specified by
the command. Otherwise, MSS uses local MAC authentication by default.
If the username does not match an authentication rule for the SSID the user is attempting to
access, MSS uses the fallthru authentication type configured for the SSID, which can be last-
resort, web-portal (for WebAAA), or none.
Examples: To use the local database to authenticate all users who access the mycorp2 SSID by
their MAC address, type the following command:
DWS-1008# set authentication ssid mycorp2 mac ** local
success: change accepted.
See Also:
• clear authentication mac
• set authentication admin
• set authentication console
• set authentication dot1x
• set authentication web
• show aaa