D-Link Unified Access System User Manual
Configuring RADIUS Settings for Wireless Clients
You can configure D-Link Access Points to use 802.1x authentication on the RADIUS server
to allow or deny specific users on client stations access to the wireless network. If you enable
802.1x authentication, the client entry on a RADIUS server can support user-based VLANs
and subnet assignments for IP tunneling.
clients within the RADIUS server.
Table 61. RADIUS Attributes for Wireless Clients
RADIUS Server
Attribute
User-Name (1)
User-Password (2)
Tunnel-Medium-Type
(65)
Configuring RADIUS for Client MAC Authentication
You can configure the AP to use RADIUS-based MAC authentication to allow or deny
specific client stations access to the wireless network. Although this method is less secure than
802.1x, you can use it for client stations that do not support 802.1x.
The addresses you enter are either allowed or denied based on the global default action within
the AP profile.
Table 62
Table 62. RADIUS Attributes for Wireless Client MAC Authentication
RADIUS Server
Attribute
User-Name (1)
User-Password (2)
FreeRADIUS Example for Wireless Client
Configuration
You can use an external RADIUS server, such as a server running FreeRADIUS, to
authenticate users who attempt to connect to an access point. The authentication is based on
the username and password, and not the wireless client used for access. The RADIUS server
can also assign the user to a VLAN after he or she is authenticated by the server.
In addition to user-based authentication, you can configure MAC-based authentication to
allow or deny wireless clients access to the AP based on the MAC address of the client.
184
© 2001- 2006 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Description
indicates the attributes that you configure in the RADIUS server entry.
Description
Ethernet Address of the client
station.
A fixed password used to
lookup a client MAC entry.
Table 61
shows the attributes to set for wireless
Range
1-32 characters
1-128 characters
802
Range
Valid Ethernet
MAC Address.
NOPASSWORD
Usage
Required
Required
Optional
Usage
Required
Required