1x network access control example – D-Link UNIFIED WIRED & WIRELESS ACCESS SYSTEM DWS-3000 User Manual

Page 38

Wired Configuration Guide

simpler. At the start of service for a user, the RADIUS client that is configured to use
accounting sends an accounting start packet specifying the type of service that it will deliver.
Once the server responds with an acknowledgement, the client periodically transmits
accounting data. At the end of service delivery, the client sends an accounting stop packet
allowing the server to update specified statistics. The server again responds with an
acknowledgement.

802.1x Network Access Control Example

This example configures a single RADIUS server used for authentication and accounting at
10.10.10.10. The shared secret is configured to be secret. The process creates a new
authentication list, called radiusList, which uses RADIUS as the authentication method. This
authentication list is associated with the 802.1x default login. 802.1x port based access control
is enabled for the system, and interface 0/1 is configured to be in force-authorized mode
because this is where the RADIUS server and protected network resources are located.

Figure 7. DWS-3000 with 802.1x Network Access Control

If a user, or supplicant, attempts to communicate via the switch on any interface except
interface 0/1, the system challenges the supplicant for login credentials. The system encrypts
the provided information and transmits it to the RADIUS server. If the RADIUS server grants
access, the system sets the 802.1x port state of the interface to authorized and the supplicant is
able to access network resources.

config

radius server host auth 10.10.10.10

radius server key auth 10.10.10.10

secret

radius server host acct 10.10.10.10

radius server key acct 10.10.10.10

secret

radius accounting mode

authentication login radiusList radius

dot1x defaultlogin radiusList

dot1x system-auth-control

interface 0/1

dot1x port-control force-authorized

exit