Web Management Guide-R05
Table Of Contents
- ECS4810-12M Gigabit Ethernet Switch
- How to Use This Guide
- Contents
- Figures
- Tables
- Getting Started
- Web Configuration
- Using the Web Interface
- Basic Management Tasks
- Displaying System Information
- Displaying Hardware/Software Versions
- Configuring Support for Jumbo Frames
- Displaying Bridge Extension Capabilities
- Managing System Files
- Setting the System Clock
- Configuring the Console Port
- Configuring Telnet Settings
- Displaying CPU Utilization
- Displaying Memory Utilization
- Resetting the System
- Interface Configuration
- VLAN Configuration
- Address Table Settings
- Spanning Tree Algorithm
- Congestion Control
- Class of Service
- Quality of Service
- VoIP Traffic Configuration
- Security Measures
- AAA (Authentication, Authorization and Accounting)
- Configuring User Accounts
- Web Authentication
- Network Access (MAC Address Authentication)
- Configuring HTTPS
- Configuring the Secure Shell
- Access Control Lists
- Setting a Time Range
- Showing TCAM Utilization
- Setting the ACL Name and Type
- Configuring a Standard IPv4 ACL
- Configuring an Extended IPv4 ACL
- Configuring a Standard IPv6 ACL
- Configuring an Extended IPv6 ACL
- Configuring a MAC ACL
- Configuring an ARP ACL
- Binding a Port to an Access Control List
- Configuring ACL Mirroring
- Showing ACL Hardware Counters
- ARP Inspection
- Filtering IP Addresses for Management Access
- Configuring Port Security
- Configuring 802.1X Port Authentication
- DoS Protection
- IP Source Guard
- DHCP Snooping
- Basic Administration Protocols
- Configuring Event Logging
- Link Layer Discovery Protocol
- Simple Network Management Protocol
- Configuring Global Settings for SNMP
- Setting the Local Engine ID
- Specifying a Remote Engine ID
- Setting SNMPv3 Views
- Configuring SNMPv3 Groups
- Setting Community Access Strings
- Configuring Local SNMPv3 Users
- Configuring Remote SNMPv3 Users
- Specifying Trap Managers
- Creating SNMP Notification Logs
- Showing SNMP Statistics
- Remote Monitoring
- Switch Clustering
- Ethernet Ring Protection Switching
- Connectivity Fault Management
- Configuring Global Settings for CFM
- Configuring Interfaces for CFM
- Configuring CFM Maintenance Domains
- Configuring CFM Maintenance Associations
- Configuring Maintenance End Points
- Configuring Remote Maintenance End Points
- Transmitting Link Trace Messages
- Transmitting Loop Back Messages
- Transmitting Delay-Measure Requests
- Displaying Local MEPs
- Displaying Details for Local MEPs
- Displaying Local MIPs
- Displaying Remote MEPs
- Displaying Details for Remote MEPs
- Displaying the Link Trace Cache
- Displaying Fault Notification Settings
- Displaying Continuity Check Errors
- OAM Configuration
- UDLD Configuration
- IP Configuration
- IP Services
- Multicast Filtering
- Overview
- Layer 2 IGMP (Snooping and Query for IPv4)
- Configuring IGMP Snooping and Query Parameters
- Specifying Static Interfaces for a Multicast Router
- Assigning Interfaces to Multicast Services
- Setting IGMP Snooping Status per Interface
- Filtering IGMP Query and Report Packets
- Displaying Multicast Groups Discovered by IGMP Snooping
- Displaying IGMP Snooping Statistics
- Filtering and Throttling IGMP Groups
- MLD Snooping (Snooping and Query for IPv6)
- Multicast VLAN Registration for IPv4
- Multicast VLAN Registration for IPv6
- Appendices
- Glossary
- Index
Chapter 12
| Security Measures
Configuring 802.1X Port Authentication
– 349 –
◆
Quiet Period
– Sets the time that a switch port waits after the Max Request
Count has been exceeded before attempting to acquire a new client. (Range: 1-
65535 seconds; Default: 60 seconds)
◆
Tx Period
– Sets the time period during an authentication session that the
switch
waits before re-transmitting an EAP packet. (Range: 1-65535; Default: 30
seconds)
◆
Supplicant Timeout
– Sets the time that a switch port waits for a response to
an EAP request from a client before re-transmitting an EAP packet.
(Range: 1-65535; Default: 30 seconds)
This command attribute sets the timeout for EAP-request frames other than
EAP-request/identity frames. If dot1x authentication is enabled on a port, the
switch will initiate authentication when the port link state comes up. It will
send an EAP-request/identity frame to the client to request its identity,
followed by one or more requests for authentication information. It may also
send other EAP-request frames to the client during an active connection as
required for reauthentication.
◆
Server Timeout
– Sets the time that a switch port waits for a response to an
EAP request from an authentication server before re-transmitting an EAP
packet.
(Default: 0 seconds)
A RADIUS server must be set before the correct operational value of 10 seconds
will be displayed in this field. (See “Configuring Remote Logon Authentication
Servers” on page 272.)
◆
Re-authentication Status
– Sets the client to be re-authenticated after the
interval specified by the Re-authentication Period. Re-authentication can be
used to detect if a new device is plugged into a switch port. (Default: Disabled)
◆
Re-authentication Period
– Sets the time period after which a connected
client must be re-authenticated. (Range: 1-65535 seconds; Default: 3600
seconds)
◆
Re-authentication Max Retries
– The maximum number of times the switch
port will retransmit an EAP request/identity packet to the client before it times
out the authentication session. (Range: 1-10; Default: 2)
◆
Intrusion Action
– Sets the port’s response to a failed authentication.
■
Block Traffic
– Blocks all non-EAP traffic on the port. (This is the default
setting.)
■
Guest VLAN
– All traffic for the port is assigned to a guest VLAN. The guest
VLAN must be separately configured (See “Configuring VLAN Groups” on
page 152) and mapped on each port (See “Configuring Network Access for
Ports” on page 294).