Owner's Manual
502 | Chapter 17. Security
NETGEAR 8800 User Manual
Create vlan nvlan
En netlogin dot1x
En netlogin port 13-24 dot1x
configure radius netlogin primary server 192.168.1.2 1812 client-ip 192.168.1.1
vr VR-Default
configure radius netlogin primary shared-secret netgear1
enable radius netlogin
enable netlogin dot1x
Configure the ports to run a script when a user is authenticated through RADIUS and LDAP:
configure upm event user-authenticate profile a-avaya ports 1-23
LDAP UID entries:
In the LDAP phone UID entry in the users file, use the following attribute to specify a profile to
run on the switch:
Netgear-Security-Profile
To add the port as tagged in the voice VLAN, use the following attribute in the users file:
Netgear-Netlogin-Extended-Vlan = TVoice (use UData for a PC)
Note: It depends on the end-station to determine the fields required for
authentication; XP uses EAP-PEAP and must have encrypted fields
for the UID password. Avaya phones authenticate with MD-5 and
must have an unencrypted field in LDAP.
Scripts
The following a-avaya script tells the phone to configure itself in the voice VLAN, and to send
tagged frames. The script also informs the phone of the file server and call server:
create upm profile a-avaya
create log entry Starting_UPM_Script_AUTH-AVAYA
set var callServer 10.147.12.12
set var fileServer 10.147.10.3
set var voiceVlan voice
set var CleanupProfile CleanPort
set var sendTraps false
#
create log entry Starting_UPM_AUTH-AVAYA_Port_$EVENT.USER_PORT
#*********************************************************
# adds the detected port to the device "unauthenticated" profile port list
#*********************************************************
create log entry Updating_Unauthenticated_Port_List_Port_$EVENT.USER_PORT
#configure upm event user-unauthenticated profile CleanupProfile ports
$EVENT.USER_PORT
#*********************************************************
# Configure the LLDP options that the phone needs