GS-4210-Series (V2) User Manual
Table Of Contents
- 1. INTRODUCTION
- 2. INSTALLATION
- 3. SWITCH MANAGEMENT
- 4. WEB CONFIGURATION
- 4.1 Main Web Page
- 4.2 System
- 4.3 Switching
- 4.3.1 Port Management
- 4.3.1.1 Port Configuration
- 4.3.1.2 Port Counters
- 4.3.1.3 Bandwidth Utilization
- 4.3.1.4 Port Mirroring
- 4.3.1.5 Jumbo Frame
- 4.3.1.6 Port Error Disabled Configuration
- 4.3.1.7 Port Error Disabled Status
- 4.3.1.8 Protected Ports
- 4.3.1.9 EEE
- 4.3.2 Link Aggregation
- 4.3.2.1 LAG Setting
- 4.3.2.2 LAG Management
- 4.3.2.3 LAG Port Setting
- 4.3.2.4 LACP Setting
- 4.3.2.5 LACP Port Setting
- 4.3.2.6 LAG Status
- 4.3.3 VLAN
- 4.3.3.1 VLAN Overview
- 4.3.3.2 IEEE 802.1Q VLAN
- 4.3.3.3 Management VLAN
- 4.3.3.4 Create VLAN
- 4.3.3.5 Interface Settings
- 4.3.3.6 Port to VLAN
- 4.3.3.7 Port VLAN Membership
- 4.3.3.8 Protocol VLAN Group Setting
- 4.3.3.9 Protocol VLAN Port Setting
- 4.3.3.10 GVRP Setting
- 4.3.3.11 GVRP Port Setting
- 4.3.3.12 GVRP VLAN
- 4.3.3.13 GVRP Statistics
- 4.3.3.14 VLAN setting example:
- 4.3.3.14.1 Two separate 802.1Q VLANs
- 4.3.3.14.2 VLAN Trunking between two 802.1Q aware switches
- 4.3.4 Spanning Tree Protocol
- 4.3.5 Multicast
- 4.3.6 IGMP Snooping
- 4.3.7 MLD Snooping
- 4.3.8 LLDP
- 4.3.9 MAC Address Table
- 4.3.1 Port Management
- 4.4 Quality of Service
- 4.5 Security
- 4.6 Ring
- 4.7 Power over Ethernet
- 4.8 Maintenance
- 5. COMMAND LINE INTERFACE
- 6. Command Line Mode
- 6.1 User Mode Commands
- 6.2 Privileged Mode Commands
- 6.2.1 clear command
- 6.2.2 clock command
- 6.2.3 configure command
- 6.2.4 copy command
- 6.2.5 delete command
- 6.2.6 disable command
- 6.2.7 end command
- 6.2.8 exit command
- 6.2.9 ping command
- 6.2.10 reboot command
- 6.2.11 renew command
- 6.2.12 restore-defaults command
- 6.2.13 save command
- 6.2.14 show command
- 6.2.15 ssl command
- 6.2.16 terminal command
- 6.3 Global Config Mode Commands
- 6.3.1 aaa Command
- 6.3.2 boot Command
- 6.3.3 clock Command
- 6.3.4 dos Command
- 6.3.5 dot1x Command
- 6.3.6 do Command
- 6.3.7 enable Command
- 6.3.8 end Command
- 6.3.9 erps Command
- 6.3.10 errdisable Command
- 6.3.11 exit Command
- 6.3.12 gvrp Command
- 6.3.13 hostname Command
- 6.3.14 interface Command
- 6.3.15 ip Command
- 6.3.16 ipv6 Command
- 6.3.17 jumbo-frame Command
- 6.3.18 lacp Command
- 6.3.19 lag Command
- 6.3.20 line Command
- 6.3.21 lldp Command
- 6.3.22 logging Command
- 6.3.23 mac Command
- 6.3.24 management Command
- 6.3.25 management-vlan Command
- 6.3.26 mirror Command
- 6.3.27 nms Command
- 6.3.28 no Command
- 6.3.29 poe Command
- 6.3.30 port-security Command
- 6.3.31 qos Command
- 6.3.32 radius Command
- 6.3.33 rmon Command
- 6.3.34 Snmp Command
- 6.3.35 sntp Command
- 6.3.36 spanning-tree Command
- 6.3.37 storm-control Command
- 6.3.38 system Command
- 6.3.39 tacacs Command
- 6.3.40 username Command
- 6.3.41 vlan Command
- 6.3.42 voice-vlan Command
- 7. SWITCH OPERATION
- 8. POWER OVER ETHERNET OVERVIEW
- 9. TROUBLESHOOTING
- APPENDIX A
User’s Manual of GS-4210 Series
265
4.5.2 AAA
Authentication, authorization, and accounting (AAA) provides a framework for configuring access control on the Managed
Switch. The three security functions can be summarized as follows:
• Authentication — Identifies users that request access to the network.
• Authorization — Determines if users can access specific services.
• Accounting — Provides reports, auditing, and billing for services that users have accessed on the network.
The AAA functions require the use of configured RADIUS or TACACS+ servers in the network. The security servers can be
defined as sequential groups that are then applied as a method for controlling user access to specified services. For example,
when the switch attempts to authenticate a user, a request is sent to the first server in the defined group, if there is no response
the second server will be tried, and so on. If at any point a pass or fail is returned, the process stops.
The Managed Switch supports the following AAA features:
• Accounting for IEEE 802.1X authenticated users that access the network through the Managed Switch.
• Accounting for users that access management interfaces on the Managed Switch through the console and Telnet.
• Accounting for commands that users enter at specific CLI privilege levels. Authorization of users that access
management interfaces on the Managed Switch through the console and Telnet.
To configure AAA on the Managed Switch, you need to follow this general process:
1. Configure RADIUS and TACACS+ server access parameters. See “Configuring Local/Remote Logon
Authentication”.
2. Define RADIUS and TACACS+ server groups to support the accounting and authorization of services.
3. Define a method name for each service to which you want to apply accounting or authorization and specify the
RADIUS or TACACS+ server groups to use. Apply the method names to port or line interfaces.
This guide assumes that RADIUS and TACACS+ servers have already been configured to
support AAA. The configuration of RADIUS and TACACS+ server software is beyond the
scope of this guide, refer to the documentation provided with the RADIUS or TACACS+
server software.