Manual
Table Of Contents
- 1. INTRODUTION
- 2. INSTALLATION
- 3. SWITCH MANAGEMENT
- 4. WEB CONFIGURATION
- 4.1 Main WEB PAGE
- 4.2 System
- 4.3 Simple Network Management Protocol
- 4.4 Port Management
- 4.5 Link Aggregation
- 4.6 VLAN
- 4.7 Rapid Spanning Tree Protocol
- 4.8 Quality of Service
- 4.9 Multicast
- 4.10 IEEE 802.1X Network Access Control
- 4.10.1 Understanding IEEE 802.1X Port-Based Authentication
- 4.10.2 802.1X System Configuration
- 4.10.3 802.1X and MAC-Based Authentication Port Configuration
- 4.10.4 802.1X Port Status
- 4.10.5 802.1X and MAC-Based Authentication Statistics
- 4.10.6 Windows Platform RADIUS Server Configuration
- 4.10.7 802.1X Client Configuration
- 4.11 Access Control Lists
- 4.12 Address Table
- 4.13 Port Security (To be Continued)
- 4.14 LLDP
- 4.15 Network Diagnastics
- 4.16 Stacking – SGSW-24040 / SGSW-24040R
- 4.17 Power over Ethernet (SGSW-24040P / SGSW-24040P4)
- 5. COMMAND LINE INTERFACE
- 6. Command Line Mode
- 6.1 System Command
- 6.2 Port Management Command
- 6.3 Link Aggregation Command
- 6.4 VLAN Configuration Command
- 6.5 Spanning Tree Protocol Command
- 6.6 Multicast Configuration Command
- 6.7 Quality of Service Command
- 6.8 802.1x Port Access Control Command
- 6.9 Access Control List Command
- 6.10 MAC Address Table Command
- 6.11 LLDP Command
- 6.12 Stack Management Command
- 6.13 Power over Ethernet Command
- 7. SWITCH OPERATION
- 8. POWER OVER ETHERNET OVERVIEW
- 9. TROUBLE SHOOTING
- APPENDEX A
- APPENDEX B : GLOSSARY
User’s Manual of WGSW-24040 Series
SGSW-24040/24240 Series
148
• Reauthentication
Enabled
If checked, clients are reauthenticated after the interval specified by the
Reauthentication Period. Reauthentication for 802.1X-enabled ports can be used
to detect if a new device is plugged into a switch port.
For MAC-based ports, reauthentication is only useful if the RADIUS server
configuration has changed. It does not involve communication between the
switch and the client, and therefore doesn't imply that a client is still present on a
port (see Age Period below).
• Reauthentication
Period
Determines the period, in seconds, after which a connected client must be
reauthenticated. This is only active if the Reauthentication Enabled checkbox is
checked. Valid values are in the range 1 to 3600 seconds.
• EAP Timeout
Determines the time the switch shall wait for the supplicant response before
retransmitting a packet. Valid values are in the range 1 to 255 seconds. This has
no effect for MAC-based ports.
• Age Period
This setting applies to ports running MAC-based authentication, only.
Suppose a client is connected to a 3rd party switch or hub, which in turn is
connected to a port on this switch that runs MAC-based authentication, and
suppose the client gets successfully authenticated. Now assume that the client
powers down his PC. What should make the switch forget about the
authenticated client? Reauthentication will not solve this problem, since this
doesn't require the client to be present, as discussed under Reauthentication
Enabled above. The solution is aging of authenticated clients. The Age Period,
which can be set to a number between 10 and 1000000 seconds, works like this:
A timer is started when the client gets authenticated. After half the age period, the
switch starts looking for frames sent by the client. If another half age period
elapses and no frames are seen, the client is considered removed from the
system, and it will have to authenticate again the next time a frame is seen from
it. If, on the other hand, the client transmits a frame before the second half of the
age period expires, the switch will consider the client alive, and leave it
authenticated, and restart the age timer.
• Hold Time
This setting applies to ports running MAC-based authentication, only.
If the RADIUS server denies a client access, or a RADIUS server request times
out (after 40 seconds with two retries), the client is put on hold in the
Unauthorized state. In this state, frames from the client will not cause the switch
to attempt to reauthenticate the client. The Hold Time, which can be set to a
number between 10 and 1000000 seconds, determines the time after an EAP
Failure indication or RADIUS timeout that a client is not allowed access.