User`s guide
Table Of Contents
- User’s Guide
- Introduction and Hardware
- Basic Configuration
- Advanced
- VLAN
- Static MAC Forward Setup
- Filtering
- Spanning Tree Protocol
- 11.1 STP/RSTP Overview
- 11.1.1 STP Terminology
- 11.1.2 How STP Works
- 11.1.3 STP Port States
- 11.1.4 Multiple RSTP
- 11.2 Spanning Tree Protocol Main Screen
- 11.3 Configure Rapid Spanning Tree Protocol
- 11.4 Rapid Spanning Tree Protocol Status
- 11.5 Configure Multiple Rapid Spanning Tree Protocol
- 11.6 Multiple Rapid Spanning Tree Protocol Status
- Bandwidth Control
- Broadcast Storm Control
- Mirroring
- Link Aggregation
- Port Authentication
- Port Security
- Classifier
- Policy Rule
- Queuing Method
- VLAN Stacking
- Multicast
- 22.1 Multicast Overview
- 22.1.1 IP Multicast Addresses
- 22.1.2 IGMP Filtering
- 22.1.3 IGMP Snooping
- 22.2 Multicast Status
- 22.3 Multicast Setting
- 22.4 IGMP Filtering Profile
- 22.5 MVR Overview
- 22.5.1 Types of MVR Ports
- 22.5.2 MVR Modes
- 22.5.3 How MVR Works
- 22.6 General MVR Configuration
- 22.7 MVR Group Configuration
- 22.7.1 MVR Configuration Example
- IP Application
- Management
- Maintenance
- 28.1 The Maintenance Screen
- 28.2 Firmware Upgrade
- 28.3 Restore a Configuration File
- 28.4 Backup a Configuration File
- 28.5 Load Factory Default
- 28.6 Save Configuration
- 28.7 Reboot System
- 28.8 FTP Command Line
- 28.8.1 Filename Conventions
- 28.8.2 FTP Command Line Procedure
- 28.8.3 GUI-based FTP Clients
- 28.8.4 FTP Restrictions
- Access Control
- 29.1 Access Control Overview
- 29.2 The Access Control Main Screen
- 29.3 About SNMP
- 29.3.1 Supported MIBs
- 29.3.2 SNMP Traps
- 29.3.3 Configuring SNMP
- 29.4 SSH Overview
- 29.5 How SSH works
- 29.6 SSH Implementation on the Switch
- 29.6.1 Requirements for Using SSH
- 29.7 Introduction to HTTPS
- 29.8 HTTPS Example
- 29.8.1 Internet Explorer Warning Messages
- 29.8.2 Netscape Navigator Warning Messages
- 29.8.3 The Main Screen
- 29.9 Service Port Access Control
- 29.10 Remote Management
- Diagnostic
- Syslog
- Cluster Management
- MAC Table
- IP Table
- ARP Table
- Routing Table
- Configure Clone
- Maintenance
- CLI and Troubleshooting
- Introducing Commands
- 38.1 Overview
- 38.2 Accessing the CLI
- 38.2.1 The Console Port
- 38.3 The Login Screen
- 38.4 Command Syntax Conventions
- 38.5 Changing the Password
- 38.6 Privilege Levels
- 38.7 Command Modes
- 38.8 Getting Help
- 38.8.1 List of Available Commands
- 38.9 Using Command History
- 38.10 Saving Your Configuration
- 38.10.1 Configuration File
- 38.10.2 Logging Out
- 38.11 Command Summary
- 38.11.1 User Mode
- 38.11.2 Enable Mode
- 38.11.3 General Configuration Mode
- 38.11.4 interface port-channel Commands
- 38.11.5 interface route-domain Commands
- 38.11.6 config-vlan Commands
- 38.12 mvr Commands
- User and Enable Mode Commands
- 39.1 Overview
- 39.2 show Commands
- 39.2.1 show system-information
- 39.2.2 show ip
- 39.2.3 show logging
- 39.2.4 show interface
- 39.2.5 show mac address-table
- 39.3 ping
- 39.4 traceroute
- 39.5 Copy Port Attributes
- 39.6 Configuration File Maintenance
- 39.6.1 Using a Different Configuration File
- 39.6.2 Resetting to the Factory Default
- Configuration Mode Commands
- 40.1 Change the Out of Band Management IP Address
- 40.2 Enabling IGMP Snooping
- 40.3 Configure IGMP Filter
- 40.4 Enabling STP
- 40.5 no Command Examples
- 40.5.1 Disable Commands
- 40.5.2 Resetting Commands
- 40.5.3 Re-enable commands
- 40.5.4 Other Examples of no Commands
- 40.6 Static Route Commands
- 40.7 Enabling MAC Filtering
- 40.8 Enabling Trunking
- 40.9 Enabling Port Authentication
- 40.9.1 RADIUS Server Settings
- 40.9.2 Port Authentication Settings
- Interface Commands
- 41.1 Overview
- 41.2 Interface Command Examples
- 41.2.1 interface port-channel
- 41.2.2 bpdu-control
- 41.2.3 broadcast-limit
- 41.2.4 bandwidth-limit
- 41.2.5 mirror
- 41.2.6 gvrp
- 41.2.7 ingress-check
- 41.2.8 frame-type
- 41.2.9 weight
- 41.2.10 egress set
- 41.2.11 qos priority
- 41.2.12 name
- 41.2.13 speed-duplex
- 41.2.14 test
- 41.3 Interface no Command Examples
- 41.3.1 no bandwidth-limit
- IEEE 802.1Q Tagged VLAN Commands
- 42.1 Configuring Tagged VLAN
- 42.2 Global VLAN1Q Tagged VLAN Configuration Commands
- 42.2.1 GARP Status
- 42.2.2 GARP Timer
- 42.2.3 GVRP Timer
- 42.2.4 Enable GVRP
- 42.2.5 Disable GVRP
- 42.3 Port VLAN Commands
- 42.3.1 Set Port VID
- 42.3.2 Set Acceptable Frame Type
- 42.3.3 Enable or Disable Port GVRP
- 42.3.4 Modify Static VLAN
- 42.3.5 Delete VLAN ID
- 42.4 Enable VLAN
- 42.5 Disable VLAN
- 42.6 Show VLAN Setting
- Multicast VLAN Registration Commands
- Routing Domain Command Examples
- Troubleshooting
- Introducing Commands
- Appendices and Index
GS-2724 User’s Guide
121
CHAPTER 16
Port Authentication
This chapter describes the 802.1x authentication method and RADIUS server connection
setup. See Section 40.9 on page 278 for information on how to use the commands to configure
additional Radius server settings as well as multiple Radius server configuration.
16.1 Port Authentication Overview
IEEE 802.1x is an extended authentication protocol
2
that allows support of RADIUS (Remote
Authentication Dial In User Service, RFC 2138, 2139) for centralized user profile and
accounting management on a network RADIUS server.
16.1.1 RADIUS
RADIUS (Remote Authentication Dial-In User Service) authentication is a popular protocol
used to authenticate users by means of an external server instead of (or in addition to) an
internal device user database that is limited to the memory capacity of the device. In essence,
RADIUS authentication allows you to validate an unlimited number of users from a central
location.
Figure 51 RADIUS Server
16.1.1.1 Vendor Specific Attribute
A Vendor Specific Attribute (VSA) is an attribute-value pair that is sent between a RADIUS
server and the Switch. Configure VSAs on the RADIUS server to set the Switch to perform the
following actions on an authenticated user:
• Limit bandwidth on incoming or outgoing traffic
• Assign account privilege levels
2. At the time of writing, only Windows XP of the Microsoft operating systems supports it. See the Microsoft web site
for information on other Windows operating system support. For other operating systems, see its documentation.
If your operating system does not support 802.1x, then you may need to install 802.1x client software.