Moxa Technologies PT-7728 Using Port Access Control, Configuring Static Port Lock, Ieee

Page 66

PT-7728 User’s Manual

Featured Functions

Using Port Access Control

The PT-7728 provides two kinds of Port-Base Access Control. One is Static Port Lock and the other is IEEE 802.1X.

Static Port Lock

The PT-7728 can also be configured to protect static MAC addresses for a specific port. With the Port Lock function, these locked ports will not learn any additional addresses, but only allow traffic from preset static MAC addresses, helping to block hackers and careless usage.

IEEE 802.1X

The IEEE 802.1X standard defines a protocol for client/server-based access control and authentication. The protocol restricts unauthorized clients from connecting to a LAN through ports that are open to the Internet, and which otherwise would be readily accessible. The purpose of the authentication server is to check each client that requests access to the port. The client is only allowed access to the port if the client’s permission is authenticated.

The IEEE 802.1X Concept

Three components are used to create an authentication mechanism based on 802.1X standards: Client/Supplicant, Authentication Server, and Authenticator.

Supplicant: The end station that requests access to the LAN and switch services and responds to the requests from the switch.

Authentication server: The server that performs the actual authentication of the supplicant.

Authenticator: Edge switch or wireless access point that acts as a proxy between the supplicant and the authentication server, requesting identity information from the supplicant, verifying the information with the authentication server, and relaying a response to the supplicant.

The PT-7728 acts as an authenticator in the 802.1X environment. A supplicant and an authenticator exchange EAPOL (Extensible Authentication Protocol over LAN) frames with each other. We can either use an external RADIUS server as the authentication server, or implement the authentication server in PT-7728 by using a Local User Database as the authentication look-up table. When we use an external RADIUS server as the authentication server, the authenticator and the authentication server exchange EAP frames between each other.

Authentication can be initiated either by the supplicant or the authenticator. When the supplicant initiates the authentication process, it sends an EAPOL-Startframe to the authenticator. When the authenticator initiates the authentication process or when it receives an EAPOL Start frame, it sends an EAP Request/Identity frame to ask for the username of the supplicant.

Configuring Static Port Lock

The PT-7728 supports adding unicast groups manually if required.

3-52

Page 65 Page 67
Image 66
Page 65 Page 67
Contents Moxa PowerTrans Switch PT-7728 User’s Manual First Edition, February Moxa IncCopyright Notice TrademarksDisclaimer Table of Contents Appendix a MIB Groups Appendix B Specifications ‰ Overview ‰ Package Checklist ‰ Software Features IntroductionPackage Checklist Software FeaturesOverview Getting Started Serial Console Configuration 115200, None, 8, 1, VT100 PT-7728 User’s Manual Getting Started Configuration by Telnet Console Key FunctionPT-7728 User’s Manual Getting Started PT-7728 User’s Manual Getting Started Configuration by Web Browser Disabling Telnet and Browser Access Featured Functions Configuring Basic Settings System IdentificationPassword PasswordAccount Grant access to any host on a specific subnetwork Accessible IPGrant access to one host with a specific IP address Hosts That Need Access Input FormatDescription EnablePort NameNetwork SpeedFDX Flow Ctrl Switch Subnet Mask Auto IP ConfigurationSwitch IP Address Default GatewayCurrent Time TimeDaylight Saving Time Current DateSystem File Update-By Remote Tftp Firmware Files Path and Name Configuration Files Path and NameTftp Server IP/Name Log Files Path and NameSystem File Update-By Local Import/Export Factory DefaultUsing Port Trunking Port Trunking ConceptTrunk Type Configuring Port TrunkingTrunk Group Maximum of 4 trunk groups Available Ports/Member PortsConfiguring Snmp Setting DescriptionTrunk Table V1, V2c Read Community Snmp Read/Write SettingsSnmp Versions V1, V2c Write/Read CommunitySetting Description Factory Default 1st Trap Server IP/Name Setting Description Factory DefaultUsing Communication Redundancy Private MIB informationInitial setup for Turbo Ring or Turbo Ring Turbo Ring ConceptTurbo Ring with odd number switches Ring Coupling Configuration Determining the Redundant Path for Turbo RingSwitch B Configuring Turbo Ring and Turbo Ring Dual-Homing Configuration for Turbo RingConfiguring Turbo Ring Redundancy Protocol Now ActiveMaster/Slave Set as MasterEnable Ring Coupling Coupling PortCoupling Control Port Ring 1/2-1st Ring Port Status Ring 1/2-2nd Ring Port Status Enable RingRing 1/2-Status Coupling-ModeCoupling Mode Primary/Backup PortWhat is STP? STP/RSTP ConceptPT-7728 User’s Manual Featured Functions STP Requirements STP ConfigurationHow STP Works Port Speed Path Cost 802.1D Edition 802.1w-2001STP Reconfiguration Differences between Rstp and STPSTP Example Using STP on a Network with Multiple VLANs Protocol of Redundancy Configuring STP/RSTPRoot/Not Root Bridge PriorityHello Time sec Forwarding DelayEnable STP per Port Max. Age secWhat is Traffic Prioritization? Using Traffic PrioritizationConfiguration Limits of RSTP/STP Traffic Prioritization ConceptHow Traffic Prioritization Works Ieee 802.1p Priority Level Ieee 802.1D Traffic TypeDifferentiated Services DiffServ Traffic Marking Traffic PrioritizationTraffic Queues Queuing Mechanism Configuring Traffic PrioritizationQoS Classification Inspect TOSTOS/DiffServ Mapping Setting Description FactoryCoS Mapping Inspect COSUsing Virtual LAN What is a VLAN?Virtual LAN Vlan Concept Managing a Vlan VLANs and the PowerTransBenefits of VLANs Communication Between VLANsSample Applications of VLANs using PT-7728 VLANs Tagged and Untagged MembershipPT-7728 User’s Manual Featured Functions Management Vlan ID Configuring Virtual LANVlan Settings Port TypeConcept of Multicast Filtering Using Multicast FilteringWhat is an IP Multicast? Vlan TableBenefits of Multicast Multicast FilteringNetwork without multicast filtering Query Mode Multicast Filtering and Moxa PowerTrans SwitchIgmp Internet Group Management Protocol Snooping Mode Network with multicast filteringGmrp Garp Multicast Registration Protocol Configuring Igmp SnoopingIgmp Multicast Filtering Static Multicast MACIgmp Snooping Settings Add Static Multicast MAC Gmrp enable Using Bandwidth ManagementConfiguring Gmrp Gmrp TableConfiguring Bandwidth Management Broadcast Storm Protection Traffic Rate Limiting SettingsIngress Static Port Lock Using Port Access ControlConfiguring Static Port Lock IeeeRadius Server Configuring IeeeDatabase Option Server Port802.1X Re-Authentication Local User Database SetupUsing Auto Warning Port Access Control TableLocal User Database Setup Configuring Email Warning Event TypePort Events Email SetupMoxaPowerTransSwitch0001@SwitchLocation Mail Server IP/NameAccount Name Configuring Relay WarningPassword Setting Email AddressEvent Setup Configuring Line-Swap Fast Recovery Using Line-Swap-Fast-RecoveryUsing Set Device IP Override relay alarm settingsConfiguring Set Device IP Set up the connected devicesUsing Diagnosis Mirror PortUsing Monitor Monitor by SwitchPing Using the MAC Address Table Monitor by PortUsing Event Log MACUsing Syslog Syslog ServerPT-7728 User’s Manual Featured Functions MIB II.4 IP Group MIB II.1 System GroupMIB II.2 Interfaces Group MIB II.5 Icmp GroupMIB II.10 Transmission Group MIB II.11 Snmp GroupMIB II.17 dot1dBridge Group Public Traps Private TrapsSwitch Properties TechnologyInterface Power Optical Fiber 100BaseFXWarranty MechanicalEnvironmental
Top Page Image Contents