Linksys SRW224G4P manual Security 802.1x Settings, Tacacs Server Setting

Page 31

Chapter 5

Configuring the Switch

TACACS Server Setting

The Switch provides Terminal Access Controller Access Control System (TACACS+) client support.. TACACS+ provides centralized security for validation of users accessing the device.. TACACS+ provides a centralized user management system, while still retaining consistency with RADIUS and other authentication processes.. The TACACS+ protocol ensures network integrity through encrypted protocol exchanges between the device and TACACS+ server..

Server IP Address  Enter the TACACS+ Server IP address..

Server Port Number (1-65535)  Defines the port number through which the TACACS+ session occurs.. The default port is 49..

Secret Key String  Defines the authentication and encryption key for TACACS+ server.. The key must match the encryption key used on the TACACS+ server..

Security > 802.1x Settings

Security > 802..1x Settings

Network switches can provide open and easy access to network resources by simply attaching a client PC.. Although this automatic configuration and access is a desirable feature, it also allows unauthorized personnel to easily intrude and possibly gain access to sensitive network data..

The IEEE 802..1X (dot1X) standard defines a port-based access control procedure that prevents unauthorized access to a network by requiring users to first submit credentials for authentication.. Access to all switch ports in a network can be centrally controlled from a server, which means that authorized users can use the same credentials for authentication from any point within the network..

This Switch uses the Extensible Authentication Protocol over LANs (EAPOL) to exchange authentication protocol messages with the client, and a remote RADIUS authentication server to verify user identity and access rights.. When a client connects to a switch port, the Switch responds with an EAPOL identity request.. The client provides its identity (such as a user name) in an EAPOL response to the Switch, which it forwards to the RADIUS server.. The RADIUS server verifies the client identity and sends an access challenge back to the client..The EAP packet from the RADIUS server contains not only the challenge, but the authentication method to be used.. The client can reject the authentication method and request another, depending on the configuration of the client software and the RADIUS server.. The authentication method must be MD5.. The client responds to the appropriate method with its credentials, such as a password or certificate.. The RADIUS server verifies the client credentials and responds with an accept or reject packet.. If authentication is successful, the Switch allows the client to access the network.. Otherwise, network access is denied and the port remains blocked..

The operation of 802..1X on the Switch requires the following:

The Switch must have an IP address assigned..

RADIUS authentication must be enabled on the Switch and the IP address of the RADIUS server specified..

802..1X must be enabled globally for the Switch..

Each Switch port that will be used must be set to dot1X “Auto” mode..

Each client that needs to be authenticated must have dot1X client software installed and properly configured..

The RADIUS server and 802..1X client support EAP.. (The Switch only supports EAPOL in order to pass the EAP packets from the server to the client..)

The RADIUS server and client also have to support the same EAP authentication type – MD5.. (Some clients have native support in Windows, otherwise the dot1x client must support it..)

To enable 802..1X System Authentication Control, select the RADIUS option..

When 802..1X is enabled, you need to configure the parameters for the authentication process that runs between the client and the Switch, as well as the client identity lookup process that runs between the Switch and authentication server.. These parameters are described in this section..

24-Port 10/100 + 4-Port Gigabit Switch with WebView and Power over Ethernet

27

Page 30 Page 32
Image 31
Page 30 Page 32
Contents User Guide Table of Contents ACL Appendix a About Gigabit Ethernet and Fiber Optic Cabling Appendix E Contact InformationCopyright and Trademarks About This GuideIcon Descriptions Online ResourcesChapter Introduction ChapterFront Panel Chapter Product OverviewSide Panel Back PanelPlacement Options Pre-Installation ConsiderationsOverview Rack-Mount Placement Hardware InstallationUplinking the Switch Desktop PlacementConfiguring the HyperTerminal Application Chapter Configuration Using Console InterfaceSystem Configuration LoginSwitch Main Menu System Configuration MenuUser & Password Settings Management SettingsIP Address Settings IP ConfigurationReboot System Restore System Default SettingsFile Management Back to Main Menu Port ConfigurationPoE Configuration Port StatusLogout System PoE ConfigurationPort PoE Configuration Port PoE StatusSetup Summary SetupDevice Information Identification Setup Network SettingsSystem Information PoE InformationSet Time Setup TimeEdit Port Settings Port Management Port SettingsPort Management Port Broadcast Control Port Management Link AggregationPort Management Lacp Port Management PoE Power SettingsGlobal Setting Port SettingCreate Vlan Vlan Management Port SettingsVlan Management Vlan Management Create VlanVlan Management Vlan to Ports Vlan Management Ports to VlanStatistics Rmon Statistics StatisticsStatistics Rmon History Statistics Rmon Events Statistics Rmon AlarmsStatistics 802.1x Statistics Statistics Port UtilizationACL MAC based ACL ACL IP based ACLSecurity ACL Binding Security Authentication ServersRadius Server Setting SecurityTacacs Server Setting Security 802.1x SettingsSecurity Ports Security Security Management ACL Security Https SettingsSecurity SSH Host-Key Settings Security SSH SettingsQoS QoS CoS SettingsCoS to Queue Port to CoS QoS Queue SettingsQoS Dscp Settings Queue SettingsClass Map QoS DiffServ SettingsPolicy Map QoS DiffServ Port Binding Spanning TreeQoS Bandwidth Spanning Tree Global STP Spanning Tree STP StatusSpanning Tree STP Port Settings Spanning Tree STP Port Settings STP Port Setting Detail Spanning Tree Rstp Port Settings Spanning Tree Mstp Properties Spanning Tree Mstp Instance SettingsSpanning Tree Mstp Interface Settings Multicast Multicast Static Member Ports Multicast Global SettingsMulticast Member Ports Query Multicast Static Router PortsMulticast Router Ports Query Snmp Global Parameters Snmp Group Profile Snmp ViewsData Privacy User AuthenticationSnmp Group Membership Snmp CommunitiesSNMPv1,2 AdminAdmin User Authentication Snmp Notification RecipientDynamic Address Query Admin Forwarding DatabaseStatic Address Setting Address AgingSystem Logging Admin LogSyslog Smtp Setting Admin Port MirroringAdmin Ping Admin Cable TestAdmin Save Configuration Admin Firmware Upgrade Admin Jumbo FrameAdmin Http Upgrade Admin Factory Default Admin RebootGigabit Ethernet Appendix a About Gigabit Ethernet Fiber Optic CablingFiber Optic Cabling Appendix B Glossary Appendix BGlossary Smtp Simple Mail Transfer Protocol The standard e Appendix B Appendix C Appendix C SpecificationsSpecifications Limited Warranty Appendix D Warranty and Regulatory InformationIC Statement Safety NoticesFCC Statement Industry Canada CanadaDansk Danish Miljøinformation for kunder i EU La Directiva 2002/96/CE de la UE exige que los equipos que Norsk Norwegian Miljøinformasjon for kunder i EU WEB For additional information, please visit Appendix E
Top Page Image Contents