Manuals / Brands / Computer Equipment / Switch / Accton Technology / Computer Equipment / Switch

Accton Technology ES4512C, ES4524C, ES4548C 802.1x Port Authentication

1 426

Download 426 pages, 7.4 Mb

Command Line Interface

4-78

4

802.1x Port Authentication

The switch supports IEEE 802.1x (dot1x) port-based access control that prevents

unauthorized access to the network by requiring users to first submit credentials for

authentication. Client authentication is controlled centrally by a RADIUS server

using EAP (Extensible Authentication Protocol).

authentication dot1x default

This command sets the default authentication server type. Usethe no form to

restore the default.

Syntax

authentication dot1x default radius

no authentication dot1x

Default Setting

RADIUS

Command Mode

Global Configuration

Example

Table 4-31. 802.1x Port Authentication Commands

Command Function Mode Page

authentication dot1x default Sets the default authentication server type GC 4-78

dot1x default Resets all dot1x parameters to their default values GC 4-79

dot1x max-req Sets the maximum number of times that the switch

retransmits an EAP request/identity packet to the client

before it times out the authentication session

GC 4-79

dot1x port-control Sets dot1x mode for a port interface IC 4-80

dot1x operation-mode Allows single or multiple hosts on an dot1x port IC 4-80

dot1x re-authenticate Forces re-authentication on specific ports PE 4-81

dot1x re-authentication Enables re-authentication for all ports GC 4-81

dot1x timeout quiet-period Sets the time that a switch port waits after the Max

Request Count has been exceeded before attempting to

acquire a new client

GC 4-82

dot1x timeout re-authperiod Sets the time period after which a connected client must

be re-authenticated

GC 4-82

dot1x timeout tx-period Sets the time period during an authentication session that

the switch waits before re-transmitting an EAP packet

GC 4-83

show dot1x Shows all dot1x related information PE 4-83

Console(config)#authentication dot1x default radius

Console(config)#

Contents

Main Page Page Page Contents Page Page Page Page Page Page Page Page Page Page Page Tables Page Figures Page Page Page 1-1 Chapter 1: Introduction Key Features Table 1-1. Key Features 1-2 Description of Software Features Description of Software Features 1-3 1-4 System Defaults 1-5 System Defaults 1-6 System Defaults 1-7 Page 2-1 Chapter 2: Initial Configuration Connecting to the Switch Configuration Options 2-2 Required Connections 2-3 Remote Connections Basic Configuration Console Connection 2-4 Setting Passwords Setting an IP Address Manual Configuration 2-5 Dynamic Configuration 2-6 Enabling SNMP Management Access Community Strings 2-7 Trap Receivers Saving Configuration Settings 2-8 Managing System Files 3-1 Chapter 3: Configuring the Switch Using the Web Interface 3-2 Navigating the Web Browser Interface Home Page 3-3 Configuration Options Panel Display 3-4 Main Menu 3-5 3-6 3-7 Page 3-9 Basic Configuration Displaying System Information 3-10 CLI Specify the hostname, location and contact information. Displaying Switch Hardware/Software Versions 3-11 3-12 Displaying Bridge Extension Capabilities 3-13 Setting the Switchs IP Address Page 3-15 Using DHCP/BOOTP 3-16 Managing Firmware Downloading System Software from a Server 3-17 Saving or Restoring Configuration Settings 3-18 Downloading Configuration Settings from a Server 3-19 Configuring Event Logging System Log Configuration 3-20 Remote Log Configuration Page 3-22 Displaying Log Messages 3-23 Sending Simple Mail Transfer Protocol Alerts Page 3-25 Resetting the System 3-26 Setting the System Clock Configuring SNTP 3-27 Setting the Time Zone 3-28 Simple Network Management Protocol Setting Community Access Strings Simple Network Management Protocol 3-29 Specifying Trap Managers and Trap Types 3-30 User Authentication Configuring the Logon Password 3-31 Configuring Local/Remote Logon Authentication 3-32 Page 3-34 Configuring HTTPS 3-35 Replacing the Default Secure-site Certificate 3-36 Configuring the Secure Shell 3-37 3-38 Generating the Host Key Pair 3-39 3-40 Configuring the SSH Server 3-41 Configuring Port Security 3-42 3-43 Configuring 802.1x Port Authentication 3-44 Displaying 802.1x Global Settings 3-45 Web Click Security, 802.1x, Information. 3-46 Configuring 802.1x Global Settings 3-47 Configuring Port Authorization Mode 3-48 Displaying 802.1x Statistics 3-49 3-50 Filtering IP Addresses for Management Access 3-51 3-52 Access Control Lists Configuring Access Control Lists 3-53 Setting the ACL Name and Type Configuring a Standard IP ACL 3-54 3-55 Configuring an Extended IP ACL 3-56 3-57 Configuring a MAC ACL Page 3-59 Configuring ACL Masks Specifying the Mask Type 3-60 Configuring an IP ACL Mask 3-61 3-62 Configuring a MAC ACL Mask 3-63 Binding a Port to an Access Control List 3-64 Port Configuration Displaying Connection Status 3-65 3-66 3-67 Configuring Interface Connections 3-68 3-69 Creating Trunk Groups 3-70 Statically Configuring a Trunk } active links statically configured 3-71 Enabling LACP on Selected Ports } } 3-72 3-73 Configuring LACP Parameters Page 3-75 3-76 Displaying LACP Port Counters You can display statistics for LACP protocol messages. Table 3-6. LACP Port Counters 3-77 Displaying LACP Settings and Status for the Local Side 3-78 3-79 Displaying LACP Settings and Status for the Remote Side 3-80 Setting Broadcast Storm Thresholds 3-81 3-82 Configuring Port Mirroring 3-83 Configuring Rate Limits 3-84 Showing Port Statistics 3-85 Table 3-9. Port Statistics 3-86 Table 3-9. Port Statistics Page 3-88 Address Table Settings Setting Static Addresses Address Table Settings 3-89 Displaying the Address Table Page 3-91 Changing the Aging Time Spanning Tree Algorithm Configuration 3-92 Displaying Global Settings x x 3-93 3-94 3-95 Configuring Global Settings 3-96 3-97 Page 3-99 Displaying Interface Settings x x 3-100 3-101 3-102 Configuring Interface Settings 3-103 3-104 Configuring Multiple Spanning Trees 3-105 3-106 CLI This displays STA settings for instance 1, followed by settings for each port. CLI This example sets the priority for MSTI 1, and adds VLANs 1-5 to this MSTI. 3-107 Displaying Interface Settings for MSTP 3-108 Configuring Interface Settings for MSTP 3-109 3-110 VLAN Configuration IEEE 802.1Q VLANs Assigning Ports to VLANs 3-111 3-112 Forwarding Tagged/Untagged Frames 3-113 Enabling or Disabling GVRP (Global Setting) Displaying Basic VLAN Information 3-114 Displaying Current VLANs 3-115 Creating VLANs 3-116 Adding Static Members to VLANs (VLAN Index) 3-117 3-118 Adding Static Members to VLANs (Port Index) 3-119 Configuring VLAN Behavior for Interfaces 3-120 3-121 Configuring Private VLANs x Enabling Private VLANs 3-122 Configuring Uplink and Downlink Ports Configuring Protocol-Based VLANs 3-123 Configuring Protocol Groups Mapping Protocols to VLANs 3-124 3-125 Class of Service Configuration Layer 2 Queue Settings Setting the Default Priority for Interfaces 3-126 Figure 3-72. Default Port Priority CLI This example assigns a default priority of 5 to port 3. 3-127 Mapping CoS Values to Egress Queues 3-128 3-129 Selecting the Queue Mode Setting the Service Weight for Traffic Classes 3-130 3-131 Layer 3/4 Priority Settings Mapping Layer 3/4 Priorities to CoS Values Selecting IP Precedence/DSCP Priority 3-132 Mapping IP Precedence 3-133 Mapping DSCP Priority 3-134 3-135 Mapping IP Port Priority 3-136 Mapping CoS Values to ACLs 3-137 Changing Priorities Based on ACL Rules 3-138 3-139 Multicast Filtering Layer 2 IGMP (Snooping and Query) 3-140 Configuring IGMP Snooping and Query Parameters 3-141 3-142 Displaying Interfaces Attached to a Multicast Router 3-143 Specifying Static Interfaces for a Multicast Router 3-144 Displaying Port Members of Multicast Services 3-145 Assigning Ports to Multicast Services 3-146 Configuring Domain Name Service Configuring General DNS Server Parameters 3-147 3-148 Configuring Static DNS Host to Address Entries 3-149 3-150 Displaying the DNS Cache 3-151 CLI - This example displays all the resource records learned from the designated name servers. Page 4-1 Chapter 4: Command Line Interface Using the Command Line Interface Accessing the CLI Console Connection Telnet Connection 4-2 4-3 Entering Commands Keywords and Arguments Minimum Abbreviation Command Completion Getting Help on Commands 4-4 Showing Commands The command show interfaces ? will display the following information: 4-5 Partial Keyword Lookup Negating the Effect of Commands Using Command History 4-6 Understanding Command Modes Exec Commands 4-7 Configuration Commands 4-8 Table 4-2. Configuration Command Modes 4-9 Command Line Processing 4-10 Command Groups 4-11 Line Commands 4-12 line login 4-13 password 4-14 exec-timeout 4-15 password-thresh silent-time 4-16 databits 4-17 parity speed 4-18 stopbits disconnect 4-19 show line 4-20 General Commands enable General Commands 4-21 disable configure 4-22 show history reload General Commands 4-23 end exit 4-24 System Management Commands 4-25 Device Designation Commands prompt hostname 4-26 User Access Commands username 4-27 enable password 4-28 IP Filter Commands management 4-29 show management 4-30 Web Server Commands ip http port ip http server 4-31 ip http secure-server 4-32 ip http secure-port 4-33 Telnet Server Commands ip telnet port ip telnet server 4-34 Secure Shell Commands 4-35 4-36 ip ssh server 4-37 ip ssh timeout ip ssh authentication-retries 4-38 ip ssh server-key size delete public-key 4-39 ip ssh crypto host-key generate ip ssh crypto zeroize 4-40 ip ssh save host-key show ip ssh 4-41 Example show ssh Table 4-15. show ssh - display description 4-42 show public-key 4-43 Event Logging Commands logging on 4-44 logging history 4-45 logging host logging facility 4-46 logging trap clear logging 4-47 show logging 4-48 The following example displays settings for the trap function. Related Commands show logging sendmail (4-51) SMTP Alert Commands Table 4-19. show logging trap - display description Table 4-20. SMTP Alert Commands 4-49 logging sendmail host logging sendmail level 4-50 logging sendmail source-email logging sendmail destination-email 4-51 logging sendmail show logging sendmail 4-52 Time Commands sntp client 4-53 sntp server 4-54 sntp poll show sntp 4-55 clock timezone calendar set 4-56 show calendar 4-57 System Status Commands show startup-config 4-58 show running-config 4-59 4-60 show system 4-61 show users show version 4-62 Frame Size Commands jumbo frame 4-63 Flash/File Commands copy 4-64 4-65 delete 4-66 dir 4-67 whichboot boot system 4-68 Authentication Commands 4-69 Authentication Sequence authentication login 4-70 authentication enable 4-71 RADIUS Client radius-server host radius-server port 4-72 radius-server key radius-server retransmit 4-73 radius-server timeout show radius-server 4-74 TACACS+ Client tacacs-server host tacacs-server port 4-75 tacacs-server key show tacacs-server 4-76 Port Security Commands port security 4-77 4-78 802.1x Port Authentication authentication dot1x default 4-79 dot1x default dot1x max-req 4-80 dot1x port-control dot1x operation-mode 4-81 dot1x re-authenticate dot1x re-authentication 4-82 dot1x timeout quiet-period dot1x timeout re-authperiod 4-83 dot1x timeout tx-period show dot1x 4-84 4-85 4-86 Access Control List Commands IP ACLs 4-87 4-88 access-list ip 4-89 permit, deny (Standard ACL) 4-90 permit, deny (Extended ACL) 4-91 4-92 show ip access-list access-list ip mask-precedence 4-93 mask (IP ACL) 4-94 4-95 4-96 show access-list ip mask-precedence 4-97 ip access-group show ip access-group 4-98 map access-list ip 4-99 show map access-list ip match access-list ip 4-100 show marking 4-101 MAC ACLs access-list mac 4-102 permit, deny (MAC ACL) 4-103 show mac access-list 4-104 access-list mac mask-precedence 4-105 mask (MAC ACL) 4-106 This example creates an Egress MAC ACL. 4-107 show access-list mac mask-precedence mac access-group 4-108 show mac access-group map access-list mac 4-109 show map access-list mac 4-110 match access-list mac 4-111 ACL Information show access-list show access-group 4-112 SNMP Commands snmp-server community SNMP Commands 4-113 snmp-server contact snmp-server location 4-114 snmp-server host SNMP Commands 4-115 snmp-server enable traps show snmp 4-116 4-117 DNS Commands ip host 4-118 clear host ip domain-name 4-119 ip domain-list 4-120 ip name-server 4-121 ip domain-lookup 4-122 show hosts 4-123 show dns show dns cache Page 4-125 Interface Commands interface 4-126 description speed-duplex 4-127 negotiation 4-128 capabilities 4-129 flowcontrol 4-130 combo-forced-mode shutdown 4-131 switchport broadcast packet-rate 4-132 clear counters 4-133 show interfaces status 4-134 show interfaces counters 4-135 show interfaces switchport 4-136 Mirror Port Commands port monitor Mirror Port Commands 4-137 show port monitor 4-138 Rate Limit Commands rate-limit 4-139 Link Aggregation Commands 4-140 channel-group 4-141 lacp 4-142 lacp system-priority 4-143 lacp admin-key (Ethernet Interface) 4-144 lacp admin-key (Port Channel) lacp port-priority 4-145 show lacp 4-146 Table 4-46. show lacp counters - display description 4-147 Table 4-47. show lacp internal - display description 4-148 Table 4-48. show lacp neighbors - display description Address Table Commands 4-149 Address Table Commands Table 4-49. show lacp sysid - display description Table 4-50. Address Table Commands 4-150 mac-address-table static Address Table Commands 4-151 clear mac-address-table dynamic show mac-address-table 4-152 mac-address-table aging-time show mac-address-table aging-time 4-153 Spanning Tree Commands 4-154 spanning-tree spanning-tree mode 4-155 spanning-tree forward-time 4-156 spanning-tree hello-time 4-157 spanning-tree max-age spanning-tree priority 4-158 spanning-tree pathcost method 4-159 spanning-tree transmission-limit spanning-tree mst configuration 4-160 mst vlan 4-161 mst priority name 4-162 revision 4-163 max-hops spanning-tree spanning-disabled 4-164 spanning-tree cost spanning-tree port-priority 4-165 spanning-tree edge-port 4-166 spanning-tree portfast 4-167 spanning-tree link-type spanning-tree mst cost 4-168 spanning-tree mst port-priority 4-169 spanning-tree protocol-migration 4-170 show spanning-tree 4-171 4-172 show spanning-tree mst configuration VLAN Commands 4-173 Editing VLAN Groups vlan database 4-174 vlan 4-175 Configuring VLAN Interfaces interface vlan 4-176 switchport mode switchport acceptable-frame-types 4-177 switchport ingress-filtering 4-178 switchport native vlan 4-179 switchport allowed vlan 4-180 switchport forbidden vlan 4-181 Displaying VLAN Information show vlan 4-182 Configuring Private VLANs pvlan 4-183 show pvlan Configuring Protocol-based VLANs 4-184 protocol-vlan protocol-group (Configuring Groups) protocol-vlan protocol-group (Configuring Interfaces) 4-185 show protocol-vlan protocol-group 4-186 show interfaces protocol-vlan protocol-group GVRP and Bridge Extension Commands 4-187 GVRP and Bridge Extension Commands bridge-ext gvrp 4-188 show bridge-ext switchport gvrp GVRP and Bridge Extension Commands 4-189 show gvrp configuration garp timer 4-190 show garp timer 4-191 Priority Commands Priority Commands (Layer 2) 4-192 queue mode 4-193 switchport priority default 4-194 queue bandwidth queue cos-map 4-195 show queue mode 4-196 show queue bandwidth show queue cos-map 4-197 Priority Commands (Layer 3 and 4) map ip port (Global Configuration) 4-198 map ip port (Interface Configuration) map ip precedence (Global Configuration) 4-199 map ip precedence (Interface Configuration) 4-200 map ip dscp (Global Configuration) map ip dscp (Interface Configuration) 4-201 show map ip port 4-202 show map ip precedence 4-203 show map ip dscp 4-204 Multicast Filtering Commands IGMP Snooping Commands 4-205 ip igmp snooping ip igmp snooping vlan static 4-206 ip igmp snooping version show ip igmp snooping 4-207 show mac-address-table multicast 4-208 IGMP Query Commands (Layer 2) ip igmp snooping querier ip igmp snooping query-count 4-209 ip igmp snooping query-interval 4-210 ip igmp snooping query-max-response-time ip igmp snooping router-port-expire-time 4-211 Static Multicast Routing Commands ip igmp snooping vlan mrouter 4-212 show ip igmp snooping mrouter 4-213 IP Interface Commands ip address 4-214 ip dhcp restart 4-215 ip default-gateway show ip interface 4-216 show ip redirects ping 4-217 Page A-1 Appendix A: Software Specifications Software Features Software Specifications A-2 A Management Features Standards Management Information Bases A-3 A Management Information Bases Page B-1 Appendix B: Troubleshooting Problems Accessing the Management Interface TableB-1 Troubleshooting Chart Troubleshooting B-2 B Using System Logs Glossary Page Page Page Page Page Index Index-1 Symbols Numerics A Index-2 Index H I J L Index-3 Index Q R S T