Security, Port Access Control | Asus GigaX manual

4.9Security

The switch has the 802.1x port-based security feature. Only authorized hosts are allowed to access the switch port. Traffic is blocked for hosts failed to authenticate themselves. The authentication service is provided by a RADIUS server or the local database in the switch.

The switch also supports dynamic VLAN assignment through 802.1x authentication process. The VLAN information for the users/ports should be configured in the authentication server properly before enabling this feature.

4.9.1Port Access Control

Port Access Control is used to configure various 802.1x parameters. 802.1x uses either RADIUS server or local database to authenticate port users.

The first part is the Bridge (Global) settings:

•Reauthentication: Once enabled, the switch will try to authenticate the port user again when the re-authentication time is up.

•Reauthentication Time: If 'Reauthentication' is enabled, this is the time period the switch uses to re-send authentication request to the port user.(see above)

•Authentication Method: RADIUS or Local database can be used to authenticate the port user.

•Quiet Period: If authentication failed either from RADIUS or local database, the switch waits upon this time period before sending another authentication request to the port user.

•Retransmission Time: If the port user failed to respond to authentication request from the switch, the switch waits upon this time period before sending another authentication request to the port user.

•Max Reauthentication Attempts: Retry count if the port user failed to respond to authentication requests from the switch.

The second part is the port settings. Please click when you're done with the modifications.

•Port: Specify which port to configure.

70

Image 70

Asus GigaX manual Security, Port Access Control

Contents

GigaX Series Exxxx First Edition March Copyright 2005 ASUSTeK Computer INC. All Rights Reserved Federal Communications Commission Statement Canadian Department of Communications Statement Asus Computer International America ASUSTeK Computer INC. Asia-PacificAsus Computer GmbH Germany and Austria Table of Contents Physical Interface Security 120 List of Figures Overview of Hardware Connections Using the nslookup utility 120 List of Tables L3 managed features Introduction MIB-II Notations SymbolsConventions used in this document Typography Package contents Getting to know the GigaX Front Panel Front panel Front panel labels and LEDs Technical specifications Rear Panel Mounting the switch on a rack Part 1 Installing the hardwareInstalling the switch on a flat surface Quick start guide Connect the console port Part 2 Setting up the switchAttach the power adapter Connect to the computers or a LAN Overview of Hardware Connections Part 3 Basic switch setting for management Setting up through the console port GigaX Series L3 Managed Switch User Guide Login and IP setup Screen Setting up through the Web interface Http//192.168.1.1 IP Setup Management with the Web Interface Log into Web user interface Functional layout Home Top Frame Expanded Menu List Menu navigation tips Commonly used buttons and icons System Pages Management IP Setup Administration Reboot Firmware Upgrade Firmware Upgrade Physical Interface Physical Interface Route Interfaces Interfaces Static Route 3 RIP Static Route Bridge RIP Spanning Tree/Rapid Spanning Tree Link Aggregation Spanning Tree GigaX Series L3 Managed Switch User Guide Mirroring Link aggregation Mirroring Static Multicast Igmp Snooping Traffic Control Igmp Snooping Dynamic Addresses Traffic Control Dynamic Address Static Addresses Tagged Vlan Static Address Tagged Vlan Default Port Vlan and CoS Default Port Vlan and CoS CoS Queue Mapping Dhcp Snooping Dhcp Snooping Snmp Community Table Host Table Host Table Trap Setting Vacm Group Vacm View Vacm Group Vacm View USM User USM User Filters Filter Set Filter Set Filter Rule in MAC mode Filter Attach Filter Attach Port Access Control Security Port Access Control Dial-In User Dial-In user Radius Radius Statistics Chart Traffic Comparison Error Group Historical Status Historical Status Save Configuration Save Configuration Console Interface Power On Self Test CLI interface Boot ROM Command Mode Boot ROM Command Mode Boot ROM Commands Boot ROM commands System Commands Login and LogoutCLI Commands System Name System Contact System Location New Password Verify Password Default GatewayPassword Protection is Enabled/Disabled IP Address Flow Control Enable/Disable Physical Interface CommandsReboot Upload Route Commands Add Static Route CLI command l3 rip show Enable/Disable RIPRIP-enabled interfaces Delete Static Route Bridge Commands RIP-disabled interfaces CLI command l2 trunk show trunk id Create Trunk Show Trunk Lacp Action Mirror Mode Enable/Disable Monitor Port port numberAdd/Remove Trunk Lacp System Priority Show Multicast Group CLI command l2 mcast show Set Multicast GroupCLI command l2 mcast set Remove Multicast Group CLI command l2 rate limit limit rate Reload CLI command l2 igmp start/stop ReloadLimit CLI command l2 arl mac mac address MAC Address CLI command l2 arl port port number Query by Vlan IDCLI command l2 arl vlan vlan id Query by MAC Address Aging Time Dhcp Snoop CLI command l2 vlan show vlan id NameShow Vlan Remove Vlan Priority CoS Queue RetrieveDhcp Snooping Community Name Set SnmpAdd/Remove Trusted Port New community string new community string Community entry table index entry id to delete CLI command snmp host setHost IP Address Community Entry id table index entry id to delete Retrieve CLI command snmp trap addCLI command snmp trap set Trap Version v1/v2c Destination Community for Trap Security Model 0/1/2/3any/v1/v2c/usm old security model new View Name View Type View Subtree View Mask Access entry entry id to delete RetrieveView Subtree oid view subtree View Mask view mask 100 View Type1/2included/excluded old view type new view type View Type1/2included/excluded view typeView Subtree oid old view subtree new view subtree View entry entry id to delete Retrieve USM user entry entry id to delete Retrieve 102 Filters Commands New 104 GigaX Series L3 Managed Switch User Guide Attach Rule List106 Security Commands Quiet Period Max Reauthentication AttemptsAuthentication Control Retransmission Time User Name Password Confirm Password Dynamic Vlan Dynamic Vlan dynamic Vlan Generate SSH key Reset SSH key110 Show Generating Status 112 IP Addresses IP Addresses, Network Masks, and SubnetsStructure of an IP address IP address structure 114 Network classes 11111111 Subnet masks255.255.255.192 or 11111111 116 117 Ping TroubleshootingDiagnosing problems using IP utilities Ping Using the ping utility Nslookup Nslookup120 Replacing defective fans Loosening the thumbscrew Fan specifications 122 Troubleshooting Simple fixes Button in the Save Configuration 124 Glossary 10BASE-T 126 Ethernet 127 128 IP address 129 130 Ping 131 132 Tftp 133 Index 134 GigaX Series L3 Managed Switch User Guide 136 GigaX Series L3 Managed Switch User Guide