Configuring the P330 for PBNAC | Avaya P3343T-ML manual

Configuring the P330 for PBNAC

Chapter 11 Avaya P330 Layer 2 Features

will be blocked.

•When PBNAC is activated, the application immediately places all ports in a blocking state unless they were declared “Force Authenticate”. They will be reverted to “Forwarding” state only when the port is authorized by the RADIUS server.

The actual state of ports configured as “Force Authenticate” is determined by the STA.

Configuring the P330 for PBNAC

This section lists the basic tasks required to configure a P330 stack for PBNAC. To configure P330 for PBNAC, do the following:

•Configure a RADIUS server on a network reachable from the P330:

—Create user names and passwords for allowed users.

—Make sure the EAP option is enabled on this server.

•Configure the P330 for RADIUS:

—Configure RADIUS parameters.

—Enable the RADIUS feature.

—Configure the port used to access the RADIUS server as “force-authorized.” You can configure on the RADIUS server a PVID, static VLAN binding and port level for each authenticated user. If the port that the user is connected to is authorized, those parameters will be assigned to the port.

•Connect the Supplicant—i.e., Windows XP clients—directly to the P330.

•Verify that the dot1x port-control is in auto mode.

•Set the dot1x system-auth-config to enable; the authentication process starts:

—The supplicant is asked to supply a user name and password.

—If authentication is enabled on the port, the Authenticator initiates authentication when the link is up.

—Authentication Succeeds: after the authentication process completes, the supplicant will receive a Permit/Deny notification.

—Authentication Fails: authentication will fail when the Supplicant fails to respond to requests from the Authenticator, when management controls prevent the port from being authorized, when the link is down, or when the user supplied incorrect logon information.

Avaya P334T-ML User’s Guide

89

Image 105

Avaya P3343T-ML manual Configuring the P330 for PBNAC

Contents

SOFTWARE VERSION STACKABLE SWITCHInstallation and Configuration Guide AVAYA P334T-ML Document no avaya.com Contents SectionOverview Installation Configuring the Terminal Serial Port Parameters Configuration Ingress VLAN Security Port Mirroring Constraints Troubleshooting and Maintenance Chapter 15 Updating the Software Safety Information Before you Install the P330-MLPreface FCC Notice Notes, Cautions, and Warnings Warranty Avaya Support Avaya P334T-ML User’s Guide SECTION 1 OVERVIEW Page Avaya P334T-ML Overview Avaya P334T-ML FeaturesChapter Introduction Command Line Interface CLI Layer 3 Features P330-MLNetwork Management and Monitoring Device Manager Embedded Web Avaya Integrated Manager Port MirroringSMON Fans, Power Supply, and BUPS-ML Monitoring Avaya P330 Standards Supported Standards and CompatibilityIEEE IETF - Layer IETF - Network Monitoring P334T-ML Switch SpecificationsPower Requirements Physical Safety - AC Version SafetySafety - DC Version EMC Emissions Stacking Sub-module InterfacesBasic MTBF Approved SFF/SFP GBIC Transceivers Safety Information Specifications InstallationTo Install the SFF/SFP GBIC transceiver To Remove the SFF/SFP GBIC transceiver Agency Approval Gigabit Fiber Optic Cabling Console Pin Assignments Avaya P334T-ML User’s Guide SECTION 2 INSTALLATION Page Installation Required ToolsSite Preparation Power Requirements - DC Table 4.2 Power Requirements - AC Rack Mounting Optional Installing the X330STK-ML Stacking Sub-Module Optional Connecting Stacked SwitchesTo connect stacked switches 5 Power up the added modules X330RC X330SCX330LC Connecting Cables to Network Equipment Making Connections to Network EquipmentPrerequisites Page Powering Up the Avaya P330 Powering On - Avaya P330 Module ACPowering On - Avaya P330 Switch DC Post-Installation Avaya P334T-ML Front Panel Avaya P334T-ML Front and Rear Panels LED Name P334T-ML LEDs Chapter 6 Avaya P334T-ML Front and Rear Panels Avaya P334T-ML LED Descriptions Continued BUPS-ML connector cover plate removed Avaya P334T-ML Back PanelTable 6.2 Avaya P334T-ML - - Select buttons Figure 6.4 P334T-ML AC version Back Panel with Stacking Sub-module Figure 6.6 BUPS-ML Input Connector Sticker BUPS-ML Input Connector Configuring the Terminal Serial Port Parameters Establishing Switch AccessConnecting a Terminal to the Avaya P330 Serial port Establishing a Serial Connection Assigning P330’s IP Stack Address P330 Sessionssession router The mode can be either switch, router, wan, atm, mgp Establishing an SSH Connection Establishing a Telnet Connection set interface ppp enable Connecting a Modem to the Console PortEstablishing a Modem PPP Connection with the P330 Overview Entering the Supervisor Level Security Levels Entering the CLI User Authentication SNMP SupportIntroduction to SNMP control the P330 Users Groups Views SNMP Commands In order to In order to Introduction to SSH SSH Protocol Support Figure 8.1 SSH Session Establishment Process SSH Commands SCP Protocol Support Introduction to RADIUS RADIUS User name and password authenticated? No Authentication Reject User attempts login Local User account authenticated in switch? Nosent to switch Authentication request sent to RADIUS Server Radius Commands Telnet Commands Telnet Client SupportIntroduction to Telnet Recovery Password Recovery Password CommandsIntroduction Allowed Managers CLI Commands Allowed ManagersAllowed Managers Introduction Allowed Protocols CLI Commands Allowed ProtocolsAllowed Protocols Introduction no ip telnet-client ip telnet-client enable SECTION 3 CONFIGURATION Page P330 Default Settings Configuring the SwitchAvaya P330 Default Settings Function 1 Ensure that the other side is also set to Autonegotiation Enabled PortsPorts 51 Avaya P334T-ML User’s Guide Basic Switch Configuration Switch Configuration System Parameter Configuration Identifying the systemOperating parameters Network Time Acquiring Protocols Parameter Configuration Uploading and Downloading Device Configurations and Images Layer 2 Configuration File In order to Layer 3 Configuration File In order to System Logging Introduction System Logging Applications Sinks Syslog Servers Syslog Configuration CLI Commands In order to Monitoring CPU Utilization Avaya P334T-ML User’s Guide Overview Avaya P330 Layer 2 Features Ethernet Configuring Ethernet ParametersFast Ethernet Gigabit Ethernet Gigabit Ethernet ports MMMMMMSSSSSS MM-MM-MM-SS-SS-SS Ethernet Configuration CLI Commands Speed - 10/100 ports 1-48 1G ports 51 Ethernet Implementation in the Avaya P334T-MLPriority queuing - 10/100 ports 4 queues 1G ports 2 queues CAM size - 8K addresses VLAN Overview VLAN Configuration Multi VLAN Binding VLAN Tagging Figure 11.3 illustrates these binding modes in P330 VLAN CLI Commands Automatic VLAN LearningIngress VLAN Security VLAN Implementation in the Avaya P334T-ML Port Based Network Access Control PBNAC How “Port Based” Authentication WorksPBNAC Implementation in the P330 Family Configuring the P330 for PBNAC PBNAC CLI Commands In order to Spanning Tree Protocol Spanning Tree ProtocolSpanning Tree per Port Rapid Spanning Tree Protocol RSTP Spanning Tree Implementation in the P330 Family Spanning Tree Protocol CLI Commands set port point-to-point admin Set the port point-to-point adminadmin and operational RSTP status status MAC Security Implementation in P330 MAC Security MAC Security CLI Commands Configuring the P330 for MAC Aging MAC Aging CLI CommandsMAC Aging LAG Overview LAG CLI Commands LAG Implementation in the Avaya P330 Family of Products Port Redundancy Operation Port Redundancy Intermodule Port Redundancy Port Redundancy CLI Commands display the intermodule show intermodule port redundancyredundancy entry defined for the IP Multicast Filtering IP Multicast Implementation in the Avaya P334T-ML IP Multicast CLI Commands RMON CLI Commands RMONRMON Overview In order to SMON Overview SMON Port Mirroring CLI commands Port Mirroring ConfigurationPort Mirroring Overview Port Mirroring Constraints About Multilayer Policy Multilayer Policy Multilayer Policy Implementation in the P334T-ML Configuring the P334T-ML for Multilayer Policy Multilayer Policy CLI Commands In order to Weighted Queuing Implementation of Weighted Queuing in the P330-MLWeighted Queuing CLI Commands Port Classification Port Classification CLI Commands Stack Redundancy Stack HealthImplementation of Stack Health in the P330 Family Initiate the stack health testing Stack Health CLI Commandsprocedure set stack health Avaya P334T-ML User’s Guide What is Routing? Avaya P330 Layer 3 Features Figure 12.1 Routing Routing Configuration ForwardingMultinetting Multiple Subnets per VLAN IP Configuration CLI Commands IP Configuration set vlan Vlan-id name Vlan-name replacing Vlan-id by the Assigning Initial Router Parameters The Routerconfigure-ifinterface-name# prompt appears Routerconfigure# interface interface-nameRouterconfigure-ifinterface-name# ip address ip- address netmask Routerconfigure# interface interface-name# ip vlan vland-id To obtain a License Key that enables routing features Obtaining a Routing License Key1 Go to http//license-lsg.avaya.com and click “request new license” 2 Enter the Certificate Key and Certificate Type 3 Click Next 6 View number of licenses left 4 Enter contact information once per certificate 5 Click Next set license module license featureName License Key CLI CommandsActivating a Routing License Key Avaya P334T-ML User’s Guide RIP Overview RIP Routing Interchange Protocol Configuration RIP CLI Commands RIP2Table 12.1 DIfferences Between RIP and RIP2 In order to OSPF Overview OSPF Open Shortest Path First Configuration OSPF CLI Commands Static Routing Configuration Static Routing Configuration CLI CommandsStatic Routing Overview Route Preferences Route Redistribution Route Redistribution Commands ARP Overview ARP Address Resolution Protocol Table Configuration The ARP Table ARP CLI Commands BOOTP/DHCP Overview BOOTP/DHCP Dynamic Host Configuration Protocol Relay Configuration BOOTP/DHCP CLI Commands NetBIOS Re-broadcast Configuration NetBIOS OverviewNetBIOS Re-broadcast Configuration CLI Commands VRRP Overview VRRP Virtual Router Redundancy Protocol Configuration VRRP Configuration Example Case #2 VRRP CLI Commands In order to SRRP Configuration SRRP Configuration ExampleSRRP Overview SRRP CLI Commands Policy Configuration Policy Configuration OverviewPolicy Configuration CLI Commands In order to Figure 12.4 Avaya P330 Policy Policy Configuration Example P330-1super# ip access-list 100 1 fwd6 tcp 149.49.0.0 0.0.255.255 any P330-1super# ip access-list 100 2 fwd3 tcp any hostP330-1super# ip access-list 100 3 deny tcp host 192.168.5.33 any eq IP Fragmentation and Reassembly IP Fragmentation and Reassembly OverviewIP Fragmentation/Reassembly CLI Commands SECTION 4 TROUBLESHOOTING AND MAINTENANCE Page Troubleshooting the Installation Troubleshooting the Installation Chapter 13 Troubleshooting the Installation Replacing the Stacking Sub-module Maintenance Maintenance Software Download Updating the SoftwareObtain Software Online Downloading Software Download New Version without Overwriting Existing Version