802.1X Configuration | GE 82-POE, GE-DS-82 specification

Chapter 4: Web-Based Management

802.1X Configuration

802.1x is an IEEE authentication specification which prevents the client from accessing a wireless access point or wired switch until it provides authority, like the user name and password that are verified by an authentication server (such as RADIUS server).

Understanding IEEE 802.1X Port-Based Authentication

The IEEE 802.1X standard defines a client-server-based access control and authentication protocol that restricts unauthorized clients from connecting to a LAN through publicly accessible ports. The authentication server authenticates each client connected to a switch port before making available any services offered by the switch or the LAN.

Until the client is authenticated, 802.1X access control allows only Extensible Authentication Protocol over LAN (EAPOL) traffic through the port to which the client is connected. After authentication is successful, normal traffic can pass through the port.

This section includes this conceptual information:

•Device Roles

•Authentication Initiation and Message Exchange

•Ports in Authorized and Unauthorized States

•Device Roles

With 802.1X port-based authentication, the devices in the network have specific roles as shown below.

GE-DS-82 and 82-PoE Ethernet Managed Switch User Manual

123

Image 127

GE 82-POE, GE-DS-82 user manual 802.1X Configuration, Understanding Ieee 802.1X Port-Based Authentication

Contents

Security N4131 Web-Based Management ContentInstallation Introduction What is PoE? Switch Operation Power Over Ethernet OverviewTroubleshooting Chapter Product Description Package Contents Powerful Security Remote and Centralize Management installation Physical Port How to Use this ManualProduct Features Power over Ethernet of GE-DS-82-PoE GE-DS-82-PoE Layer 2 FeaturesQuality of Service Priority queues on all switch ports Traffic classification Security MulticastManagement Power over Ethernet GE-DS-82-PoE Only Product SpecificationsDram Vlan LED PoE Power Supply Type Quality of ServiceAccess Control List Power over Ethernet PoE Standard Standards Compliance Power Pin AssignmentPoE Power Budget Max. number of Class Standards Conformance Safety Hardware Description Switch Front Panel10/100Mbps TP Interface GE-DS-82, GE-DS-82-PoE Gigabit SFP Slots Reset buttonLED Indications Gigabit TP Interface Per 10/100Base-T RJ-45 port SystemPer 10/100/1000Base-T port/SFP interfaces Per 10/100Base-TX, PoE interfaces Port-1 to Port-8 Switch Rear Panel Console Port Power Notice Desktop/Shelf Installation Switch Installation Secure the brackets tightly, but do not over tighten screws Rack-mount Installation Mounting the GE-DS-82 in a rack SFP Transceiver Installation 1000Base-SX/LX SFP transceiver Approved GE Security SFP Transceivers Remove the transceiver module Connect the fiber cable Pulling out the SFP transceiver Installation Summary RequirementsThis chapter covers the following topics Management Access Overview Management Methods Comparison Web Browser Management Login to the managed Switch Web Browser SetupPC / Workstation With IE Browser RJ-45/UTP-Cable IP Address Login screen IP Address Administration ConsoleSNMP-Based Network Management PC / Workstation With Snmp application PC connected to Switch with RS-232 serial cable Direct Access Protocols Telnet SetupVirtual Terminal Protocols New Connection dialog window Log on to the Console Management Architecture Snmp Protocol About Web-based Management Web-Based Management Requirements Http//192.168.0.100 Logging on to the Switch Panel Display Main Web Port states are illustrated as follows Main Menu System Information System Basic Misc ConfigThis page includes the following fields Broadcast Storm Filter Object DescriptionMode What is an IP address? IP ConfigurationHow do I get one for this box? Objectdescription IP Configuration Gateway Snmp ConfigurationSnmp Overview Subnet Mask System Options Snmp Community Snmp Status System NameSystem Location System Contact Community Strings Community strings serve as passwords. See the table belowTrap Managers Group Name SNMPv3 GroupsEnter the IP address of the trap manager Community Enter the community string for the trap station Included Excluded SNMPv3 ViewSecurity Name View Name Digits SNMPv3 AccessView Subtree View Mask Hexadecimal SNMPv3 usm-user Tftp Firmware Upgrade Firmware UpgradeThis page include the following fields Firmware Upgrade screen is displayed as in Figure Http Firmware UpgradeTo open the Firmware Upgrade screen, do the following Click System then Web Firmware Upgrade Tftp Restore Configuration Configuration Backup Configuration Backup interface Tftp Backup Configuration System Reboot Factory DefaultReboot the switch. Click reboot to reboot the system Port Control Syslog SettingPort Configuration This page includes the following settings Port Control interface BSF Port Statistics Port Status Via this port Port Port number Link Status of linking-Up or Down StateOr receive any packet Tx Bad Packet Port Mirror application Port Sniffer Monitored Port Sniffer Type Protected Protected Port Vlan Overview Vlan Configuration Web-Based Management 802.1Q Tag Static Vlan Configuration Static Vlan interface Port-Based Vlan Port-based Vlan interface Create a Vlan and add member ports to it Member Vlan NameGroup ID Port Untagged Understand nomenclature of the Switch802.1Q Vlan Tagged Vlan Group Configuration Vlan Group Configuration Vlan Group Configuration interface UnTag Member Vlan ID Pvid Vlan Filter Ingress Filtering Ieee 802.1Q Tunneling Q-in-Q QinQ Vlan \ QinQ Port Setting screen in appears In-Q Port Setting Object In-Q Tunnel Setting In-Q Tunnel Setting interface To configure Gvrp Gvrp Setting Object Description Gvrp Enable global Gvrp function Object Description Vlan ID Gvrp Table Theory Rapid Spanning Tree Creating a Stable STP Topology Bridge Protocol Data Units STP Port States STP Port State Transitions Illustration of STP Before Applying the STA Rules This example, only the default STP values are used Parameter Description Default ValueSTP Parameters STP Operation Levels Port Priority Rstp System ConfigurationParameter Description Default Value 128 RSTP, 802.1w Rstp modeForward Delay Time Protocol Version Rstp Bridge Status page screenshot Root Bridge Information Costs on the least cost path to the Root Bridge Rstp Port Configuration interface Path Cost Admin P2PAdmin Edge Admin Non STP Recommended STP Path Cost Range Trunking Aggregator Setting Work ports Aggregator InformationSystem Priority Lacp Assigning 2 ports to a trunk group with Lacp disabled Switch 1 configuration Lacp enabledTrunk group Switch 2 configuration interface Switch 2 configuration State Activity Switch 1 Aggregator Information Dynamic MAC Table Forwarding and Filtering Add the Static MAC Address You can add static MAC address in the switch MAC table hereStatic MAC Table MAC Table Entries Vlan ID for the entry MAC Filtering MAC Address Enter the MAC address that you want to filter MAC Filtering interface About the Internet Group Management Protocol Igmp Snooping Igmp Snooping Multicast flooding Octets Type Response Time Igmp Versions 1 Igmp State Transitions Igmp Querier Will be displayed in Igmp status section Igmp Configuration Understand QOS QoS Configuration Priority Queue Service settings QoS Configuration802.1Q Tag and 802.1p priority 802.1p priority First Come First ServiceWeighted Round Robin All High before Low TOS/DSCP QoS PerPort Configuration DiffServ TOS/DSCP ConfigurationPrecedence TOS MBZ Object Description TOS/DSCP TOS/DSCP Port ConfigurationDscp QoS Configuration TOS/DSCP Port Status Access Control List Packet Type Object Description Default ValueIPv4 ACL Action TCP Type Non-IPv4 ACLPacket Type/Binding box should select Non-IPv4 Ether Type Port Id Binding Limit MAC Limit ConfigurationMAC Limit MAC Limit This table displays current MAC Limit status of each port MAC Limit Port Status Understanding Ieee 802.1X Port-Based Authentication 802.1X Configuration 802.1x device role 125 EAP message exchange System information \ Misc Configuration\ 802.1x Protocol System Configuration NAS, Identifier Set the identifier for the Radius client 802.1x Port ConfigurationShared Key On the Radius Server 802.1x Per Port Setting interface Misc Configuration Power over Ethernet Powered Device Power Over EthernetPower Management PoE Configuration PoE PSU Status PoE Temperature UnitPower limit mode Power Allocation PD Classifications Power Limit Dhcp Relay and Option To configure Dhcp Relay Lldp Value is Lldp ConfigurationPerPort Configuration Use this page to change Lldp parameters Lldp Status Lldp Per Port Configuration Console Management Login in to the Console Interface GE-DS-82-PoEConsole Login screen Show the current IP address Configure IP address Subnet Mask Gateway Configure IP address Following table lists the CLI commands and description Commands LevelExec 144 Switch config # Switch# configureOperation Notice Key Function System CommandsCommand Line Editing Command Help Parameters Switch Static ConfigurationPort Configuration and show status Syntax Set port effective ingress or egress rate Enable or disable port flow controlPort flow enable disable enable disable port-list Port priority disable low high port-list Port jumboframe enable disable port-list Port-id specifies the port to be shown Show protected port information Trunking Commands Trunk ConfigurationShow trunking information Lacp Commands Syntax Lacp system-priority Parameters Port-idspecifies the port to be shown Virtual LANsShow Lacp information by port Syntax Show lacp port port-idParameters Display the current Vlan mode Vlan Mode Port-based Ingress filters configuration Advanced 802.1Q Vlan ConfigurationChange Vlan mode Disabled port-based dot1q specifies the Vlan mode Syntax Vlan add 1-4094 Name cpu-portno-cpu-port List List Add or edit Vlan entryDelete Vlan entry Specifies the Vlan id, null means all valid entries. e.g Show Vlan entry information Vlan Show static Vlan entry information Show port default Vlan idSyntax Show vlan pvid List Parameters 162 Set ingress filter rules Show Vlan filter settingSyntax Show vlan filter List Parameters Forward No mac-age-time Description Misc ConfigurationMac-age-time Parameters Syntax Collision-Retry off 16 32 Parameters Collision-Retry setting No hostname Administration ConfigurationChange Username / Password Syntax Hostname name-str Parameters Show IP address, subnet mask, and the default gateway User can configure the IP setting and fill in the new valueSet the default gateway IP address Syntax Ip default-gateway ip-addr Show dhcp enable/disable Reboot switchReset to Default Set switch as dhcp client, it can get ip from dhcp server Download firmware from Tftp server Tftp Update FirmwareRestore Configure File Copy tftp running config flash Description Copy running config flash tftp Description Backup Configure FileIp-addr specifies the IP address of the Tftp server Mac-limit Description No mac-limit DescriptionSyntax Mac-limit port-list Syntax Mirror-port rx tx both port-idport-list Parameters Port Mirroring ConfigurationShow port monitoring information Quality of Service Set 802.1p priority Per Port Priority Syntax Port priority disable 0-7 port-list Parameters Syntax No mac-address-table static mac-addrvlan-id MAC Address ConfigurationMac-address-table static Description No mac-address-table static mac-addr Description Show smac-address-table multicast Description Show mac-address-table static DescriptionShow mac-address-table multicast Description Smac-address-table static Description Spanning-tree hello-time Description STP/RSTP CommandsSpanning-tree forward-delay Description Syntax Spanning-tree forward-delay 4-30 Parameters Syntax Spanning-tree priority 0-61440 Parameters Spanning-tree maximum-age DescriptionSyntax Spanning-tree maximum-age 6-40 Parameters Spanning-tree priority Description Syntax Show spanning-tree port port-list Parameters Show spanning-tree port DescriptionSpanning-tree debug Description Syntax No spanning-tree port mcheck port-list Parameters Spanning-tree protocol version DescriptionSyntax Spanning-tree protocol-version stp rstp Parameters No spanning-tree port mcheck Description Syntax No spanning-tree port non-stp port-list Parameters No spanning-tree port non-stp DescriptionSpanning-tree point-to-point mac Description Snmp system-name Description System OptionsSnmp /no snmp Description Show snmp status Description Syntax Snmp system-contact contact-str Parameters Snmp system-location DescriptionSyntax Snmp system-location location-str Parameters Snmp system-contact Description Syntax No snmp community community-str Parameters Community StringsSet Snmp community string Delete Snmp community string Syntax No snmp trap ip-addr 1..65535 Parameters Trap ManagersSyntax Snmp trap ip-addr community-str 1..65535 Parameters Remove trap receiver IP address and port number Syntax No igmp querier Syntax No igmp fastleaveSyntax No igmp CrossVLAN Syntax Show igmp status router groups table Parameters Enable/disable Igmp snooping debugging outputSyntax No igmp debug Show Igmp snooping information Radius-server key Description 802.1x ProtocolDot1x Description Radius-server host Description Radius-server nas Description Syntax Dot1x timeout quiet-period 0..65535 ParametersDot1x timeout tx-period Description Syntax Dot1x timeout tx-period 0..65535 Parameters Syntax Dot1x timeout radius-server 1..300 Parameters Dot1x timeout supplicant DescriptionSyntax Dot1x timeout supplicant 1..300 Parameters Dot1x timeout radius-server Description Syntax Dot1x port fu fa au no port-list Parameters Set 802.1x per port informationShow 802.1x per port information Syntax No acl 1-220 Parameters Ipv4 ACL commands Show ACL group information Add or edit ACL group for Ipv4 Acl addedit 1-220 permitdeny 0-4094 ipv4 0-255 Description Commands Non-Ipv4 ACL commandsAcl addedit 1-220 qosvoip 0-4094 Description Add or edit ACL group for non-Ipv4 Binding SIP/SMAC binding commands Add Binding group Show Binding group informationSyntax Bind add 1-220 Abcdef 0-4094 A.B.C.D 1-26 Parameters Global Configuration Example Power over Ethernet Commands GE DS-82-PoEShow System Power over Ethernet information Command Level Show per PoE port information Global ConfigurationSyntax Show poe status port-list Parameters Configure System PoE power limit mode information Configure PoE Over Temperature ProtectionConfigure PoE System Poe temperature-protection enablex4 Description No Limit Enabling or disabling the port POE injects function Configure PoE -- Port Syntax Poe priority Critical High Low port-list Parameters Poe maximum-power Description 208 Learning Address TableForwarding & Filtering Auto-Negotiation Store-and-Forward What is PoE? Power Over Ethernet Overview PoE System Architecture How Power is Transferred Through the Cable Consider the following scenarios When to install PoE?References Microsemi /PowerDsine Linear Tech Stages of powering up a PoE linkPoE Provision Process Operation Line DetectionClassification Start-up AC Disconnect Power OverloadsPower Disconnection Scenarios DC Disconnect Performance is poor Solution Link LED is not lit SolutionWhy the Switch doesnt connect to the network? Solution While IP Address be changed or forgotten admin password Switch does not power up Solution 1000Mbps, 1000Base T Switchs RJ-45 Pin Assignments Standard cable, RJ-45 pin assignment 10/100Mbps, 10/100Base-TXTx + transmit Rx + receive Tx transmit Rx receive Not used Crossover Cable Straight CableSide SIDE2 Side