GE ML1200 - page 127

CHAPTER 7: ACCESS USING RADIUS ACCESS USING RADIUS

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL 7–3

10. If the supplicant does not have the necessary credentials, a RADIUS-Access-

Deny packet is relayed to the supplicant as an EAP-Failure frame. The access

to the network continues to be blocked.

FIGURE 7–2: 802.1x authentication details

The ML1200 software implements the 802.1x authenticator. It fully conforms to the

standards as described in IEEE 802.1x, implementing all the state machines needed for

port-based authentication. The ML1200 software authenticator supports both EAPOL and

EAP over RADIUS to communicate to a standard 802.1x supplicant and RADIUS

authentication server.

The ML1200 software authenticator has the following characteristics:

• Allows control on ports using STP-based hardware functions. EAPOL frames are

Spanning Tree Protocol (STP) link Bridge PDUs (BPDU) with its own bridge multicast

address.

• Relays MD5 challenge (although not limited to) authentication protocol to RADIUS

server

• Limits the authentication of a single host per port

• The MultiLink ML1200 Managed Field Switch provides the IEEE 802.1x MIB for SNMP

management

Contents

Main MultiLink ML1200 Instruction Manual *1601-9095-A1* IISO9001:2000 Page Table of Contents Page Page Page Page Page Chapter 1: Introduction 1.1 Getting Started 1.1.1 Inspecting the Package and Product 12 MULTILINK ML1200 MANAGED FIELD SWITCH INSTRUCTION MANUAL INTRODUCTION CHAPTER 1: INTRODUCTION 1.2 Order Codes ML1200 - * - * - * - * - * - * * 1.3 Specifications PERFORMANCE NETWORK STANDARDS AND COMPLIANCE, HARDWARE MAXIMUM 10 MBPS ETHERNET SEGMENT LENGTHS MAXIMUM STANDARD FAST ETHERNET SEGMENT LENGTHS: FIBER MULTI-MODE CONNECTOR TYPES SUPPORTED: FIBER SINGLE-MODE CONNECTOR TYPES: LEDS PER PORT (ONE SET AT THE PORT, ONE SET ON SWIVEL TOP ON RIGHT SIDE) OPERATING ENVIRONMENT ALARM RELAY CONTACTS Page Page 1.4 Command Line Interface Firmware 1.4.1 Console Connection 1.4.2 Console Setup 1.4.3 Console Screen 1.4.4 Logging In for the First Time 1.4.5 Automatic IP Address Configuration 1.4.6 Setting the IP Parameters Using Console Port Page 1.4.7 Privilege Levels 1.4.8 User Management 1.4.9 Help The following example lists commands starting with a specific string: In the following example, the <TAB> key completes the command: 1.4.10 Exiting 1.5 EnerVista Secure Web Management 1.5.1 Logging in for the First Time Page 1.5.2 Privilege Levels 1.5.3 User Management Page Page Page Page Page Page 1.6 ML1200 Firmware Updates 1.6.1 Updating Multilink ML1200 Firmware 1.6.2 Selecting the Proper Version 1.6.3 Updating through the Command Line Page 1.6.4 Updating through the EnerVista Secure Web Management software Page Page Chapter 2: Product Description 2.1 Overview Page 2.1.1 Four-port SFF fiber modules (CC Module, CD Module), 100Mb fiber 2.1.2 Four-Port Copper Module, C1 Module MDIX) 2.1.3 PoE (power pass-through), C2 Module (MDIX), 10/100Mb 4-port 2.1.4 Two-Port Fiber Modules, 2@ 100Mb fiber 2.1.5 Two -Port 10 Mb mm Fiber ST Modules 2.1.6 SFP Gigabit (1000Mbps) port modules 2.1.7 Packet Prioritization, 802.1p QOS 2.1.8 Frame Buffering and Flow Control 2.1.9 Managed Network Firmware for Multilink ML1200-Series 2.2 Features and Benefits Page 2.3 Applications Page Page Chapter 3: Installation 3.1 Preparation 3.1.1 Locating Multilink ML1200 Switches 3.2 Connecting Ethernet Media Page Page Page 3.3 Mechanical Installation 3.3.1 DIN-Rail Mounting the Multilink ML1200 Page 3.4 Electrical Installation 3.4.1 Powering the Multilink ML1200 Managed Field Switch 3.4.2 Alarm Contacts for monitoring internal power, and Software Traps 3.4.3 ML1200 Port Module (PM) Installation 3.4.4 Connecting a Management Console Terminal to Multilink ML1200 (Serial-RJ-45 Console Port) Chapter 4: Operation 4.1 Functionality 4.1.1 Switching Functionality 4.1.2 Status LEDs 4.1.3 Auto-Cross (MDIX) and Auto-negotiation, for RJ-45 ports 4.1.4 Flow-control, IEEE 802.3x standard 4.1.5 Power Budget Calculations for ML1200 PMs with Fiber Media and the Cable Loss for 9/125 (Single-mode) is 0.2 dB/km (ZX70) Page 4.2 Multilink ML1200 Managed Field Switch Port Modules 4.2.1 Inspecting the Package and Product 4.2.2 ML1200 Modules Page Page Page Page Page Page 4.2.3 Before Calling for Assistance Page Chapter 5: IP Addressing 5.1 IP Address and System Information 5.1.1 Overview Page 5.2 Importance of an IP Address 5.2.1 DHCP and bootp 5.2.2 bootp Database 5.2.3 Configuring DHCP/bootp/Manual/AUTO Page 5.2.4 Using Telnet Page Page 5.3 Setting Parameters 5.3.1 Setting Serial Port Parameters 5.3.2 System Parameters 5.3.3 Date and Time 5.3.4 Network Time Page Page Page 5.4 System Configuration 5.4.1 Saving and Loading Command Line 5.4.2 Config file Page Page 5.4.3 Displaying configuration Page Page 5.4.4 Saving Configuration Page IP ADDRESSING CHAPTER 5: IP ADDRESSING 5.4.5 Script File 5.4.6 Saving and Loading EnerVista Software Page 5.4.7 Host Names Page Page Page Kill Config option using CLI Page 5.5 IPv6 Assumptions 5.5.1 Introduction to IPv6 5.5.2 Whats changed in IPV6? 5.5.3 IPv6 Addressing 5.5.4 Configuring IPv6 5.5.5 List of commands in this chapter Chapter 6: Access Considerations 6.1 Securing Access 6.1.1 Description 6.1.2 Passwords 6.1.3 Port Security Feature 6.2 Configuring Port Security through the Command Line Interface 6.2.1 Commands 6.2.2 Allowing MAC Addresses CHAPTER 6: ACCESS CONSIDERATIONS ACCESS CONSIDERATIONS To deny a mac address, use the following: ML1200(port-security)## Example 6-1: Viewing the port security settings ML1200# ML1200(port-security)## Example 6-2: Enabling learning on a port ML1200(port-s ecurity)## ML1200(port-s ecurity)## Page Page 6.2.3 Security Logs Page 6.2.4 Authorized Managers Page 6.3 Configuring Port Security with EnerVista Software 6.3.1 Commands Page Page 6.3.2 Logs 6.3.3 Authorized Managers Page Page Chapter 7: Access Using RADIUS 7.1 Introduction to 802.1x 7.1.1 Description 7.1.2 802.1x Protocol Page Page 7.2 Configuring 802.1x through the Command Line Interface 7.2.1 Commands Page 7.2.2 Example Example 7-1: Setting port control parameters ML1200# auth ML1200(auth)## ML1200(auth)## (continued on following page) Setting port control parameters (continued) ML1200(auth)## ML1200(auth)## show-port backend ML1200(auth)## ML1200(auth)## show-port access ACCESS USING RADIUS CHAPTER 7: ACCESS USING RADIUS Setting port control parameters (continued) ML1200(auth)## ML1200(auth)## shoW-port reauth ML1200(auth)## show-stats port=3 ML1200(auth)## 7.3 Configuring 802.1x with EnerVista Secure Web Management software 7.3.1 Commands Page Page Page Page Page Chapter 8: Access using TACACS+ 8.1 Introduction to TACACS+ 8.1.1 Overview 8.1.2 TACACS+ Flow 8.1.3 TACACS+ Packet Page 8.2 Configuring TACACS+ through the Command Line Interface 8.2.1 Commands 8.2.2 Example Page Page Page Page Page 9.2 Port Mirroring using the Command Line Interface 9.2.1 Commands 9.3 Port Setup 9.3.1 Commands Page 9.3.2 Flow Control 9.3.3 Back Pressure PORT MIRRORING AND SETUP CHAPTER 9: PORT MIRRORING AND SETUP Back pressure and flow control (continued) ML1200(device)## ML1200(device)## ML1200(device)## setport port=11 flow=enable bp=enable 9.3.4 Broadcast Storms Page CHAPTER 9: PORT MIRRORING AND SETUP PORT MIRRORING AND SETUP 9.3.5 Link Loss Alert Example 9-3: Preventing broadcast storms ML1200# ML1200(device)## PORT MIRRORING AND SETUP CHAPTER 9: PORT MIRRORING AND SETUP setport port=<port#|list|range> [lla=<enable|disable>] The following example illustrates how to enable the link loss alert feature. Example 9-4: Link loss alert ML1200# ML1200(device)## ML1200(device)## ML1200(device)## Page 9.4.2 Port Setup Page Page 9.4.3 Broadcast Storms Page Chapter 10: VLAN 10.1 VLAN Description 10.1.1 Overview VLAN 3 10.1.2 Tag VLAN vs. Port VLAN Page 10.2 Configuring Port VLANs through the Command Line Interface 10.2.1 Description 10.2.2 Commands Page 10.3 Configuring Port VLANs with EnerVista Secure Web Management software 10.3.1 Description Page Page Page Page 10.4 Configuring Tag VLANs through the Command Line Interface 10.4.1 Description 10.4.2 Commands 10.4.3 Example Example 10-1: Converting Port VLAN to Tag VLAN CHAPTER 10: VLAN VLAN Intentionally executed to show the effect of adding a duplicate VLAN. Note that the VLANs are not started as yet. Adding the VLAN does not start it by default. CHAPTER 10: VLAN VLAN Page 10.5 Configuring Tag VLANs with EnerVista Secure Web Management software 10.5.1 Description Page Page Page Page Page Chapter 11: VLAN Registration over GARP 11.1 Overview 11.1.1 Description 11.1.2 GVRP Concepts 11.1.3 GVRP Operations Page Page Table 112: GVRP options Example 11-1: Converting a dynamic VLAN to a static VLAN ML1200# ML1200(gvrp)## ML1200(gvrp)## static vlan=10 ML1200(gvrp)## Page 11.2 Configuring GVRP through the Command Line Interface 11.2.1 Commands 11.2.2 GVRP Operation Notes Page 11.3 Configuring GVRP with EnerVista Secure Web Management software 11.3.1 Example Page Chapter 12: Spanning Tree Protocol (STP) 12.1 Overview 12.1.1 Description 12.1.2 Features and Operation Page 12.2 Configuring STP Page Page Page Page Example 12-4: Configuring STP parameters CHAPTER 12: SPANNING TREE PROTOCOL (STP) SPANNING TREE PROTOCOL (STP) Ports that have connected devices now participate in STP. STP is now enabled. Note the default values for the discussed variables. Page CHAPTER 12: SPANNING TREE PROTOCOL (STP) SPANNING TREE PROTOCOL (STP) The age parameter is out of range as per the IEEE 802.1d specifications. Page Chapter 13: Rapid Spanning Tree Protocol 13.1 Overview 13.1.1 Description 13.1.2 RSTP concepts 13.1.3 Transition from STP to RSTP Page 13.2 Configuring RSTP through the Command Line Interface 13.2.1 Normal RSTP Page Page Page Page CHAPTER 13: RAPID SPANNING TREE PROTOCOL RAPID SPANNING TREE PROTOCOL Example 13-4: Configuring RSTP Check the status of STP or RSTP. These commands show if STP or RSTP is enabled. RAPID SPANNING TREE PROTOCOL CHAPTER 13: RAPID SPANNING TREE PROTOCOL the switch protocol is RSTP. Using forceversion, the switch is now operating using RSTP . Note the CHAPTER 13: RAPID SPANNING TREE PROTOCOL RAPID SPANNING TREE PROTOCOL RAPID SPANNING TREE PROTOCOL CHAPTER 13: RAPID SPANNING TREE PROTOCOL 13.2.2 Smart RSTP (Ring-Only Mode) through the Command Line Interface (CLI) Page 13.3 Configuring STP/RSTP with EnerVista Secure Web Management software 13.3.1 Normal RSTP Page Page Page 13.3.2 Smart RSTP (Ring-Only Mode) with EnerVista Secure Web Management Software Page Page Page Chapter 14: Quality of Service 14.1 QoS Overview 14.1.1 Description 14.1.2 QoS Concepts 14.1.3 DiffServ and QoS 14.1.4 IP Precedence Page 14.2 Configuring QoS through the Command Line Interface 14.2.1 Commands Page QUALITY OF SERVICE CHAPTER 14: QUALITY OF SERVICE 14.2.2 Example The following example shows how to configure QoS. Example 14-1: Configuring QoS All traffic on port 2 is sent to the high priority queue and the QoS tag is set to 6. All traffic on port 1 is sent to the high priority queue. Configuring QoS (continued) The queue behavior is set so that 8 high-priority packets and 1 low-priority packet is sent out. Page Page Page Page Page Chapter 15: IGMP 15.1 Overview 15.1.1 Description 15.1.2 IGMP Concepts Page Page 15.1.3 IP Multicast Filters 15.1.4 Reserved Addresses Excluded from IP Multicast (IGMP) Filtering 15.1.5 IGMP Support 15.2 Configuring IGMP through the Command Line Interface 15.2.1 Commands Page 15.2.2 Example The following example shows how to configure IGMP. Page Page 15.3 Configuring IGMP with EnerVista Secure Web Management software 15.3.1 Example Page Chapter 16: SNMP 16.1 Overview 16.1.1 Description 16.1.2 SNMP Concepts Page 16.1.3 Traps 16.1.4 Standards Page 16.2 Configuring SNMP through the Command Line Interface 16.2.1 Commands 16.2.2 Example Page Page CHAPTER 16: SNMP SNMP Configuring SNMP (continued) ML1200(snmpv3)## ML1200(snmpv3)## ML1200(snmpv3)## show-view ML1200(snmpv3)## show-view id=1 ML1200(snmpv3)## notify=none Configuring SNMP (continued) ML1200(snmpv3)## ML1200(snmpv3)## ML1200(snmpv3)## show-user ML1200(snmpv3)## show-user id=2 ML1200(snmpv3)## show-user id=1 16.3 Configuring SNMP with EnerVista Secure Web Management software 16.3.1 Example Page Page Page 16.4 Configuring RMON 16.4.1 Description 16.4.2 Commands Page Chapter 17: Miscellaneous 17.1 E-mail 17.1.1 Description 17.1.2 Commands 17.1.3 Example Page 17.2 Statistics 17.2.1 Viewing Port Statistics with EnerVista Secure Web Management software Page 17.3 Serial Connectivity 17.3.1 Description 17.4 History 17.4.1 Commands 17.5 Ping 17.5.1 Ping through the Command Line Interface 17.5.2 Ping through EnerVista Secure Web Management software 17.6 Prompt 17.6.1 Changing the Command Line Prompt 17.7 System Events 17.7.1 Description 17.7.2 Command Line Interface Example 17.7.3 EnerVista Example Page 17.8 Command Reference 17.8.1 Main Commands Page 17.8.2 Configuration commands Page Page Page Page Chapter 18: Modbus Protocol 18.1 Modbus Configuration 18.1.1 Overview 18.1.2 Command Line Interface Settings Page Page 18.2 Memory Mapping 18.2.1 Modbus Memory Map Table 181: Modbus memory map (Sheet 2 of 33) Table 181: Modbus memory map (Sheet 3 of 33) Table 181: Modbus memory map (Sheet 4 of 33) Table 181: Modbus memory map (Sheet 5 of 33) Table 181: Modbus memory map (Sheet 6 of 33) Table 181: Modbus memory map (Sheet 7 of 33) Table 181: Modbus memory map (Sheet 8 of 33) Table 181: Modbus memory map (Sheet 9 of 33) Table 181: Modbus memory map (Sheet 10 of 33) Table 181: Modbus memory map (Sheet 11 of 33) Table 181: Modbus memory map (Sheet 12 of 33) Table 181: Modbus memory map (Sheet 13 of 33) Table 181: Modbus memory map (Sheet 14 of 33) Table 181: Modbus memory map (Sheet 15 of 33) Table 181: Modbus memory map (Sheet 16 of 33) Table 181: Modbus memory map (Sheet 17 of 33) Table 181: Modbus memory map (Sheet 18 of 33) Table 181: Modbus memory map (Sheet 19 of 33) Table 181: Modbus memory map (Sheet 20 of 33) Table 181: Modbus memory map (Sheet 21 of 33) Table 181: Modbus memory map (Sheet 22 of 33) Table 181: Modbus memory map (Sheet 23 of 33) Table 181: Modbus memory map (Sheet 24 of 33) Table 181: Modbus memory map (Sheet 25 of 33) Table 181: Modbus memory map (Sheet 26 of 33) Table 181: Modbus memory map (Sheet 27 of 33) Table 181: Modbus memory map (Sheet 28 of 33) Table 181: Modbus memory map (Sheet 29 of 33) Table 181: Modbus memory map (Sheet 30 of 33) Table 181: Modbus memory map (Sheet 31 of 33) Table 181: Modbus memory map (Sheet 32 of 33) Table 181: Modbus memory map (Sheet 33 of 33) 18.2.2 Format Codes Page Page A.2 Warranty A.2.1 GE Multilin Warranty Statement Page Page B.2 -48 V DC, 24 V DC and 125 V DC Power, Theory of Operation B.3 Applications for DC Powered Ethernet Switches B.4 ML1200, -48 V, 24 V, 125 V DC Installation B.5 UL Requirements for DC-powered units Page Page Page C.1 Specifications for Multilink ML1200 Field Switch C.2 Multilink ML1200 with -48 V DC, 24 V DC and 125 V DC Dual-Source option Page C.4 Features and Benefits of the Dual-Source Design C.5 Installation