127, Access blocked | ICP DAS USA MSM-6226 guide

8.If user ID and password is correct, the authentication server will send a Radius-Access-Accept to the authenticator. If not correct, the authentication server will send a Radius-Access-Reject.

9.When the authenticator PAE receives a Radius-Access-Accept, it will send an EAP-Success to the supplicant. At this time, the supplicant is authorized and the port connected to the supplicant and under 802.1x control is in the authorized state. The supplicant and other devices connected to this port can access the network. If the authenticator receives a Radius-Access-Reject, it will send an EAP-Failure to the supplicant. This means the supplicant is failed to authenticate. The port it connected is in the unauthorized state, the supplicant and the devices connected to this port won’t be allowed to access the network.

10.When the supplicant issue an EAP-Logoff message to Authentication server, the port you are using is set to be unauthorized.

Bridge

PC	Port connect

LAN Radius Server

Access blocked

EAPOL-Start	EAPOL	EAP	Radius
		Authenticator
EAP-Request/Identity
EAP-Response/Identity		Radius-Access-Request
EAP-Response/Identity
	EAP-Request	Radius-Access-Challenge
	EAP-Request
EAP-Response (cred)		Radius-Access-Request
EAP-Response (cred)
	EAP-Success	Radius-Access-Accept
	EAP-Success
	EAP-Failure
EAP-Logoff

Access allowed

Fig. 3-50

127	Publication date: March., 2011
	Revision A1

Image 139

ICP DAS USA MSM-6226 user manual 127, Access blocked

Contents

MSM-6226 Duration of Hardware Warranty Iii Table of Contents 278 Appendix B Null Modem Cable Specifications Vii Revision History Federal Communications Commission FCC Statement Electronic Emission NoticesPage Warrning About this user’s manual Page Overview of MSM-6226 Key Features in the DeviceModel Description Vlan MVR Management ChecklistFeatures Hardware Supports Link Layer Discovery Protocol LLDP, IEEE802.1AB User Interfaces on the Front Panel Button, LEDs and Plugs View of MSM-6226 10/100Mbps Ethernet TP Port 1 to 24 LED LED IndicatorsUser Interfaces on the Rear Panel System LED Connecting the SFP Module to the Chassis Hardware and Cable InstallationStarting MSM-6226 Up Power On TP Port and Cable InstallationFirmware Loading Cabling Requirements for 1000SX/LX SFP Module Installing Chassis to a 19-Inch Wiring Closet RailCabling Requirements Cabling Requirements for TP Ports 1000Base-X TP, Fiber 100Base-TX TP 100Base-FX Fiber Typical Network Topology in Deployment No Vlan Configuration Diagram Case 2b Port-based Vlan See -5 Configuring the Management Agent of MSM-6226 Login Screen for CLI Set IP Address, Subnet Mask and Default Gateway IP Address Managing MSM-6226 through Ethernet Port 10 the Login Screen for Web Class a IP Address AssignmentClass B Class D and E Class C 10000000.00000001.00000010.1 DNS 13 Network Connection between Remote Site and Central Site Typical Applications 14 Peer-to-peer Network Connection Operation of Web-based Management Page Information of Page Layout Web Management Home Overview Port detail information Snmp Parameter description System Information Publication date March IP Address Configuration IP Configuration Host ID Time Configuration NTP Page Account Configuration Management Security Accept VID Action Virtual Stack Parameter description Dhcp Snooping Dhcp Snooping Config Trust Group Publication date March MAC Lease List Counter Dhcp Relay State Dhcp Relay Server Port Disable Dhcp Relay LifetimeDhcp Relay Agent Information Option 82 state Dhcp Relay Agent Information Option 82 Policy Name IP-MAC BindingState Binding List Add Six-byte MAC AddressFour-byte IP Address Port No Port Status Port Configuration Publication date March Parameter description of Port 25 and Port Publication date March Port Configuration Media type NWay Speed Duplex Port Description Simple Counter Detail Counter Publication date March Page Locked Port Resume State Disable / EnableLoop Detection Current Status 19 Community and trap host setting Snmp Configuration Publication date March Dhcp Boot Multicast Igmp Setting Igmp Vlan Enable Igmp Vlan Group Allow MVR Setting Multicast Status Radius Igmp Page Lldp Page Lldp Entry Page Lldp Statistics Page Vlan Vlan Mode SVL Publication date March Tag-based Group Publication date March Pvid Publication date March Port-based Group Publication date March Management Vlan MAC Table MAC Table Maintenance Static Setting MAC MAC Alias Port Select the port you would like to inquire Vlan Group ID that MAC Entry for the port member exists Gvrp Configuration Publication date March Total Gvrp Packets JoinIn Message Packets VID 101 STP ConfigurationSTP Status Page STP Configuration Page STP Port Configuration Page 107 Status Mstp Configuration Region Config Instance View 111 43.5 Instance Config 113 43.6 Port ConfigPage 43.7 Instance Status 115 Cist Root Priority 43.8 Port Status 117 Lacp Trunking Configuration 119 Lacp 121 Lacp Detail Lacp Aggregator Detailed Information 123 17 .1x Configuration 125 Authenticator’s System Authentication Server’s SystemPage 127 Access blocked Port Mode Port Control Authentication Port Status 129 802.1x Mode Setting 131 Param. Setting 133 Alarm Configuration 135 User Configuration ConfigurationDefault Configuration Working Configuration Save/Restore Restore Default Configuration includes default IP address Restore User Configuration Config File Security Isolated Group Bandwidth Egress Bandwidth Setting 145 Page QoSQuality of Service Configuration Dscp VIP/DSCP TOS 802.1p Final result 149 Dscp Setting ACL Ingress Port Map ACL ConfigurationEdit/ Show ACL name Vlan Tag 153Ethernet Type IPv4 155 Page In-Band / Out-Band Forward Decision 157 Modify Packet for In/ Out-Band Modify Packet -802.1P Rate Meter 159 Diagnostics 161 Ping Test 163 Cable 165 Tftp Server Log 167 Firmware Upgrade Reboot 169 Logout CLI Management Login 171 Commands of CLI Exit End173 Help 175 History Logout Restore default Save start Restore user177 Save user 179 Set reAuthEnabledSet quiet-period Set reAuthMax Set reAuthPeriod Set serverTimeoutSet state Set txPeriod Set suppTimeout181 Syntax show mode Description Show modeShow parameter 183 Show securitySyntax show security Description Modify Show stateAdd Del Syntax show Description Show185 Syntax modify name Description Del server-user Del mail-addressSet mail-address Set user Set server187 Del email Del allDel trap Set email Set allSet trap Show alarm 191 Set egress AutologoutSyntax autologout time Description 193 Set ingress-ratePossible value range 1 to BC,UC,MC Set storm 195 Syntax export start Description Export startExport user-conf Import start Syntax import start Description Import user-confSet export-path 197 Syntax set sec Description Set import-pathSet Possible value filepathfilepath and filename Example Enable Disable199 Cable Loopback Diag201 Ping Set upgrade-path Group Upgrade203 Group number 1~4094 205 Set applicantSet registrar Set restricted Set timer 207 Show configSyntax show config Description Show counter Syntax show group Description Show groupHostname Add group-filter Delete group-filter Add igmp-vlan209 Edit group-filter Delete igmp-vlan 211 Set unregfld-enable Possible value sec 1 to Example Set gnlqry-timeoutSet gnlqry-interval Set gnlqry-response Possible value port 1 to 26. limit 0 to Example Set igmpsnp-enableSet group-limit 213 Possible value port 1 to Set igmp-router Set mvr-tagging Set mvr-enable215 Set mvr-vid 217 Set mvrserv-type Set specqry-count Set specqry-timeoutSet specqry-response Show group-filtering Show igmp-setting219 Show multicast-status Show igmp-vlan 221 Show mvr-setting Enable dhcp Disable dhcpSet dns 223 Set ip Enable auto-upload Disable auto-uploadClear 225 Upload Syntax set clear Description Set modeSet clear Set notification 227 Set reInitDelaySet txDelay Set tlv Set txInterval Set txHold Show local-device Show detail counter229 Show Neighbor Syntax show stats Description Show port-configShow stats 231 Possible value mac mac address alias max characters Example Syntax del mac Description Possible value port 1 to 26 vid 0, 1 ~4094 Example 233 Syntax flush Description FlushSet aging Set learning 235 Static-mac Possible value vid 1 to 4094 rule 0 to 2 port 1 to Example 237 To setup access type field of a management security entry Set access Set action To setup action field of a management security entry239 To setup ip field of a management security entry Set vid To setup port field of a management security entryTo setup vid field of a management security entry Set port Syntax clear counter Description Disable stateClear counter Example FEL2P-SW26management# show Set description Enable state243 Set speed-duplex Set flow-control 245 Show confSyntax show conf Description Show media Show detail-counterPossible value #1 ~ Example 247 Show simple-counterPossible value port 25 Example Syntax show status Description Disable 1pSyntax disable 1p Description Show status Enable dscp Disable dscpDisable qos Enable 1p Enable tos Enable qosSet dscp Set sche Set pri-tag251 Possible value method 0-3 wrr0 to 3 Example Show dscpSyntax show dscp Description 253 Show priority-tag Syntax set port Description Reboot 255 Possible value ingress 0 to 26 egress 0 to Example Possible value trap number 1 to 6 port 1~65535 257 Snmp MCheck 259 Set config Show port Set versionSyntax show port Description 261 Set contact Set location Set device-name 263 Set manual Set daylightsaving 265 Set ntp Set hash Del trunkSet priority Show aggtr-view Set trunk267 Show lacp-detail Show lacp-config 269 Del port-group Del tag-group Disable double-tagDisable drop-untag Disable svl 271 Disable symmetricEnable double-tag Enable drop-untag Enable symmetric Enable svlSet mgt-vlan Set pvid Set port-group273 Set tag-group 275 Show pvid Gid a-z,A-Z,0-9 Set gidSet role Possible value masterslave master or slave Example 277 Q&A Resolving No Link Condition 279 Appendix a Technical Specifications Network Interface of Option transceiver Diagnostic LEDCable and Maximum Length Humidity Power RequirementDimensions 281 Appendix B Null Modem Cable Specifications 283