3.3.8 Egress Tagging Rules

Egress Tagging rules are used to make change to the packet before it is stored into egress queue of an egress port. Three egress settings are provided for each port and are described as follows:

3.3.8.1 Egress Settings

Insert Tag (per port setting)

Enable - Insert the Tag data of the associated Packet Tag information into the packet Disable - No tagging is performed.

Untagging Specific VID (per port setting)

Enable - No tag insertion if the VID data of the associated Packet Tag information matches the Untagged VID configured in next setting even [Insert Tag] is enabled.

Disable - This rule is not applied.

3.3.9 Summary of VLAN Function

VLAN Modes

Port-based VLAN Mode : simple port-based 2-VLAN-groups mode

Port-based VLAN ISP Mode : simple port-based 5-VLAN-groups mode

Advanced VLAN Mode : Full VLAN configuration for port-based and Tag-based VLAN

Advanced VLAN Mode

Egress Settings (per port) : [Tag Aware], [Keep Tag], [Drop Untag], [Drop Tag]

Ingress Default Tag (per port) : [PVID], [CFI], [User Priority]

VLAN Groups (global) : 8 VLAN groups

VLAN Group Settings (per group) : [VID], [Member Ports], [Source Port Check]

Egress Settings : [Insert Tag], [Untagging Specific VID], [Untagged VID]

VLAN range supported : 1 ~ 4095 (eight VLANs at the same time)

[PVID] [VID] [Untagged VID] value range : 1 ~ 4095

3.4 802.1X Authentication

For some IEEE 802 LAN environments, it is desirable to restrict access to the services offered by the LAN to those users and devices that are permitted to make use of those services. IEEE 802.1X Port- based network access control function provide a means of authenticating and authorizing devices at- tached to a LAN port that has point-to-point connection characteristics, and of preventing access to that port in cases in which the authentication and authorization process fails. The 802.1X standard relies on the client to provide credentials in order to gain access to the network. The credentials are not based on a hardware address. Instead, they can be either a username/password combination or a certificate. The credentials are not verified by the switch but are sent to a Remote Authentication Dial-In User Service (RADIUS) server, which maintains a database of authentication information. 802.1X consists of three components for authentication exchange, which are as follows:

-22-

Page 22
Image 22
KTI Networks KGS-612F user manual Egress Tagging Rules, Egress Settings, Summary of Vlan Function, 802.1X Authentication