Appendix B 802.1x Port-Based Authentication Overview | NETGEAR L3

Appendix B 802.1x Port-Based Authentication Overview

This appendix provides an overview of802.1x security and configuration. 802.1x is well on its way to becoming an industry standard, and provides an effective wired and wireless LAN security solution. Windows XP implements 802.1x natively, and the GSM73xx Level 3 Managed Switch Software v2 supports 802.1x. The 802.11i committee is specifying the use of 802.1x to eventually become part of the 802.11 standard.

Note: When configuring a wireless access point that is configured to use 802.1x, do not enable 802.1x on the switch port which the access point is using to connect to the Ethernet network. The access point will handle the 802.1x authentication.

IEEE 802.1x offers an effective framework for authenticating and controlling user traffic to a protected network, as well as dynamically varying encryption keys. 802.1x ties a protocol called EAP (Extensible Authentication Protocol) to both the wired and wireless LAN media and supports multiple authentication methods, such as token cards, Kerberos, one-time passwords, certificates, and public key authentication. For details on EAP specifically, refer to IETF's RFC 2284.

802.1x Port-Based Authentication Overview

B-1

Image 233

NETGEAR L3 manual Appendix B 802.1x Port-Based Authentication Overview

Contents

Series L3 Managed Switch Reference Manual for Software Technical Support Canadian Department of Communications Compliance Statement Page Contents Chapter Quick Startup Page Viii Contents Page Page Security Commands System Utilities Chapter Routing Commands Xiv Contents Contents Chapter CLI Commands Differentiated Services Contents Xvii Chapter ACL Commands Appendix a Cabling Guidelines Index Organization of This Manual About this Manual Special Message Formats Typographical Conventions Html version of this manual How to Navigate this Manual How to Print this Manual Chapter Switch Management Overview Comparing Switch Management Methods Setting Up Your Switch Using Direct Console Access Administration Console Telnet Interface Connection Description Connection Settings Introduction to the Command Menu Interface ESC Chapter Web-Based Management Interface GSM73xx IP address in browser address bar How to Log In to the GSM73xx Web-Based Management Utility Introduction User name/password dialog box GSM7312 System information Interactive Switch Image Menus GSM7324 Interactive switch image System-Wide Popup Menus Switch popup menus Port-Specific Popup Menus 10 Switch popup menus Series L3 Managed Switch Reference Manual for Software Config network parms is the command name CLI Command FormatExample 2 config syslocation location Config lag deleteport is the command name CLI Command Conventions CLI Command Values MacAddr CLI Annotations Series L3 Managed Switch Reference Manual for Software Software Version Information Quick Starting the Switch User Account Management Physical Port Data IP Address Config users passwd user Switch Image on Uploading from Switch to Out-of-Band PC Only Xmodem Traplog trap log Downloading from Out-of-Band PC to Switch Only Xmodem Downloading from Tftp Server Factory Defaults Port Routing, RIP, and Ospf Configuration Basic Configuration Examples RIP and Ospf Vlan Routing 11. Ospf Configuration Example Series L3 Managed Switch Reference Manual for Software This example creates two router ports to run Ospf Creating the VLANs Vlan Example Solution Text used to identify the product name of this switch System Information and Statistics CommandsShow inventory Show inventory Config syslocation Config sysnameShow sysinfo Show sysinfo Show arp switch Config syscontactShow arp switch Show forwardingdb table Packets Received 64 Octets The total number of packets Show stats port detailedShow stats port detailed slot.port Series L3 Managed Switch Reference Manual for Software Packets Received with Series L3 Managed Switch Reference Manual for Software Packets Transmitted 512-1023 Octets The total number Packets Transmitted 256-511 Octets The total numberMulticast Packets Transmitted The total number of packets Broadcast Packets Transmitted The total number of packets 802.3x Pause Frames Received a count of MAC Control Show stats port summary slot.port Show stats port summary Show stats switch detailed Show stats switch detailed Series L3 Managed Switch Reference Manual for Software Show eventlog Show stats switch summaryFile in which the event originated Line number of the event Show traplog Show msglogTask ID of the event Event code Config network parms Management CommandsConfig network protocol Show network Config network javamode Config network webmodeConfig prompt Show serial Config serial timeout Config serial baudrateConfig snmpcommunity accessmode 9600 Config snmpcommunity delete Config snmpcommunity createConfig snmpcommunity ipaddr Config snmpcommunity ipmask Show snmptrap Config snmpcommunity modeConfig snmptrap create Config snmptrap ipaddr Config snmptrap deleteConfig snmptrap mode Show trapflags Config trapflags linkmode Config trapflags authenticationConfig trapflags bcaststorm Config trapflags stpmode Config trapflags multiusersConfig telnet maxsessions Show telnet Config telnet timeout Config telnet modeShow forwardingdb agetime Show forwardingdb agetime fdbidall Config forwardingdb agetime Device Configuration CommandsShow switchconfig Config switchconfig broadcast Able Config switchconfig flowcontrol Show port Config port adminmode Config port physicalmode Config port linktrapConfig port lacpmode Config port autoneg Config lag addport Config lag createShow lag Show lag logical slot.portall Config lag adminmode Config lag deleteportConfig lag linktrap Config lag name Config lag stpmode Config lag deletelagShow vlan summary Show vlan summary Show vlan detailed Config vlan detailed vlan id, where the ID is a Config vlan delete Config vlan createConfig vlan name Config vlan makestatic Show vlan port Config vlan participationConfig vlan port tagging Admit All Config vlan port pvidConfig vlan port acceptframe Config protocol create Config vlan port ingressfilterConfig protocol delete Config vlan port acceptframe allvlan Config protocol protocol remove Config protocol protocol addConfig protocol vlan add Config protocol vlan remove Config protocol interface remove Config protocol interface addShow garp info Show garp interface Specifies the interval between the transmission of Garp PDUs Config garp gmrp interfacemode Config garp gmrp adminmodeConfig garp gvrp adminmode Config garp gvrp interfacemode Config garp leavealltimer Config garp jointimerConfig garp leavetimer Show igmpsnooping Config igmpsnooping adminmode Config igmpsnooping maxresponse Config igmpsnooping groupmembershipintervalConfig igmpsnooping mcrtrexpiretime Config igmpsnooping interface mode Show mfdb gmrp Show mfdb table Show mfdb staticfiltering Show mfdb igmpsnooping Show mfdb stats Config mirroring createShow mirroring Show mirroring Show macfilter Config mirroring deleteConfig mirroring mode Config macfilter addsrc Config macfilter createConfig macfilter remove Config macfilter deldest Config macfilter delsrcConfig macfilter adddest Show spanningtree summary Spanning Tree Commands Config spanningtree configuration name Config spanningtree adminmodeConfig spanningtree forceversion Show spanningtree port Config spanningtree configuration revisionConfig spanningtree port bpdumigrationcheck Config spanningtree bridge maxage Config spanningtree port modeConfig spanningtree bridge hellotime Show spanningtree bridge Show spanningtree cst detailed Config spanningtree bridge forwarddelayConfig spanningtree bridge priority Show spanningtree cst port detailed Show spanningtree cst port summary Config spanningtree cst port priority Config spanningtree cst port pathcostAuto 128 Config spanningtree mst create Config spanningtree cst port edgeportConfig spanningtree mst delete Config spanningtree mst vlan add Config spanningtree mst priority Config spanningtree mst vlan removeConfig spanningtree mst port pathcost Config spanningtree mst port priority Show spanningtree mst summary List of multiple spanning trees IDs currently configuredShow spanningtree mst detailed Instance Show spanningtree mst port detailed Show spanningtree mst port summary Show spanningtree vlan User Account Management CommandsShow users Show spanningtree vlan vlan Config users passwd Config users addConfig users delete Config users snmpv3 authentication Show loginsession Config users snmpv3 encryptionConfig users snmpv3 accessmode Config loginsession close Security CommandsConfig radius maxretransmit Config radius timeout Config radius accounting server port Config radius accounting modeConfig radius accounting server add Config radius accounting server secret Config radius accounting server removeConfig radius server add Config radius server port Config radius server secret Config radius server removeConfig radius server primary Config radius server msgauth Show radius summary Secret ConfiguredShow radius server summary Show radius server stats Show radius accounting summary Configured IP address of the accounting server Yes or No Show radius accounting statsPort in use by the accounting server Config dot1x port initialize Config dot1x adminmodeConfig dot1x port reauthenticate Show radius stats Config dot1x port quietperiod Config dot1x port controldirConfig dot1x port controlmode Config dot1x port supptimeout Config dot1x port transmitperiodConfig dot1x port servertimeout Config dot1x port maxrequests Sible values are Enabled and Disabled Config dot1x port reauthenabledShow dot1x summary Show dot1x port summary Interface whose configuration is displayed Show dot1x port stats Clear dot1x port stats Config authentication login createConfig authentication login delete Config dot1x defaultlogin Config authentication login setConfig dot1x login Config dot1x port users add Config users defaultlogin Config dot1x port users removeConfig users login Show authentication login info Show users authentication Show authentication login usersSystem Utilities Show dot1x port users Transfer upload mode Save configLogout Transfer upload serverip Transfer upload datatype Transfer upload filename Transfer upload start Transfer download modeTransfer download serverip Transfer download path Transfer download datatype Transfer download filenameTransfer download start Clear transfer Clear pass Clear configClear traplog Clear vlan Reset system Clear stats switchClear igmpsnooping Ping Series L3 Managed Switch Reference Manual for Software Show arp table Routing CommandsShow arp table Config arp cachesize Config arp agetimeConfig arp create Config arp delete Show ip interface slot.port Config arp retriesShow ip interface Config interface routing Config interface encapsConfig ip interface mtu Are Ethernet or Snap Config ip interface create Config ip interface netdirbcastConfig ip interface delete Enable Config routing Config ip forwardingShow ip stats Show ip vlan Config ip vlan routing delete Config ip vlan routing createShow router ip interface summary Show router ip interface summary Config router id routerid Config router idShow router ospf info Show router ospf info Config router ospf adminmode Config trapflags ospfConfig router ospf asbr Config router ospf preference Show router ospf interface stats Show router ospf interface summary Config router ospf interface interval dead Config router ospf interface areaidConfig router ospf interface authtypekey Config router ospf interface interval retransmit Config router ospf interface interval helloConfig router ospf interface iftransitdelay Config router ospf interface mode Config router ospf interface cost Config router ospf interface priorityShow router ospf area info Which is the highest router priority Show router ospf area range Config router ospf area range create Config router ospf area stub metric value Config router ospf area range deleteConfig router ospf area stub metric type Config router ospf area stub summarylsa Config router ospf area stub delete Config router ospf area stub createConfig router ospf area delete Show router ospf neighbor detailed Show router ospf neighbor table Show router ospf lsdb summary Show router ospf stub tableShow router ospf stub table Show router ospf lsdb summary Show router rip interface detailed Show router rip infoShow router rip info Show router rip interface detailed Show router rip interface summary Config router rip adminmodeShow router rip interface summary Config router rip interface authtypekey Config router rip preferenceConfig router rip interface defaultmetric Default password key is an empty string. Unauthenticated Config router rip interface version receive Config router rip interface modeConfig router rip interface version send Both Show router ospf virtif detailed Config router ospf virtif createShow router ospf virtif summary Is the neighbor interface of the Ospf virtual interface Config router ospf virtif authtypekey Config router ospf virtif deleteConfig router ospf virtif transdelay Config router ospf virtif interval dead Config router ospf virtif interval retransmit Config router ospf virtif interval helloConfig router ospf exoverflowinterval Config router ospf extlsdblimit Show router route bestroutes Show router route tableShow router route entry Show router route table Show router route preferences Config router route create Config router route preference Config router route deleteConfig router route default create Config router route default delete Show router vrrp interface summary Config router vrrp adminmodeShow router vrrp interface detailed Represents the state Master/backup of the virtual router Is the IP Address that was configured on the virtual routerShow router vrrp interface stats Represents the router ID of the virtual router Config router vrrp interface routerID Config router vrrp interface adminmodeConfig router vrrp interface priority There is no default value for vrID Config router vrrp interface preemptmode Config router vrrp interface ipaddressConfig router vrrp interface advinterval Config router vrrp interface authdetails Config router rtrdiscovery adminmode Config router vrrp removedetailsConfig router rtrdiscovery maxinterval Config router rtrdiscovery mininterval Config router rtrdiscovery address Config router rtrdiscovery lifetimeConfig router rtrdiscovery preference Show router rtrdiscovery Config router bootpdhcprelay adminmode Show router bootpdhcprelayConfig router bootpdhcprelay circuitidoptionmode Config router bootpdhcprelay serverip Config router bootpdhcprelay maxhopcountConfig router bootpdhcprelay minwaittime Series L3 Managed Switch Reference Manual for Software CLI Commands Differentiated Services Config diffserv adminmode General Commands Config diffserv class create acl Class Commands Config diffserv class delete Config diffserv class create allConfig diffserv class create any Config diffserv class match cos Config diffserv class renameConfig diffserv class match dstip None Config diffserv class match dstl4port number Config diffserv class match dstl4port keyword Config diffserv class match every Config diffserv class match dstl4port rangeConfig diffserv class match dstmac Config diffserv class match ipprecedence Config diffserv class match ipdscp Config diffserv class match iptos Config diffserv class match protocol number Config diffserv class match protocol keyword Config diffserv class match srcip Config diffserv class match refclass Config diffserv class match srcl4port number Config diffserv class match srcl4port keyword Config diffserv class match vlan Config diffserv class match srcl4port rangeConfig diffserv class match srcmac Config diffserv policy create Policy Commands Config diffserv policy rename Config diffserv policy deleteConfig diffserv policy class add Config diffserv policy class remove Config diffserv policy bandwidth percent Config diffserv policy bandwidth kbps Bandwidth all forms, Shape Peak Config diffserv policy expedite kbps Out Config diffserv policy expedite percentConfig diffserv policy mark cos Config diffserv policy mark ipprecedence Config diffserv policy mark ipdscpConfig diffserv policy police action conform drop Mark IP Precedence, Police all forms Config diffserv policy police action conform send Config diffserv policy police action conform markdscpConfig diffserv policy police action conform markprec Config diffserv policy police action exceed markdscp Config diffserv policy police action exceed drop Config diffserv policy police action nonconform drop Config diffserv policy police action exceed markprecConfig diffserv policy police action exceed send Config diffserv policy police action nonconform send Config diffserv policy police action nonconform markdscpConfig diffserv policy police action nonconform markprec Config diffserv policy police style singlerate Config diffserv policy police style simpleAllowed for a given class instance in a particular policy Mark IP DSCP, Mark IP Precedence Config diffserv policy police style tworate Config diffserv policy shape average Config diffserv policy randomdrop Config diffserv policy shape peak Service CommandsNeither of the shaping rate parameters is allowed to exceed Applied Particular direction at any one time Config diffserv service addConfig diffserv service remove Show diffserv class detailed Show Commands Show diffserv info Show diffserv class summary Show diffserv policy detailed Current number of entries rows in the Service TableName of this policy Policy type, namely whether it is an inbound or outbound Denotes the mark/re-mark value used as the Dscp for traffic Show diffserv policy summary Show diffserv service info summary Show diffserv service info detailed Direction Show diffserv service stats detailedSlot number and port number of the interface slot.port Name of this class instance Show diffserv service stats summary Series L3 Managed Switch Reference Manual for Software Show acl detailed Show acl summary Config acl create Config CommandsConfig acl delete Config acl rule create Config acl rule action Config acl rule deleteConfig acl rule match dstip Config acl rule match dstl4port keyword Config acl rule match ipdscp Config acl rule match dstl4port rangeConfig acl rule match every Config acl rule match iptos Config acl rule match ipprecedence Config acl rule match srcip Config acl rule match protocol keywordConfig acl rule match protocol number Config acl interface add Config acl rule match srcl4port keywordConfig acl rule match srcl4port range Config acl interface remove Fast Ethernet Cable Guidelines Appendix a Cabling Guidelines Category 5 Cable Category 5 Cable Specifications Twisted Pair Cables Specifications Category 5 Cable Requirements Figure A-2illustrates crossover twisted pair cable Patch Panels and Cables Cabling Using 1000BASE-T Gigabit Ethernet over Category 5 Cable Patch Cables RJ-45 Plug and RJ-45 ConnectorsNear End Cross Talk Next PIN Normal Assignment on Uplink Assignment on Ports 1 to Conclusion Appendix B 802.1x Port-Based Authentication Overview Figure B-1 802.1x authentication Series L3 Managed Switch Reference Manual for Software Series L3 Managed Switch Reference Manual for Software Numeric Appendix C Glossary See Area Border Router on See Application Programming Interface on See Bridge Protocol Data Unit on Packet sent to all devices on a network See Command Line Interface on See Device Application Programming Interface on See Distance-Vector Multicast Routing Protocol. on Computer, printer, or server that is connected to a network See Generic Attribute Registration Protocol. on See Garp Information Propagation on See Internet Group Management Protocol on See Joint Test Action Group on MAC Megabits per second See Multiplexing on See Network Address Translation on See Operating System Application Programming Interface on See Protocol Independent Multicast Dense Mode on See Quality of Service on See Routing Information Protocol on Model of Serial Management Controller from Motorola Static Random Access Memory See TLS on An abbreviation that represents Unit, Slot, Port Models Series L3 Managed Switch Reference Manual for Software Series L3 Managed Switch Reference Manual for Software Index Index Gvrp Index Index STP Xmodem