Planet Technology FGSW-2620PVM, FGSW-2620VM 115

User’s Manual of FGSW-2620VM / FGSW-2620PVM

Figure 4-12-2:EAP message exchange

Ports in Authorized and Unauthorized States

The switch port state determines whether or not the client is granted access to the network. The port starts in the unauthorized state. While in this state, the port disallows all ingress and egress traffic except for 802.1X protocol packets. When a client is successfully authenticated, the port transitions to the authorized state, allowing all traffic for the client to flow normally.

If a client that does not support 802.1X is connected to an unauthorized 802.1X port, the switch requests the client's identity. In this situation, the client does not respond to the request, the port remains in the unauthorized state, and the client is not granted access to the network.

In contrast, when an 802.1X-enabled client connects to a port that is not running the 802.1X protocol, the client initiates the authentication process by sending the EAPOL-start frame. When no response is received, the client sends the request for a fixed number of times. Because no response is received, the client begins sending frames as if the port is in the authorized state

If the client is successfully authenticated (receives an Accept frame from the authentication server), the port state changes to authorized, and all frames from the authenticated client are allowed through the port. If the authentication fails, the port remains in the unauthorized state, but authentication can be retried. If the authentication server cannot be reached, the switch can retransmit the request. If no response is received from the server after the specified number of attempts, authentication fails, and network access is not granted.

When a client logs off, it sends an EAPOL-logoff message, causing the switch port to transition to the unauthorized state.

If the link state of a port transitions from up to down, or if an EAPOL-logoff frame is received, the port returns to the unauthorized state.

115

Contents

User’s Manual FGSW-2620VM FGSW-2620PVM Trademarks Disclaimer WEEE Warning Revision TABLE OF CONTENTS Page 5. CONSOLE MANAGEMENT Page Page Page Page Page APPENDIX A—RJ-45PIN ASSIGNMENT 1. Introduction 1.1 Package Contents 1.2 Product Description 1.3How to Use This Manual 1.4 Product Features Page 1.5 Product Specification Page Page 2. INSTALLATION 2.1 Hardware Description 2.1.1 Switch Front Panel 2.1.2 LED Indications Page 2.1.3 Switch Rear Panel 2.2 Install the Switch 2.2.1 Desktop Installation 2.2.2 Rack Mounting 2.2.3 Installing the SFP transceiver Page 3. SWITCH MANAGEMENT 3.1Requirements 3.2 Management Access Overview 3.3 Web Management 3.4 SNMP-BasedNetwork Management 3.5 Administration Console (FGSW-2620PVM) Page 3.6 Protocols 3.6.1 Virtual Terminal Protocols 3.6.2 SNMP Protocol 3.6.3 Management Architecture 4. Web-BasedManagement 4.1 About Web-basedManagement 4.1.1 Requirements 4.1.2 Logging on the switch Page 4.1.3 Main WEB PAGE 4.2 System 4.2.1 System Information 4.2.1.2 Misc Config Page 4.2.2 IP Configuration Page 4.2.3 SNMP Configuration 4.2.3.2 System Options 4.2.3.3 Community Strings 4.2.3.4 Trap Managers 4.2.4 Syslog Setting 4.2.5 Firmware Upgrade 4.2.5.2 HTTP Firmware Upgrade 4.2.6 Configuration Backup 4.2.6.2 TFTP Backup Configuration 4.2.7 Factory Default 4.2.8 System Reboot 4.3 Port Configuration 4.3.1 Port Control Page 4.3.2 Port Status 4.3.3 Port Statistics 4.3.4 Port Sniffer Page 4.4 VLAN configuration 4.4.1 VLAN Overview Page Page 4.4.2 Static VLAN Configuration 4.4.3 Port-basedVLAN Page 4.4.4 802.1Q VLAN 4.4.4.1 VLAN Group Configuration Page Page 4.4.4.2 VLAN Filter Page 4.4.5 Q-in-QVLAN 4.4.5.1 Q-in-QPort Setting 4.4.5.2 Q-in-QTunnel Setting 4.5 Rapid Spanning Tree 4.5.1 Theory Page Page 4.5.2 STP Parameters 4.5.3 Illustration of STP Page 4.5.4 RSTP System Configuration „Root Bridge Information 4.5.5 Port Configuration Page 4.6 Trunking 4.6.1 Aggregator setting 4.6.2 Aggregator Information „LACP enabled Page Page 4.6.3 State Activity Page 4.7 Forwarding and Filtering 4.7.1 Dynamic MAC Table 4.7.2 Static MAC Table 4.7.3 MAC Filtering 4.8 IGMP Snooping 4.8.1 Theory Page Page Page 4.8.2 IGMP Configuration 4.9 QoS Configuration 4.9.1 Understand QOS 4.9.2 QoS Configuration Page 4.9.2.2 QoS PerPort Configuration 4.9.3 TOS/DSCP 4.9.3.1 TOS/DSCP Configuration 4.9.3.2 TOS/DSCP Port Configuration 4.10 Access Control List Page Page Page 4.11 MAC Limit 4.11.1 MAC Limit Configuration 4.11.2 MAC Limit Port Status 4.12 802.1X Configuration 4.12.1 Understanding IEEE 802.1X Port-BasedAuthentication Page Page 4.12.2 System Configuration Page 4.12.3 802.1x Port Configuration 4.12.4 Misc Configuration 4.13 Power Over Ethernet (FGSW-2620PVM) 4.13.1 Power over Ethernet Powered Device 4.13.2 Power Management: Page Page 5. CONSOLE MANAGEMENT 5.1 Login in the Console Interface 5.2Configure IP address Page 5.3 Commands Level 6.COMMAND LINE INTERFACE 6.1Operation Notice 6.1.1. Command Line Editing 6.1.2. Command Help 6.2 System Commands 6.3 Switch Static Configuration 6.3.1 Port Configuration and show status port rate port priority port jumboframe show port status show port statistics show port protection 6.4 Trunk Configuration 6.4.1Trunking Commands 6.4.2 LACP Command show lacp agg show lacp port 6.5 VLAN Configuration 6.5.1 Virtual LANs 6.5.2 VLAN Mode: Port-based 6.5.3 Advanced 802.1Q VLAN Configuration no vlan show vlan show vlan static show vlan pvid vlan filter show vlan filter Page 6.6 Misc Configuration 6.7 Administration Configuration 6.7.1 Change Username / Password 6.7.2 IP Configuration ip default-gateway show ip show info dhcp show dhcp 6.7.3 Reboot switch 6.7.4 Reset to Default 6.7.5 TFTP Update Firmware 6.7.6 Restore Configure File 6.7.7 Backup Configure File 6.8 MAC limit 6.9 Port Mirroring Configuration 6.10 Quality of Service 6.10.1 QoS Configuration 6.10.2 Per Port Priority 6.11 MAC Address Configuration smac-address-tablestatic show smac-address-table show smac-address-tablemulticast [no] filter show filter 6.12 STP/RSTP Commands spanning-treepriority spanning-treeport path-cost spanning-treeport priority show spanning-tree show spanning-treeport [no] spanning-treedebug spanning-tree protocol-version [no] spanning-treeport mcheck [no] spanning-treeport edge-port [no] spanning-treeport non-stp spanning-treeport point-to-point-mac 6.13 SNMP 6.13.1 System Options 6.13.2 Community Strings 6.13.3 Trap Managers 6.14 IGMP igmp querier igmp CrossVLAN igmp debug show igmp igmp clear_statistics 6.15 802.1x Protocol dot1x timeout quiet-period dot1x timeout tx-period dot1x timeout supplicant dot1x timeout radius-server dot1x max-req dot1x timeout re-authperiod show dot1x dot1x port show dot1x port 6.16 Access Control List 6.16.1 Ipv4 ACL commands acl (add|edit) <1-220>(permit|deny) <0-4094>ipv4 <0-255 acl (add|edit) <1-220>(qosvoip) <0-4094 6.16.2 Non-Ipv4ACL commands 6.17 Binding 6.17.1 SIP/SMAC binding commands Page 6.18 Power over Ethernet Commands (PLANET FGSW-2620PVM) 6.18.1 Display System PoE status 6.18.2 Configure PoE --System 6.18.3 Configure PoE --Port poe priority poe maximum-power 7. SWITCH OPERATION 7.1 Address Table 7.2 Learning 7.3 Forwarding & Filtering 7.4 Store-and-Forward Page 8. POWER OVER ETHERNET OVERVIEW What is PoE Page The PoE Provision Process Stages of powering up a PoE link Line Detection Classification Start-up Operation Power Disconnection Scenarios 9. TROUBLE SHOOTING Page Appendix A—RJ-45Pin Assignment A.1 Switch's RJ-45Pin Assignments A.2 10/100Mbps, 10/100Base-TX Page PLANET TECHNOLOGY CORPORATION