Manuals / Brands / Computer Equipment / Switch / Planet Technology / Computer Equipment / Switch

Planet Technology WGD-800 4.7.6 802.1X Port-BasedNetwork Access Control, 4.7.6.1 Theory, Client, „Device Roles, Understanding IEEE 802.1X Port-BasedAuthentication

1 90

Download 90 pages, 1.87 Mb

4.7.6 802.1X Port-Based Network Access Control

4.7.6.1 Theory

Understanding IEEE 802.1X Port-Based Authentication

The IEEE 802.1X standard defines a client-server-based access control and authentication protocol that restricts unauthorized clients from connecting to a LAN through publicly accessible ports. The authentication server authenticates each client connected to a switch port before making available any services offered by the switch or the LAN.

Until the client is authenticated, 802.1X access control allows only Extensible Authentication Protocol over LAN (EAPOL) traffic through the port to which the client is connected. After authentication is successful, normal traffic can pass through the port.

This section includes this conceptual information:

•Device Roles

•Authentication Initiation and Message Exchange

•Ports in Authorized and Unauthorized States

Device Roles

With 802.1X port-based authentication, the devices in the network have specific roles as shown below.

zClient—the device (workstation) that requests access to the LAN and switch services and responds to requests from the switch. The workstation must be running 802.1X-compliant client software such as that offered in the Microsoft Windows XP operating system. (The client is the supplicant in the IEEE 802.1X specification.)

Contents

Page Trademarks Disclaimer FCC Warning CE Mark Warning WEEE Warning Table of Contents Page Page 1. INTRODUCTION 1.1 Packet Contents 1.2 How to Use This Manual 1.3Product Feature 1.4Product Specification Standard Compliance 2. INSTALLATION 2.1 Product Description 2.1.1 Product Overview 2.1.2 Switch Front Panel 2.1.3 LED Indications 2.2 Install the Switch 2.2.1 Desktop Installation 2.2.2 Rack Mounting 3.CONSOLE MANAGEMENT 3.1Connecting to the Switch 3.2 Login in the Console Interface 3.3 Console Management 3.4 Telnet login 3.5 Commands 3.5.2 Privileged Command 3.5.2.1 Clear command 3.5.2.2 Copy command 3.5.2.3 Disable command 3.5.2.4 Reboot command 3.5.2.5 Set command Page Page 3.5.2.6 Show command Page 4. WEB-BASEDMANAGEMENT 4.1 About Web-basedManagement 4.2 Preparing for Web Management 4.3 System Login 4.4 System 4.4.1 IP Configuration 4.4.2 SNMP 4.4.2.1 Theory 4.2.2.2 SNMP Configuration Contact: “OK” 3. Community Configuration Add Community: Read only: 4.4.3 Password 4.4.4 CONSOLE 4.4.5 System Upgrade 4.4.6 Saving Parameters 4.4.7 Parameters Backup & Recovery 4.4.8 Load Default 4.4.9 Reboot 4.5 Port Management 4.5.1 Port Configuration 4.5.2 Port Statistics 4.5.3 Port Band Restrict 4.6 Redundancy 4.6.1 Spanning Tree 1. Spanning Tree Protocol Bridge Protocol Data Units Creating a Stable STP Topology STP Port States Each port on a switch using STP exists is in one of the following five states: Blocking Listening Learning Forwarding 2. STP Parameters Port Priority Port Cost Default Spanning-TreeConfiguration Feature User-ChangeableSTA Parameters 3. Illustration of STP 4.6.2 Spanning Tree Configuration 1. Spanning Tree Configuration 2. Bridge Information 3. STP Port Configuration 4.6.3 Link Aggregation 4.7 Security 4.7.1 VLAN 4.7.1.1 Theory VLAN Description Port-basedVLAN IEEE 802.1Q VLANs Tagging Untagging 802.1Q VLAN Tags 802.1Q Tag Adding an IEEE802.1Q Tag Port VLAN ID 4.7.1.2 VLAN Configuration VLAN Confirutation Port List VLAN Member “Close” “Show VLAN Member” Understand nomenclature of the Switch Port Mode VLAN Membership Frame Leave single multiple Link Type Acces Trunk Access Trunk configuration: 4.7.2 MAC Address Bind 4.7.3 MAC Address Filtering 4.7.4 MAC Address Learning 4.7.5 MAC Address Aging Time 4.7.6 802.1X Port-BasedNetwork Access Control 4.7.6.1 Theory Authentication server Switch (802.1X device) „Ports in Authorized and Unauthorized States Page 4.7.6.2 802.1X Configuration Page Radius Server •RADIUS Server IP Address •Authentication Port(1-65535) •Share Key Page Active Directory Users and Computers 4.7.6.3 802.1X Client Configuration •Configure Sample: EAP-MD5Authentication Page Page 4.8 QoS 4.8.1 Understand QOS QoS Terminology 4.8.2 QOS Configuration 1. MAC-COSMapping 2. VLAN-COSMapping 3. 802.1p-CoSMapping 4. Port-COSMapping 5. COS-QueueMapping 6. Queue Management 4.9 Multicast 4.9.1 IGMP Snooping Theory IGMP Versions 1 and “report” “leave” IGMP Snooping Configuration “Enable” IGMP Snooping Status 4.10 Port Analysis 4.10.1 Port Analysis 4.10.2 Port Mirror 4.11 Storm Control 4.12 IP Stacking 4.12.1 About IP Stacking 4.12.2 IP Stacking Configuration •Master Switch configuration •Client Switch configuration Master switch “Saving parameters” 5. TROUBLE SHOOTING 5.1 Incorrect connections 5.1.1 Faulty or loose cables 5.1.2 Non-standardcables 5.1.3 Improper Network Topologies Page 6. APPENDIX 6.1 Console Port Pin Assignments 6.2 100BASE-TX/10BASE-TPin Assignments 7. APPENDIX-B „802.1Q VLAN Multi-UntaggedVLAN setting sample Add/Modify add close Egress Policy PVID=2 PVID=3 Part No. 2081-A92310-001