Manuals / Brands / Computer Equipment / Switch / Planet Technology / Computer Equipment / Switch

Planet Technology WSD-800 4.7.6 802.1X Port-BasedNetwork Access Control, 4.7.6.1 Theory, “OK”, MAC Address Aging Time, Understanding IEEE 802.1X Port-BasedAuthentication

1 106

Download 106 pages, 2.9 Mb

User’s Manual of WSD-800 / WGSD-910/WGSD-1022C

percentage of received packets whose source addresses cannot be found in the forwarding table, in which case the Switch will broadcast the packet to all ports, negating many of the benefits of having a Switch.

Static forwarding entries are not affected by the aging time.

To set the Aging Time, enter the number in the MAC Address Aging Time field, and click on the “OK” button to save. The valid range is 30~1000 seconds. Default is 300 seconds.

4.7.6 802.1X Port-Based Network Access Control

4.7.6.1 Theory

Understanding IEEE 802.1X Port-Based Authentication

The IEEE 802.1X standard defines a client-server-based access control and authentication protocol that restricts unauthorized clients from connecting to a LAN through publicly accessible ports. The authentication server authenticates each client connected to a switch port before making available any services offered by the Switch or the LAN.

Until the client is authenticated, 802.1X access control allows only Extensible Authentication Protocol over LAN (EAPOL) traffic through the port to which the client is connected. After authentication is successful, normal traffic can pass through the port.

This section includes this conceptual information:

•Device Roles

•Authentication Initiation and Message Exchange

•Ports in Authorized and Unauthorized States

-58-

Contents

Page Trademarks Disclaimer FCC Warning CE Mark Warning WEEE Warning Table of Contents Page 7. APPENDIX-B 1. INTRODUCTION 1.1 Packet Contents 1.2 How to Use This Manual 1.3Product Feature 1.4Product Specification Port configuration Security SNMP MIBs Standards Conformance Regulation Compliance Standards Compliance 2. INSTALLATION 2.1 Product Description 2.1.1 Product Overview 2.1.2 Switch Front Panel 2.1.3 LED Indications Lights 2.1.4 Switch Rear Panel 2.2 Install the Switch 2.2.1 Desktop Installation 2.2.2 Rack Mounting 2.2.3 Installing the SFP transceiver Connect the fiber cable “1000 Force” Remove the transceiver module 3.CONSOLE MANAGEMENT 3.1Connecting to the Switch 3.2 Login in the Console Interface 3.3 Console Management 3.4 Telnet login 3.5 Commands 3.5.2 Privileged Command 3.5.2.2 Copy command 3.5.2.3 Disable command 3.5.2.4 Reboot command 3.5.2.5 Set command Page 3.5.2.6 Show command Page 4. WEB-BASEDMANAGEMENT 4.1 About Web-basedManagement 4.2 Preparing for Web Management 4.3 System Login 4.4 System 4.4.1 IP Configuration 4.4.2 SNMP SNMP Operations Get Set Trap 4.2.2.2 SNMP Configuration System/SNMP 1. SNMP Agent Status Configuration Enabled / Disabled: 2. System Options “system options” System Name: System Location: Contact: 4. Management Station Configuration 。Trap Community: must be the same string as “Add community” “Current Management Stations” 4.4.3 Password 4.4.4 CONSOLE 4.4.5 System Upgrade 4.4.6 Saving Parameters 4.4.7 Parameters Backup & Recovery 4.4.8 Load Default 4.4.9 Reboot 4.5 Port Management 4.5.1 Port Configuration 4.5.2 Port Statistics 4.5.3 Port Band Restrict 4.6 Redundancy 4.6.1 Spanning Tree 1. Spanning Tree Protocol Bridge Protocol Data Units Creating a Stable STP Topology STP Port States Each port on a switch using STP exists is in one of the following five states: Blocking Listening Learning 2. STP Parameters Variable Port Priority Port Cost Default Spanning-TreeConfiguration Feature 3. Illustration of STP 4.6.2 Spanning Tree Configuration 1. Spanning Tree Configuration 2. Bridge Information 3. STP Port Configuration Auto True – False Port Priority: Path Cost: 4.6.3 Link Aggregation 4.7 Security 4.7.1 VLAN Port-basedVLAN IEEE 802.1Q VLANs Tagging Untagging 802.1Q VLAN Tags 802.1Q Tag Adding an IEEE802.1Q Tag Port VLAN ID Default VLANs "default 4.7.1.2 VLAN Configuration Port-basedVLAN Configuration VLAN Configuration Port-based Port-base Understand nomenclature of the Switch tagged untagged “Access” Always Untag “Trunk” “port2” Link Type Acces Trunk Access Trunk configuration: VID VLAN Name Set VLAN’s VID & Name “Add/Modify” 4.7.2 MAC Address Bind 4.7.3 MAC Address Filtering 4.7.4 MAC Address Learning 4.7.5 MAC Address Aging Time 4.7.6 802.1X Port-BasedNetwork Access Control „Device Roles Client Authentication server Switch „Authentication Initiation and Message Exchange dot1x port-control auto „Ports in Authorized and Unauthorized States 4.7.6.2 802.1X Configuration Page Radius Server •RADIUS Server IP Address •Authentication Port(1-65535) •Share Key Page Active Directory Users and Computers 6.The last, run your 802.1X Client 4.7.6.3 802.1X Client Configuration •Configure Sample: EAP-MD5Authentication 1.Go to Start > Control Panel, double-clickon “Network Connections” Properties Page Page 4.8 QoS 4.8.1 Understand QOS QoS Terminology 4.8.2 QOS Configuration 1. MAC-COSMapping 2. VLAN-COSMapping 3. 802.1p-CoSMapping 4. Port-COSMapping 5. COS-QueueMapping 6. Queue Management 4.9 Multicast 4.9.1 IGMP Snooping Theory IGMP Versions 1 and “leave” “Enable” IGMP Snooping Status Immediate-Leave: Forwarding all leave pkt: 4.9.3 IGMP Port Policy Configure Sample: Set IGMP Port Policy Group Number Join/Report 4.9.4 IGMP Group Policy IGMP Group-PolicyApplication Delete: Index Page 4.9.5 Static Routing Port „Static Routing Port and Multicast group VLAN member configue „VLAN configure 4.10 Port Analysis 4.10.1 Port Analysis 4.10.2 Port Mirror 4.11 Storm Control 4.12 IP Stacking Manamement status Management mode IP Stacking group System priority •Master Switch configuration planet_switch •Client Switch configuration Master switch “Saving parameters” Page 5. TROUBLE SHOOTING 5.1 Incorrect connections 5.1.1 Faulty or loose cables 5.1.2 Non-standardcables 5.1.3 Improper Network Topologies 5.2.1 Cabling 6. APPENDIX 6.1 Console Port Pin Assignments 6.2 100BASE-TX/10BASE-TPin Assignments 7. APPENDIX-B Add/Modify add close Egress Policy PVID=2 PVID=3 „802.1Q VLAN - Multi-UntaggedVLAN setting sample „ VLAN Group Membership 192.168.0.222 VLAN Configuration 192.168.0.10 VLAN Configuration Port18 Untag=1,2,3,4 Port3 192.168.0.30 VLAN Configuration „VLAN Group Membership Page Part No. 2081-A92310-002