SMC Networks 10/100 U, A, 2-17, Configuring RADIUS Logon Authentication

C

ONFIGURING

U

SER

A

UTHENTICATION

2-17Configuring RADIUS Logon Authentication

Remote Authentication Dial-in User Service (RADIUS) is a logon

authentication protocol that uses software running on a central

server to control access to RADIUS-compliant devices on the

network. An authentication server contains a database of mu ltiple

user name/password pairs with associated privilege levels for each

user or group that require management access to a switch.

Command Usage

• By default, management access is always checked against the

authentication database stored on the local switch. If a remote

authentication server is used, you must specify the

authentication sequence and the corresponding parameters for

the remote authentication protocol.

• RADIUS uses UDP, which only offers best-effort delivery. Also,

RADIUS encrypts only the password in the access-request

packet from the client to the server.

• RADIUS logon authentication assigns a specific privilege level

for each user name/password pair. The user name, password,

and privilege level must be configured on the authentication

server.

• You can specify one to two authentication methods for any

user to indicate the authentication sequence. For example, if

you select (1) RADIUS and (2) Local, the user name and

password on the RADIUS server is verified first. If the RADIUS

server is not available, then the local user name and password

is checked.

Contents

Main TigerSwitch 10/100 24-Port Fast Ethernet Switch Management Guide Page Page Page L W IMITED v ARRANTY W IMITED ARRANTY vi ONTENTS 1 Switch Management . . . . . . . . . . . . . . . . . . . . . . 1-1 2 Configuring the Switch . . . . . . . . . . . . . . . . . . . . 2-1 ii iii 3 Command Line Interface . . . . . . . . . . . . . . . . . . 3-1 iv v vi vii Page 1-1 1 S M WITCH ANAGEMENT Connecting to the Switch M 1-2 S 1-3 Required Connections M 1-4 Remote Connections C 1-5 Basic Configuration Console Connection M 1-6 Setting Passwords C 1-7 Setting an IP Address M 1-8 C 1-9 M 1-10 Enabling SNMP Management Access C 1-11 M 1-12 Saving Configuration Settings S F Managing System Files M 1-14 System Defaults D 1-15 M 1-16 D 1-17 Page 2-1 2 S THE ONFIGURING Navigating the Web Browser Interface Page S 2-4 Panel Display M 2-5 Main Menu S 2-6 M 2-7 S 2-8 C 2-9 Basic Configuration Displaying System Information Page C 2-11 Setting the IP Address S 2-12 C 2-13 Manual Configuration Using DHCP/BOOTP S 2-14 U A Configuring User Authentication Configuring the Logon Password S 2-16 U A 2-17 Configuring RADIUS Logon Authentication S 2-18 U A 2-19 Managing Firmware F 2-21 S 2-22 Saving or Restoring Configuration Settings Downloading Configuration Settings from a Server F 2-23 S 2-24 Resetting the System Displaying Bridge Extension Capabilities B C E 2-25 Page Enabling or Disabling GVRP (Global Setting) S 2-28 Displaying Switch Hardware/Software Versions Page S 2-30 Port Configuration Displaying Connection Status C 2-31 S 2-32 Configuring Interface Connections C 2-33 S 2-34 Setting Broadcast Storm Thresholds C 2-35 S 2-36 Page Address Table Settings Page Page Page Spanning Tree Algorithm Configuration T C A 2-43 Managing Global Settings S 2-44 Page S CLI THE 2-46 Page S 2-48 T C A 2-49 S 2-50 T C LGORITHM A REE VLAN Configuration 2-53 Assigning Ports to VLANs S 2-54 2-55 S 2-56 Forwarding Tagged/Untagged Frames Displaying Basic VLAN Information 2-57 Displaying Current VLANs Command Attributes (Web) Page 2-59 Creating VLANs S 2-60 2-61 Adding Static Members to VLANs (VLAN Index) S 2-62 2-63 Page 2-65 Configuring VLAN Behavior for Interfaces S 2-66 2-67 S 2-68 Configuring Private VLANs P VLAN 2-69 Displaying Current Private VLANs Page P VLAN 2-71 Configuring Private VLANs S 2-72 Associating Community VLANs Page S 2-74 P VLAN 2-75 Configuring Private VLAN Interfaces S 2-76 C Class of Service Configuration S 2-78 Setting the Queue Mode T Port Trunk Configuration S 2-80 Page S 2-82 Configuring SNMP SNMP 2-83 Setting Community Access Strings Page SNMP 2-85 S 2-86 Multicast Configuration C 2-87 Configuring IGMP Parameters S 2-88 C 2-89 Interfaces Attached to a Multicast Router S 2-90 Displaying Interfaces Attached to a Multicast Router Page Page Page Page C 2-95 Showing Port Statistics Page S THE 2-98 Rate Limit Configuration L C 2-99 Command Attribute Configuring 802.1x Port Authentication 802.1 A P 2-101 S 2-102 Displaying 802.1x Global Settings 802.1 A ORT P X S 2-104 Page Page 802.1 A Statistical Values P 2-107 Page Page Page 3 I INE L OMMAND L I 3-2 Telnet Connection I L C 3-3 Entering Commands C 3-5 Command Completion Getting Help on Commands Showing Commands Page C 3-7 Understanding Command Modes Exec Commands L I 3-8 Configuration Commands C 3-9 L I 3-10 Command Groups G 3-11 L I 3-12 C 3-13 General Commands enable L I 3-14 disable C 3-15 configure L I 3-16 show history C 3-17 reload end L I 3-18 exit C Flash/File Commands L I 3-20 copy C 3-21 L I 3-22 delete C 3-23 dir L I 3-24 whichboot C 3-25 boot system L I System Management Commands M C 3-27 hostname username L I 3-28 M C 3-29 enable password L I 3-30 ip http port Page Page M C ANAGEMENT YSTEM 3-33 Page M C ANAGEMENT YSTEM 3-35 L I 3-36 show system M C 3-37 show users show version Authentication Commands C 3-39 authentication login L I 3-40 radius-server host C 3-41 radius-server port Page C 3-43 radius-server timeout show radius-server L Port Authentication Commands A C 3-45 authentication dot1x Page Page Page Page Page A C 3-51 show dot1x L I 3-52 A C UTHENTICATION ORT 3-53 SNMP Commands snmp-server community 3-55 snmp-server contact Page 3-57 snmp-server host L I 3-58 snmp-server enable traps 3-59 show snmp L I 3-60 C 3-61 IGMP Snooping Commands ip igmp snooping L I 3-62 ip igmp snooping query-count C 3-63 ip igmp snooping query-max-response-time L I 3-64 ip igmp snooping router-port-expire-time C 3-65 ip igmp snooping version L I 3-66 show ip igmp snooping C 3-67 show mac-address-table multicast L I Line Commands C 3-69 line L I 3-70 login C 3-71 password L I 3-72 exec-timeout C 3-73 password-thresh L I 3-74 silent-time C 3-75 databits L I 3-76 parity C 3-77 speed Page 3-79 Example To show all lines, enter this command: IP Commands L I 3-80 ip address 3-81 ip dhcp restart L I 3-82 ip default-gateway 3-83 show ip interface Page 3-85 L I 3-86 HOL Blocking Prevention Commands queue hol-prevention HOL B C P 3-87 show queue hol-prevention Interface Commands C 3-89 interface L I 3-90 description speed-duplex C 3-91 L I 3-92 negotiation C 3-93 capabilities Default Setting L I 3-94 flowcontrol C 3-95 Page C 3-97 switchport broadcast percent L I 3-98 clear counters Page L I 3-100 show interfaces counters C NTERFACE 3-101 L I 3-102 show interfaces switchport C 3-103 L I 3-104 Rate Limit Commands L C 3-105 rate-limit L Address Table Commands T C 3-107 mac-address-table static L I 3-108 clear mac-address-table dynamic T C 3-109 show mac-address-table L I 3-110 mac-address-table aging-time T Spanning Tree Commands L I 3-112 spanning-tree T C 3-113 spanning-tree forward-time Page T C 3-115 spanning-tree max-age Page T C 3-117 spanning-tree port-priority L I 3-118 spanning-tree portfast T C 3-119 show spanning-tree L I 3-120 3-121 VLAN Commands L I 3-122 vlan database 3-123 Page 3-125 switchport mode L I 3-126 switchport acceptable-frame-types 3-127 switchport ingress-filtering L I 3-128 switchport native vlan 3-129 switchport allowed vlan L I 3-130 switchport forbidden vlan 3-131 show vlan L I 3-132 Private VLAN Commands VLAN C 3-133 L I 3-134 private-vlan VLAN C 3-135 private vlan association L I 3-136 switchport mode private-vlan VLAN C 3-137 switchport private-vlan host-association Page VLAN C 3-139 show vlan private-vlan L I GVRP and Bridge Extension Commands switchport gvrp GVRP C E B 3-141 L I 3-142 garp timer GVRP C E B 3-143 L I 3-144 bridge-ext gvrp GVRP C E B 3-145 Priority Commands C 3-147 queue mode show queue mode L Mirror Port Commands port monitor P C 3-149 show port monitor L Port Trunking Commands T C 3-151 L I 3-152 port-group Page Page A PPENDIX A-1 A T ROUBLESHOOTING A-2 Page F P S B-2 B-3 F P S Restoring Switch Defaults S D 4. Enter <q> and then <x> to return to the main menu. ESTORING EFAULTS Page G Glossary-1 LOSSARY Glossary-2 Glossary-3 Glossary-4 Glossary-5 Glossary-6 Glossary-7 Page Page Page I NDEX Index-1 A B R S T U V