Network Security Overview

Defining Network Authentication Properties

Configuring Traffic Control

5.2.1 Network Security Overview

This section provides an overview of network security and contains the following topics:

Port-Based Authentication

Advanced Port-Based Authentication

5.2.1.1 Port-Based Authentication

Port-based authentication authenticates users on a per-port basis via an external server. Only authenticated and approved system users can transmit and receive data. Ports are authenticated via the RADIUS server using the Extensible Authentication Protocol (EAP). Port-based authentication includes:

Authenticators — Specifies the device port which is authenticated before permitting system access.

Supplicants — Specifies the host connected to the authenticated port requesting to access the system ser-vices.

Authentication Server — Specifies the server that performs the authentication on behalf of the authenticator, and indicates whether the supplicant is authorized to access system services.

Port-based authentication creates two access states:

Controlled Access — Permits communication between the supplicant and the system, if the supplicant is authorized.

Uncontrolled Access — Permits uncontrolled communication regardless of the port state.

The device currently supports port-based authentication via RADIUS servers.

5.2.1.2 Advanced Port-Based Authentication

Advanced port-based authentication enables multiple hosts to be attached to a single port. Advanced port-based authentication requires only one host to be authorized for all hosts to have system access. If the port is unautho-rized, all attached hosts are denied access to the network.

Advanced port-based authentication also enables user-based authentication. Specific VLANs in the device are always available, even if specific ports attached to the VLAN are unauthorized. For example, Voice over IP does not require authentication, while data traffic requires authentication. VLANs for which authorization is not required can be defined. Unauthenticated VLANs are available to users, even if the ports attached to the VLAN are defined as authorized.

Advanced port-based authentication is implemented in the following modes:

Single Host Mode — Allows port access only to the authorized host.

Multiple Host Mode — Multiple hosts can be attached to a single port. Only one host must be authorized for all hosts to access the network. If the host authentication fails, or an EAPOL-logoff message is received, all attached clients are denied access to the network.

Guest VLANs — Provides limited network access to authorized ports. If a port is denied network access via port- based authorization, but the Guest VLAN is enabled, the port receives limited network access. For example, a network administrator can use Guest VLANs to deny network access via port-based authentication, but grant Internet access to unauthorized users.

Unauthenticated VLANS — Are available to users, even if the ports attached to the VLAN are defined as unauthorized.

5.2.2 Defining Network Authentication Properties

The Network Security Authentication Properties Page allows network managers to configure network authentication

3 2

Page 38 Page 40
Page 39
Image 39
TP-Link TL-SL3452 manual Network Security Overview, Defining Network Authentication Properties, Port-Based Authentication
Page 38 Page 40

TL-SG3109, TL-SL3428, TL-SL3452 specifications

The TP-Link TL-SL3428 is a feature-rich Ethernet switch designed for small to medium-sized business environments. It is part of TP-Link’s JetStream series, which emphasizes reliability, performance, and robust management capabilities. Built with 28 10/100/1000 Mbps ports, the TL-SL3428 provides sufficient bandwidth to support a wide range of network applications.

One of the standout features of the TL-SL3428 is its support for Layer 2 management protocols. This allows for more granular control and optimized performance across network segments. The switch supports VLAN (Virtual Local Area Network) segmentation, which enhances network security and efficiency by isolating various types of traffic. This feature is particularly useful in larger organizations where different departments or teams may require separate network environments.

The TL-SL3428 also includes advanced QoS (Quality of Service) capabilities. This functionality prioritizes traffic based on predefined rules, which ensures that critical applications receive the necessary bandwidth to function optimally. With QoS implementation, users can experience minimized latency, leading to better performance in VoIP and video conferencing applications.

In terms of redundancy and reliability, the switch also supports Link Aggregation Control Protocol (LACP), enabling multiple connections to be combined for increased bandwidth and failover support. This feature significantly enhances network resilience, ensuring minimal downtime during failures.

Power over Ethernet (PoE) support is another important characteristic of the TL-SL3428. With PoE capabilities, this switch can deliver electrical power along with data over the same Ethernet cable, simplifying installation and reducing the need for additional wiring. This is especially advantageous for IP devices like cameras, access points, and VoIP phones.

Security features are abundant in the TL-SL3428 as well. It implements port security, storm control, and DHCP snooping, all of which contribute to a secure network infrastructure. The switch’s management capabilities can be accessed through a user-friendly web interface, making it easier for IT administrators to configure and monitor network activities.

Overall, the TP-Link TL-SL3428 is an exemplary choice for businesses looking to enhance their network performance with advanced management features, security protocols, and reliability. Its combination of speed, flexibility, and manageability make it a valuable tool for any growing organization.
Top Page Image Contents