Manuals / TP-Link / Computer Equipment / Switch

TP-Link TL-SL5428E manual 179

Models: TL-SL5428E

1 259

Download 259 pages 46.72 Kb

Page 187

RADIUS Access-Challenge packet. The switch then sends the key to the 802.1X client program.

5.Upon receiving the key (encapsulated in an EAP-Request/MD5 Challenge packet) from the switch, the client program encrypts the password of the supplicant system with the key and sends the encrypted password (contained in an EAP-Response/MD5 Challenge packet) to the RADIUS server through the switch. (The encryption is irreversible.)

6.The RADIUS server compares the received encrypted password (contained in a RADIUS Access-Request packet) with the locally-encrypted password. If the two match, it will then send feedbacks (through a RADIUS Access-Accept packet and an EAP-Success packet) to the switch to indicate that the supplicant system is authorized.

7.The switch changes the state of the corresponding port to accepted state to allow the supplicant system access the network. And then the switch will monitor the status of supplicant by sending hand-shake packets periodically. By default, the switch will force the supplicant to log off if it can not get the response from the supplicant for two times.

8.The supplicant system can also terminate the authenticated state by sending EAPOL-Logoff packets to the switch. The switch then changes the port state from accepted to rejected.

（2） EAP Terminating Mode

In this mode, packet transmission is terminated at authenticator systems and the EAP packets are mapped into RADIUS packets. Authentication and accounting are accomplished through RADIUS protocol.

In this mode, PAP or CHAP is employed between the switch and the RADIUS server. This switch supports the PAP terminating mode. The authentication procedure of PAP is illustrated in the following figure.

Figure 11-21 PAP Authentication Procedure

In PAP mode, the switch encrypts the password and sends the user name, the randomly-generated key, and the supplicant system-encrypted password to the RADIUS server for further authentication. Whereas the randomly-generated key in EAP-MD5 relay mode is generated by the authentication server, and the switch is responsible to encapsulate the authentication packet and forward it to the RADIUS server.

179

Image 187

TP-Link TL-SL5428E manual 179

Contents

Rev 1910010529 Copyright & Trademarks Contents Gvrp TC Protect 101 11.4.1 Ntdp 11.4.2VII Package Contents Overview of This Guide About this GuideIntended Readers ConventionsPath Switch, which facilitates you to monitor the Igmp messages Return to Contents Main Features Overview of the SwitchIntroduction Front Panel Appearance Description¾ LEDs Name Status Indication Rear Panel Login Login to the SwitchConfiguration Return to Contents ¾ Port Status SystemSystem Info System SummaryRate ¾ Port InfoPort Type¾ Bandwidth Utilization Device Description¾ Device Description System Time ¾ Time Config¾ Time Info System IP User Table User Manage¾ User Info User ConfigUser ID, Name, Access Level and status Operation Config RestorePassword Confirm Password Retype the passwordFirmware Upgrade Config Backup¾ Config Backup System Reset System RebootAccess Control Access SecurityMAC Address ¾ Access Control Config¾ Session Config IP Address&Mask¾ Access User Number SSL Config¾ Key Download SSH Config¾ Global Config ¾ Certificate DownloadProtocol Idle TimeoutMax Connect ¾ Network Requirements ¾ Configuration ProcedureKey Type DownloadApplication Example 2 for SSH Page Return to Contents Port Select SwitchingPort Config PortFlow Control Port MirrorDescription Speed and DuplexEgress ¾ Mirroring Port¾ Mirrored Port Ingress¾ Port Security Port SecurityMax Learned MAC Port IsolationLearned Num Forward Portlist Display the forwardlist ¾ Port Isolation ConfigForward Portlist Select the port that to be forwarded to ¾ Port Isolation ListLAG Table LAGMember Aggregate Arithmetic¾ LAG Table Group NumberStatic LAG ¾ LAG ConfigLAG will delete this LAG Lacp ConfigPort Priority ¾ Lacp ConfigAdmin Key System PriorityTraffic Summary Traffic Monitor¾ Auto Refresh Traffic Statistics MAC Address Address and the port Type Configuration Way Aging outRelationship Bound¾ Address Table ¾ Search Option¾ Create Static Address MAC Address Displays the MAC address learned by the switchStatic Address Displays the corresponding Vlan ID of the MAC address¾ Static Address Table Dynamic Address¾ Dynamic Address Table ¾ Aging ConfigBind Filtering Address¾ Filtering Address Table ¾ Create Filtering AddressVlan implementation Vlan¾ Link Types of ports 802.1Q Vlan¾ Pvid Vlan ConfigMembers Operation ： ¾ Vlan TableVlan ID Select Description ：¾ Vlan Members ¾ Vlan ConfigEnter the ID number of Vlan Is valid or notPort Displays the port number ¾ Vlan Port ConfigVlan Description Required. On the VLAN→802.1Q VLAN→Port Config page, setRequired. On the VLAN→802.1Q VLAN→VLAN Config ¾ Vlan of PortMAC Vlan Optional. On the VLAN→802.1Q VLAN→VLAN Config¾ MAC Vlan Table Port EnableMAC Select Protocol Vlan Required. On the VLAN→MAC VLAN→Port Enable¾ Protocol Vlan Table Protocol VlanProtocol Template ¾ Create Protocol Vlan¾ Protocol Template Table ¾ Create Protocol TemplateApplication Example for 802.1Q Vlan Operation Description Required. On VLAN→802.1Q VLAN→Port Config page, configureRequired. On VLAN→802.1Q VLAN→VLAN Config page, create a Application Example for MAC Vlan¾ Network Diagram ¾ Configuration Procedure Application Example for Protocol Vlan Required. On VLAN→Protocol VLAN→Protocol Template Protocol type Value On VLAN→Protocol VLAN→Protocol Vlan page, create protocolVlan Mapping VPN Config¾ VPN Up-link Ports ¾ Vlan Mapping Table ¾ Vlan Mapping ConfigRequired. On the VLAN→VLAN VPN→VLAN Mapping Required. On the VLAN→VLAN VPN→VPN ConfigOptional. On the VLAN→VLAN VPN→VPN Config Required. On the VLAN→VLAN VPN→Port Enable¾ Garp Gvrp¾ Gvrp Select Port Status Registration Mode ¾ Port ConfigPrivate Vlan Configuration Procedure¾ The Elements of a Private Vlan ¾ Features of Private Vlan¾ Private Vlan Implementation Pvid ¾ Packet forwarding in Private Vlan Pvlan Secondary Vlan ¾ Create Private Vlan¾ Private Vlan Table Primary VlanRequired. On the VLAN→Private VLAN→PVLAN Port Select the desired port for configuration Port TypeRequired. On the VLAN→Private VLAN→Port Configure ¾ Private Vlan Port TableApplication Example for Private Vlan Required. On the VLAN→802.1Q VLAN→VLAN Config page, click ¾ STP Elements Spanning Tree¾ Bpdu Comparing Principle in STP mode ¾ STP TimersStep Operation ¾ STP Generation¾ Rstp Elements Tips：¾ Mstp Elements ¾ Port Roles ¾ Port StatesSTP Config STP ConfigMax Age Forward DelayVersion Hello TimeSTP Summary STP Summary Port ConfigEdge Port PriorityExtPath IntPathPort Status Region ConfigMstp Instance Port Role¾ Region Config Instance ConfigClear Instance Port Config¾ Instance Table InstancePath Cost Instance IDPort Protect STP Security¾ Bpdu Protect ¾ TC Protect¾ Bpdu Filter Bpdu Protect Loop ProtectRoot Protect TC Protect11 TC Protect TC ProtectOn Spanning Tree→MSTP Instance→Instance On Spanning Tree→STP Config→STP ConfigOn Spanning Tree→STP Config→Port Config Application Example for STP FunctionBridge of Instance Configure Switch D ¾ Suggestion for Configuration ¾ Multicast Overview Multicast¾ Multicast Address Multicast IP Port ¾ Multicast Address Table¾ Igmp Messages Igmp Snooping¾ Igmp Snooping ¾ Igmp Snooping Process¾ Igmp Snooping Fundamentals Snooping ConfigDescription Displays Igmp Snooping status Member ¾ Igmp Snooping StatusFast Leave Igmp SnoopingStatic Router Port Router Port TimeMember Port Time Leave TimeRouter Port Snooping→Snooping Config and Port ConfigMulticast→IGMP Snooping→VLAN Config Multicast Vlan¾ Multicast Vlan Multicast→IGMP Snooping→Multicast Vlan On the Multicast→IGMP Snooping→Snooping ConfigApplication Example for Multicast Vlan VlanMulticast IP ¾ Configuration Procedure Step Operation DescriptionSnooping→Port Config Snooping→Snooping ConfigStatic Multicast IP Multicast IP Table¾ Static Multicast IP Table ¾ Create Static MulticastIP-Range Multicast FilterPort Filter ¾ Port Filter ConfigMulticast→Multicast Filter→IP-Range Packet StatisticsMulticast→Multicast Filter→Port Filter ¾ Igmp Statistics QoS ¾ Priority Mode¾ QoS 802.1Q frame ¾ Schedule ModeSP-Mode Displays the LAG number which the port belongs to ¾ Port Priority ConfigDiffServ Port Priority¾ Schedule Mode Config Schedule Mode3 802.1P Priority ¾ 802.1P Priority Config¾ Priority Level Dscp Priority Priority levels are labeled as TC0, TC1, TC2 and TC3 ¾ Dscp Priority ConfigIt ranges from 0 to Priority LevelBandwidth Control ¾ Rate Limit ConfigRate Limit Ingress Rate bps Storm ControlEgress Ratebps Multicast Rate ¾ Storm Control ConfigBroadcast Rate BpsVoice Vlan ¾ Port Voice Vlan ModeNumber OUI Address Vendor Packet Type Processing Mode ¾ Security Mode of Voice Vlan12 Global Configuration Global Config13 Port Config Port ModeOUI Config Required. On QoS→Voice VLAN→Global Config Required. On VLAN→802.1Q VLAN→Port ConfigOptional. On QoS→Voice VLAN→OUI Config page, you Required. On QoS→Voice VLAN→Port ConfigIndex ACLTime-Range Time-Range SummaryTime-Range Create ¾ Holiday Table ACL ConfigHoliday Config ¾ Create Holiday¾ Create ACL ACL SummaryACL Create ¾ Rule TableEtherType MAC ACL¾ Create MAC ACL Rule IDMask Standard-IP ACL¾ Create Standard-IP ACL Fragment¾ Create Extend-IP ACL Extend-IP ACLPolicy Summary Policy ConfigDesired policy, please click the Delete button Policy CreateAction Create Select Policy¾ Create Action 11 Action Create¾ Policy Bind Table Policy BindingBinding Table Port BindingDirection Displays the binding direction Vlan BindingEnter the ID of the Vlan you want to bind ¾ VLAN-Bind Table Application Example for ACLOn ACL→ACL Config→ACL Create page, create ACL On ACL→ACL Config→Standard-IP ACL page, select ACL IP-MAC Binding Network SecurityManual Binding ¾ Manual Binding Table ¾ Manual Binding OptionEnter the Vlan ID Protect Type Select the Protect Type for the entryARP Scanning Scan Dhcp SnoopingStart IP Address End IP Address¾ Dhcp Working Principle Network diagram for DHCP-snooping implementation¾ Option ¾ Dhcp Cheating Attack Dhcp Cheating Attack Implementation Procedure163 Customization Circuit ID Remote ID ¾ Option 82 Config¾ Port Config Port Select Decline Threshold Decline Flow Control¾ Imitating Gateway ARP Inspection¾ Cheating Gateway ¾ Cheating Terminal Hosts 10 ARP Attack Cheating Gateway¾ Man-In-The-Middle Attack ¾ ARP Flooding Attack ¾ ARP Detect ARP Detect¾ Trusted Port Required. On the Network Security→IP-MAC ARP DefendNetwork Security→ARP Speed ARP Statistics¾ ARP Defend Defend¾ Illegal ARP Packet IP Source GuardDoS Defend ¾ IP Source Guard ConfigDoS Attack Type Description DoS Detect DoS DefendAttack Type 11.5Detect Time Detect¾ 802.1X Authentication Procedure ¾ The Mechanism of an 802.1X Authentication System178 179 ¾ Guest Vlan ¾ 802.1X TimerGuest Vlan ID Authentication Method802.1X Guest VlanServer Timeout Supplicant TimeoutRetry Times Authorized Control ModeRadius Server Control TypeRequired. On the Network Security→802.1X→Port On the Network Security→802.1X→Global Config802.1X Client Software Required. On the Network Security→802.1X→Radius¾ Snmp Versions Snmp¾ Snmp Overview ¾ Snmp Management Frame¾ MIB Introduction ¾ Snmp Configuration Outline¾ Local Engine Snmp Config¾ Remote Engine View Name Snmp ViewMIB Object ID View TypeSnmp Group ¾ Group Config¾ Group Table Snmp UserPrivacy Password Auth ModeAuth Password Privacy ModeAccess ¾ Community ConfigSnmp Community ¾ Community Table Required. On the SNMP→SNMP Config→GlobalRequired. On the SNMP→SNMP Config→SNMP MIB ViewNotification On the SNMP→SNMP Config→SNMPRetry TimeoutUDP Port User¾ Rmon Group RmonRmon Group Function History Control Event Config¾ History Control Table ¾ Event Table Alarm ConfigRising Event VariableSample Type Rising Threshold200 ¾ Cluster Role ClusterNeighbor Info 13.1 NDP¾ Introduction to Cluster ¾ Neighbor NDP Summary¾ Neighbor Info NDP ¾ Port Status Displays the port number of the switchDetail ： NDP ConfigAging Time Displays NDP status of the current port Port Displays the port number of the switchNtdp Device TableNtdp Summary Ntdp Summary Ntdp Interval Time Ntdp ConfigNtdp Hops Cluster EnableCluster Summary ¾ Member Info ¾ Global Config Cluster¾ Cluster Config ¾ Global Cluster11 Cluster Summary for Member Switch Switch¾ Current Role Cluster Config¾ Role Change 14 Cluster Configuration for Commander Switch 16 Cluster Configuration for Individual Switch Member ConfigMember MAC Cluster Topology¾ Create Member Device Name¾ Graphic Show 18 Collect TopologyApplication Example for Cluster Function On Cluster→NTDP→NTDP Config page, enable On Cluster→NDP→NDP Config page, enable NDP220 System Monitor MaintenanceCPU Monitor Memory Monitor 14.2 Log Module ContentLog Table TimeLog Buffer ¾ Local Log ConfigLocal Log Remote Log¾ Log Host Backup LogHost IP ¾ Cable Test ¾ Backup LogDevice Diagnose Cable TestLength ErrorSwitch is available LoopbackTest ¾ Ping ConfigNetwork Diagnose PingTracert ¾ Tracert ConfigHardware Installation System Maintenance via FTPConfigure the Hyper Terminal 232 5Port Settings Download Firmware via bootrom menuTP-LINK upgrade You can only use the port 1 to upgrade TP-LINK ifconfig ip 172.31.70.22 mask 255.255.255.0 gatewayTP-LINK start Start User Access Login Appendix a Specifications Configure TCP/IP component Appendix B Configuring the PCs238 Now Appendix C 802.1X Client Software Installation Guide241 242 Figure C-7 InstallShield Wizard Complete Uninstall SoftwareFigure C-10 Uninstall Complete Configuration245 Figure C-15 Connection Status FAQ Appendix D Glossary Ieee 802.1Q Multicast SwitchingGroup Attribute Registration Protocol Garp Ieee 802.1DLink Aggregation Control Protocol Lacp Port AuthenticationRemote Authentication Dial-in User Service Radius Link AggregationTelnet Simple Network Management Protocol SnmpSimple Network Time Protocol Sntp Spanning Tree Algorithm STA