Manuals / Brands / Computer Equipment / Switch / ZyXEL Communications / Computer Equipment / Switch

ZyXEL Communications ES-2048 Port Authentication, 16.1 Port Authentication Overview, 16.1.1 RADIUS, 16.1.1.1 Vendor Specific Attribute

1 311

Download 311 pages, 8.1 Mb

ES-2048 User’s Guide

CHAPTER 16

Port Authentication

This chapter describes the 802.1x authentication method and RADIUS server connection setup. See Section 33.9 on page 259 for information on how to use the commands to configure additional Radius server settings as well as multiple Radius server configuration.

16.1 Port Authentication Overview

IEEE 802.1x is an extended authentication protocol2 that allows support of RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) for centralized user profile and accounting management on a network RADIUS server.

16.1.1 RADIUS

RADIUS (Remote Authentication Dial-In User Service) authentication is a popular protocol used to authenticate users by means of an external server instead of (or in addition to) an internal device user database that is limited to the memory capacity of the device. In essence, RADIUS authentication allows you to validate an unlimited number of users from a central location.

Figure 52 RADIUS Server

16.1.1.1 Vendor Specific Attribute

A Vendor Specific Attribute (VSA) is an attribute-value pair that is sent between a RADIUS server and the switch. Configure VSAs on the RADIUS server to set the switch to perform the following actions on an authenticated user:

•Limit bandwidth on incoming or outgoing traffic

•Assign account privilege levels

2.At the time of writing, only Windows XP of the Microsoft operating systems supports it. See the Microsoft web site for information on other Windows operating system support. For other operating systems, see its documentation. If your operating system does not support 802.1x, then you may need to install 802.1x client software.

Chapter 16 Port Authentication

131

Contents

User’s Guide Page Copyright Disclaimer Trademarks Certifications Federal Communications Commission (FCC) Interference Statement FCC Warning CE Mark Warning: Taiwanese BSMI (Bureau of Standards, Metrology and Inspection) A Warning: Page Safety Warnings Page ZyXEL Limited Warranty Note Registration Customer Support Page Table of Contents Initial Setup Example System Status and Port Statistics Basic Setting Page Page Page Chapter Maintenance Diagnostic Page User and Enable Mode Commands Page Page List of Figures Page Page Page List of Tables Page Page Page Preface About This User's Guide Related Documentation Syntax Conventions Graphics Icons Key User Guide Feedback Getting to Know Your Switch 1.1 Introduction 1.2 Software Features DHCP Client VLAN Port Mirroring Static Route IGMP Snooping Multicast VLAN Registration (MVR) STP (Spanning Tree Protocol) / RSTP (Rapid STP) Cluster Management Maintenance and Management Features IP Protocols System Monitoring Security 1.3Hardware Features Power 48 10/100 Mbps Fast Ethernet Ports Two Gigabit Ethernet Ports for Uplink Modules Two Slots for Mini-GBICModules 1.4 Applications 1.4.1 Backbone Application 1.4.2 Bridging Example 1.4.3 High Performance Switched Example 1.4.4 IEEE 802.1Q VLAN Application Examples 1.4.4.1 Tag-basedVLAN Example 1.4.4.2 VLAN Shared Server Example Hardware Installation and Connection 2.1 Freestanding Installation 2.2 Mounting the Switch on a Rack 2.2.1Rack-mountedInstallation Requirements 2.2.1.1Precautions 2.2.2Attaching the Mounting Brackets to the Switch 2.2.3Mounting the Switch on a Rack Page Page Hardware Overview 3.1 Panel Connections 3.1.1 Console Port 3.1.2 Ethernet Ports 3.1.2.1 Default Ethernet Settings 3.1.3Mini-GBICSlots 3.1.3.1 Transceiver Installation 3.1.3.2 Transceiver Removal 3.1.4 Power Connector 3.2 LEDs Page The Web Configurator 4.1 Introduction 4.2System Login 4.3The Status Screen 4.4 Menu Overview Page Page 4.4.1 Change Your Password 4.5 Saving Your Configuration 4.6 Switch Lockout 4.7 Resetting the Switch 4.7.1 Reload the Configuration File Transfer Send File 4.7.2 Reset to the Factory Defaults 4.8Logging Out of the Web Configurator 4.9 Help Initial Setup Example 5.1 Overview 5.1.1Creating a VLAN 5.1.2Setting Port VID 5.2 Configuring Switch Management IP Address 3Click Basic Setting and IP Setup in the navigation panel Manageable System Status and Port Statistics 6.1 Overview 6.2 Port Status Summary Figure 25 Status 6.2.1 Status: Port Details Page Page Page Basic Setting 7.1 Overview 7.2 System Information Page 7.3 General Setup Page 7.4 Introduction to VLANs 7.5 Switch Setup Screen Page 7.6 IP Setup 7.6.1 Management IP Addresses Figure 30 IP Setup Table 11 IP Setup 7.7 Port Setup Figure 31 Port Setup Page Page VLAN 8.1 Introduction to IEEE 802.1Q Tagged VLAN 8.1.1 Forwarding Tagged and Untagged Frames 8.2 Automatic VLAN Registration 8.2.1 GARP 8.2.1.1 GARP Timers 8.2.2 GVRP 8.3 Port VLAN Trunking 8.4 Select the VLAN Type 8.5 Static VLAN 8.5.1 Static VLAN Status 8.5.2 Static VLAN Details 8.5.3 Configure a Static VLAN Page 8.5.4 Configure VLAN Port Settings Page 8.6 Protocol Based VLANs 8.7 Configuring Protocol Based VLAN Page 8.8 Create an IP-basedVLAN Example 8.9Port Based VLAN Setup 8.9.1 Configure a Port Based VLAN Page Page Page Page Static MAC Forwarding 9.1 Overview 9.2 Configuring Static MAC Forwarding Page Page Page Filtering 10.1 Configure a Filtering Rule Page Spanning Tree Protocol 11.1 STP/RSTP Overview 11.1.1 STP Terminology 11.1.2 How STP Works 11.1.3 STP Port States 11.2 Rapid Spanning Tree Protocol Status 11.3 Configure Rapid Spanning Tree Protocol Page Page Page Page Bandwidth Control 12.1 Bandwidth Control Overview 12.1.1 CIR and PIR 12.2 Bandwidth Control Setup Page Page Page Broadcast Storm Control 13.1 Broadcast Storm Control Overview 13.2 Broadcast Storm Control Setup Page Page Page Mirroring 14.1 Port Mirroring Setup Figure 49 Mirroring Page Page Link Aggregation 15.1 Link Aggregation Overview 15.2 Dynamic Link Aggregation 15.2.1 Link Aggregation ID 15.3 Link Aggregation Control Protocol Status 15.4 Link Aggregation Setup Page Page Page Port Authentication 16.1 Port Authentication Overview 16.1.1 RADIUS 16.1.1.1 Vendor Specific Attribute 16.1.1.2 Tunnel Protocol Attribute 16.2 Port Authentication Configuration 16.2.1 Configuring RADIUS Server Settings 16.2.2 Activate IEEE 802.1x Security Page Page Port Security 17.1 Port Security Setup 17.2 Port Security Setup Page Page Page Queuing Method 18.1 Queuing Method Overview 18.1.1 Strictly Priority 18.1.2 Weighted Fair Queuing 18.1.3 Weighted Round Robin Scheduling (WRR) 18.2 Configuring Queuing Page Page Multicast 19.1 Multicast Overview 19.1.1 IP Multicast Addresses 19.1.2 IGMP Filtering 19.1.3 IGMP Snooping 19.2 Multicast Status 19.3 Multicast Settings Page Note: 19.4 IGMP Filtering Profile Page 19.5 MVR Overview 19.5.1 Types of MVR Ports 19.5.2 MVR Modes 19.5.3 How MVR Works 19.6 General MVR Configuration Figure 63 MVR Table 42 MVR 19.7 MVR Group Configuration 19.7.1 MVR Configuration Example Page Page DHCP Relay 20.1 DHCP Relay Overview 20.1.1 DHCP Relay Agent Information 20.2DHCP Relay Configuration Figure 69 DHCP Relay Static Route 21.1 Configure Static Routing Page DiffServ Code Point 22.1 DiffServ Overview 22.1.1 DSCP and Per-HopBehavior 22.1.2 DiffServ Network Example 22.2 Activating DiffServ Figure 73 DiffServ 22.3 DSCP-to-IEEE802.1pPriority Mapping Settings 22.3.1 Configuring DSCP Settings Page Page Maintenance 23.1 The Maintenance Screen 23.2 Load Factory Default 23.3Save Configuration 23.4 Reboot System 23.5 Firmware Upgrade 23.6 Restore a Configuration File 23.7 Backup a Configuration File 23.8FTP Command Line 23.8.1 Filename Conventions 23.8.1.1 Example FTP Commands 23.8.2 FTP Command Line Procedure 23.8.3 GUI-basedFTP Clients 23.8.4 FTP Restrictions Page Access Control 24.1 Access Control Overview 24.2 The Access Control Main Screen 24.3 About SNMP 24.3.1 Supported MIBs 24.3.2SNMP Traps 24.3.3 Configuring SNMP 24.4 Setting Up Login Accounts Logins 24.5 SSH Overview 24.6 How SSH works 24.7SSH Implementation on the Switch 24.7.1 Requirements for Using SSH 24.8 Introduction to HTTPS 24.9 HTTPS Example 24.9.1 Internet Explorer Warning Messages 24.9.2 Netscape Navigator Warning Messages 24.9.3 The Main Screen 24.10 Service Port Access Control 24.11 Remote Management Page Page Diagnostic 25.1 Diagnostic Page Syslog 26.1 Overview 26.2 Syslog Setup 26.3 Syslog Server Setup Page Page Cluster Management 27.1 Clustering Management Status Overview 27.2 Clustering Management Status 27.2.1 Cluster Member Switch Management 27.2.1.1 Uploading Firmware to a Cluster Member Switch 27.3 Clustering Management Configuration Page Page Page MAC Table 28.1 MAC Table Overview 28.2 Viewing the MAC Table ARP Table 29.1 ARP Table Overview 29.1.1 How ARP Works 29.2 Viewing the ARP Table Figure 104 ARP Table Table 68 ARP Table Configure Clone 30.1 Configure Clone Settings Page Introducing Commands 31.1 Overview 31.2 Accessing the CLI 31.2.1The Console Port 31.2.1.1 Initial Screen 31.3The Login Screen 31.4 Command Syntax Conventions 31.5Changing the Password 31.6 Privilege Levels 31.7 Command Modes 31.8 Getting Help 31.8.1 List of Available Commands 31.9 Using Command History 31.10 Saving Your Configuration 31.10.1 Switch Configuration File 31.10.2 Logging Out 31.11 Command Summary 31.11.1 User Mode 31.11.2 Enable Mode Page Page Page Page 31.11.3 General Configuration Mode Page Page Page Page Page Page Page Page 31.11.4 interface port-channelCommands Page Page Page 31.11.5 config-vlanCommands 31.11.6 mvr Commands Page Page User and Enable Mode Commands 32.1 Overview 32.2 show Commands 32.2.1 show system-information 32.2.2 show ip 32.2.3 show logging 32.2.4 show interface 32.2.5 show mac address-table 32.3 ping 32.4 traceroute 32.5 Copy Port Attributes 32.6 Configuration File Maintenance 32.6.1 Using a Different Configuration File 32.6.2 Resetting to the Factory Default Page Configuration Mode Commands 33.1 Enabling IGMP Snooping 33.2 Configure IGMP Filter 33.3 Enabling STP 33.4 no Command Examples 33.4.1 Disable Commands 33.4.2 Resetting Commands 33.4.3 Re-enablecommands 33.4.4 Other Examples of no Commands 33.4.4.1no trunk 33.4.4.2 no port-access-authenticator 33.4.4.3no ssh 33.5 Queuing Method Commands 33.6 Static Route Commands 33.7 Enabling MAC Filtering 33.8 Enabling Trunking 33.9 Enabling Port Authentication 33.9.1 RADIUS Server Settings 33.9.2 Port Authentication Settings Page Page Interface Commands 34.1 Overview 34.2 Interface Command Examples 34.2.1 interface port-channel 34.2.2 bpdu-control 34.2.3 broadcast-limit 34.2.4 bandwidth-limit 34.2.5 mirror 34.2.6 gvrp 34.2.7 ingress-check 34.2.8 frame-type 34.2.9 weight 34.2.10 egress set 34.2.11 qos priority 34.2.12 name 34.2.13 speed-duplex 34.2.14 test 34.3 Interface no Command Examples 34.3.1 no bandwidth-limit IEEE 802.1Q Tagged VLAN Page Page Page Page Page Page Page Multicast VLAN Registration Page Troubleshooting 37.1 Problems Starting Up the Switch 37.2 Problems Accessing the Switch 37.2.1 Pop-upWindows, JavaScripts and Java Permissions 37.2.1.1 Internet Explorer Pop-upBlockers 2Select Settings…to open the Pop-upBlocker Settings screen Allowed sites 37.2.1.2JavaScripts Custom Level Scripting Active scripting Scripting of Java applets 37.2.1.3 Java Permissions Advanced 2make sure that Use Java 2 for <applet> under Java (Sun) is selected 37.3 Problems with the Password Page Page Page Page Page Introduction to IP Addresses IP Address Classes and Hosts IP Address Classes and Network ID Subnet Masks Subnetting Example: Two Subnets Example: Four Subnets Example Eight Subnets Subnetting With Class A and Class B Networks Page Symbols Numerics Index