Manuals / Brands / Computer Equipment / Switch / ZyXEL Communications / Computer Equipment / Switch

ZyXEL Communications ES-3124 16.2 Port Authentication Configuration, 16.1.1.2 Tunnel Protocol Attribute

1 337

Download 337 pages, 9.16 Mb

ES-3124 User’s Guide

Note: Refer to the documentation that comes with your RADIUS server on how to configure a VSA.

The following table describes the VSAs supported on the switch.

Table 36 Supported VSA

FUNCTION	ATTRIBUTE

Ingress Bandwidth	Vendor-Id = 890 (ZyXEL)
Assignment	Vendor-Type = 1
	Vendor-data = ingress rate (decimal)
Egress Bandwidth	Vendor-Id = 890 (ZyXEL)
Assignment	Vendor-Type = 2
	Vendor-data = egress rate (decimal)
Privilege Assignment	Vendor-ID = 890 (ZyXEL)
	Vendor-Type = 3
	Vendor-Data = "shell:priv-lvl=N"
	or
	Vendor-ID = 9 (CISCO)
	Vendor-Type = 1 (CISCO-AVPAIR)
	Vendor-Data = "shell:priv-lvl=N"
	where N is a privilege level (from 0 to 14).
	Note: If you set the privilege level of a login account differently
	on the RADIUS server(s) and the switch, the user is
	assigned a privilege level from the database (RADIUS or
	local) the switch uses first for user authentication.

16.1.1.2 Tunnel Protocol Attribute

You can configure tunnel protocol attributes on the RADIUS server to assign a port on the switch to a VLAN (fixed, untagged). This will also set the port’s VID. Refer to RFC 3580 for more information.

Table 37 Supported Tunnel Protocol Attribute

FUNCTIONATTRIBUTE

VLAN Assignment Tunnel-Type = VLAN(13)

Tunnel-Medium-Type = 802(6)

Tunnel-Private-Group-ID = VLAN ID

Note: You must also create a VLAN with the specified VID on the switch.

16.2 Port Authentication Configuration

To enable port authentication, first activate IEEE802.1x security (both on the switch and the port(s)) then configure the RADIUS server settings.

138	Chapter 16 Port Authentication

Contents

User’s Guide Page Copyright Disclaimer Trademarks Certifications Federal Communications Commission (FCC) Interference Statement FCC Warning CE Mark Warning: Taiwanese BSMI (Bureau of Standards, Metrology and Inspection) A Warning: Page Safety Warnings Page ZyXEL Limited Warranty Note Registration Customer Support Page Table of Contents Initial Setup Example System Status and Port Statistics Page Bandwidth Control Mirroring Page DHCP Relay Static Route DiffServ Code Point Maintenance Chapter Diagnostic Syslog Configure Clone User and Enable Mode Commands Page IEEE 802.1Q Tagged VLAN Commands Multicast VLAN Registration Commands Troubleshooting Appendix A Appendix B Page List of Figures Page Page Page List of Tables Page Page Page Preface About This User's Guide Related Documentation Syntax Conventions Graphics Icons Key User Guide Feedback Getting to Know Your Switch 1.1 Introduction 1.2 Software Features DHCP Client VLAN Queuing Port Mirroring Static Route IGMP Snooping Multicast VLAN Registration (MVR) Port Authentication and Security VLAN Stacking Differentiated Services (DiffServ) Classifier and Policy Cluster Management IP Protocols System Monitoring Security Bandwidth Control Quality of Service 1.3 Hardware Features 24 10/100 Mbps Fast Ethernet Ports Mini-GBICSlots Gigabit Ethernet Ports Management Port 1.4.1 Backbone Application 1.4.2 Bridging Example 1.4.3 High Performance Switched Example 1.4.4 IEEE 802.1Q VLAN Application Examples 1.4.4.1 Tag-basedVLAN Example 1.4.4.2 VLAN Shared Server Example Page Page Hardware Installation and Connection 2.1 Freestanding Installation 2.2 Mounting the Switch on a Rack 2.2.1Rack-mountedInstallation Requirements 2.2.1.1Precautions 2.2.2Attaching the Mounting Brackets to the Switch 2.2.3Mounting the Switch on a Rack Page Page Hardware Overview 3.1 Panel Connections 3.1.1 Console Port 3.1.2 Ethernet Ports 3.1.2.1 Default Ethernet Settings 3.1.3 Mini-GBICSlots 3.1.3.1 Transceiver Installation 3.1.3.2 Transceiver Removal 3.2 Rear Panel 3.2.1 Power Connector 3.2.2 External Backup Power Supply Connector 3.3 Front Panel LEDs Page The Web Configurator 4.1 Introduction 4.2System Login 4.3The Status Screen 4.4 Menu Overview Page Page 4.4.1 Change Your Password 4.5 Saving Your Configuration 4.6 Switch Lockout 4.7 Resetting the Switch 4.7.1 Reload the Configuration File 4.7.2 Reset to the Factory Defaults 4.8Logging Out of the Web Configurator 4.9 Help Initial Setup Example 5.1 Overview 5.1.1Creating a VLAN ACTIVE Name VLAN Group ID VLAN2 VLAN Group ID 5.1.2 Setting Port VID 5.2 Configuring Switch Management IP Address System Status and Port Statistics 6.1 Port Status Summary Figure 25 Status 6.1.1 Status: Port Details Page Page Page Basic Setting 7.1 Overview 7.2 System Information Page 7.3 General Setup Page 7.4 Introduction to VLANs 7.5 Switch Setup Screen Page 7.6 IP Setup 7.6.1 Management IP Addresses Figure 30 IP Setup Table 11 IP Setup 7.7 Port Setup Figure 31 Port Setup Page Page VLAN 8.1 Introduction to IEEE 802.1Q Tagged VLAN 8.1.1 Forwarding Tagged and Untagged Frames 8.2 Automatic VLAN Registration 8.2.1 GARP 8.2.1.1 GARP Timers 8.2.2 GVRP 8.3 Port VLAN Trunking 8.4 Select the VLAN Type 8.5 Static VLAN 8.5.1 Static VLAN Status 8.5.2 Static VLAN Details 8.5.3 Configure a Static VLAN Page 8.5.4 Configure VLAN Port Settings Page Page 8.6 Protocol Based VLANs 8.7 Configuring Protocol Based VLAN Page 8.8 Create an IP-basedVLAN Example 8.9 Port-basedVLAN Setup 8.9.1 Configure a Port-basedVLAN Page Page Page Page Static MAC Forwarding 9.1 Configuring Static MAC Forwarding Page Filtering 10.1 Configure a Filtering Rule Page Spanning Tree Protocol 11.1 STP/RSTP Overview 11.1.1 STP Terminology 11.1.2 How STP Works 11.1.3 STP Port States 11.1.4 Multiple RSTP 11.2 Spanning Tree Protocol Main Screen 11.3 Configure Rapid Spanning Tree Protocol Page Page 11.4 Rapid Spanning Tree Protocol Status 11.5 Configure Multiple Rapid Spanning Tree Protocol Page Page 11.6 Multiple Rapid Spanning Tree Protocol Status Page Bandwidth Control 12.1 Bandwidth Control Overview 12.1.1 CIR and PIR 12.2 Bandwidth Control Setup Page Page Page Broadcast Storm Control 13.1 Broadcast Storm Control Setup Page Page Page Mirroring 14.1 Port Mirroring Setup Figure 53 Mirroring Page Page Link Aggregation 15.1 Link Aggregation Overview 15.2 Dynamic Link Aggregation 15.2.1 Link Aggregation ID 15.3 Link Aggregation Control Protocol Status 15.4 Link Aggregation Setup Page Page Page Port Authentication 16.1 Port Authentication Overview 16.1.1 RADIUS 16.1.1.1 Vendor Specific Attribute 16.1.1.2 Tunnel Protocol Attribute 16.2 Port Authentication Configuration 16.2.1 Configuring RADIUS Server Settings 16.2.2 Activate IEEE 802.1x Security Page Page Port Security 17.1 About Port Security 17.2 Port Security Setup Page Page Page Classifier 18.1 About the Classifier and QoS 18.2Configuring the Classifier Figure 61 Classifier UDP TCP IP Protocol Note: UDP TCP IP Protocol 18.3 Viewing and Editing Classifier Configuration 18.4 Classifier Example Page Policy Rule 19.1 Policy Rules Overview 19.1.1 DiffServ 19.1.2 DSCP and Per-HopBehavior 19.2 Configuring Policy Rules Table 45 Policy 19.3 Viewing and Editing Policy Configuration 19.4 Policy Example Page Queuing Method 20.1 Queuing Method Overview 20.1.1 Strictly Priority 20.1.2 Weighted Fair Scheduling 20.1.3 Weighted Round Robin Scheduling (WRR) 20.2 Configuring Queuing Page Page VLAN Stacking 21.1 VLAN Stacking Overview 21.1.1 VLAN Stacking Example 21.2 VLAN Stacking Port Roles 21.3 VLAN Tag Format 21.3.1 Frame Format 21.4 Configuring VLAN Stacking Page Page Multicast 22.1 Multicast Overview 22.1.1 IP Multicast Addresses 22.1.2 IGMP Filtering 22.1.3 IGMP Snooping 22.2 Multicast Status 22.3 Multicast Setting Page Page 22.4 IGMP Filtering Profile Page 22.5 MVR Overview 22.5.1 Types of MVR Ports 22.5.2 MVR Modes 22.5.3 How MVR Works 22.6 General MVR Configuration Figure 74 MVR Table 55 MVR 22.7 MVR Group Configuration 22.7.1 MVR Configuration Example Page Page DHCP Relay 23.1 DHCP Relay Overview 23.1.1 DHCP Relay Agent Information 23.2DHCP Relay Configuration Figure 80 DHCP Relay Static Route 24.1 Configuring Static Route Page DiffServ Code Point 25.1 DiffServ Overview 25.2 Enable DiffServ Figure 82 DiffServ 25.3 Configure DSCP Setting Figure 83 DiffServ Maintenance 26.1 The Maintenance Screen 26.2 Load Factory Defaults 26.3Save Configuration 26.4 Reboot System 26.5 Firmware Upgrade 26.6 Restore a Configuration File 26.7 Backup a Configuration File 26.8FTP Command Line 26.8.1 Filename Conventions 26.8.1.1 Example FTP Commands 26.8.2 FTP Command Line Procedure 26.8.3 GUI-basedFTP Clients 26.8.4 FTP Restrictions Page Access Control 27.1 Access Control Overview 27.2 The Access Control Main Screen 27.3 About SNMP 27.3.1 Supported MIBs 27.3.2SNMP Traps 27.3.3 Configuring SNMP 27.3.4 Setting Up Login Accounts Logins 27.4 SSH Overview 27.5 How SSH works 27.6SSH Implementation on the Switch 27.6.1 Requirements for Using SSH 27.7 Introduction to HTTPS 27.8 HTTPS Example 27.8.1 Internet Explorer Warning Messages 27.8.2 Netscape Navigator Warning Messages 27.8.3 The Main Screen Page 27.9 Service Port Access Control 27.10 Remote Management Page Diagnostic 28.1 Diagnostic Page Syslog 29.1 Syslog Overview 29.2 Syslog Setup 29.3 Syslog Server Setup Page Page Cluster Management 30.1 Cluster Management Status Overview 30.2 Cluster Management Status 30.2.1 Cluster Member Switch Management 30.2.1.1 Uploading Firmware to a Cluster Member Switch 30.3 Clustering Management Configuration Page Page Page MAC Table 31.1 MAC Table Overview 31.2 Viewing the MAC Table ARP Table 32.1 ARP Table Overview 32.1.1 How ARP Works 32.2 Viewing the ARP Table Figure 114 ARP Table Table 79 ARP Table Configure Clone 33.1 Configure Clone Page Introducing Commands 34.1 Overview 34.2 Accessing the CLI 34.2.1The Console Port 34.2.1.1 Initial Screen 34.3The Login Screen 34.4 Command Syntax Conventions 34.5Changing the Password 34.6 Privilege Levels 34.7 Command Modes 34.8 Getting Help 34.8.1 List of Available Commands 34.9 Using Command History 34.10 Saving Your Configuration 34.10.1 Switch Configuration File 34.10.2 Logging Out 34.11 Command Summary 34.11.1 User Mode 34.11.2 Enable Mode Page Page Page Page 34.11.3 General Configuration Mode Page Page Page Page Page Page Page Page Page Page Page Page 34.11.4 interface port-channelCommands Page Page Page 34.11.5 config-vlanCommands 34.11.6 mvr Commands Page Page User and Enable Mode Commands 35.1 Overview 35.2 show Commands 35.2.1 show system-information 35.2.2 show ip 35.2.3 show logging 35.2.4 show interface 35.2.5 show mac address-table 35.3 ping 35.4 traceroute 35.5 Copy Port Attributes 35.6 Configuration File Maintenance 35.6.1 Using a Different Configuration File 35.6.2 Resetting to the Factory Default Page Configuration Mode Commands 36.1 Enabling IGMP Snooping 36.2 Configure IGMP Filter 36.3 Enabling STP Page 36.4 no Command Examples 36.4.1 Disable Commands 36.4.2 Resetting Commands 36.4.3 Re-enablecommands 36.4.4 Other Examples of no Commands 36.4.4.1 no trunk 36.4.4.2no port-access-authenticator 36.4.4.3 no ssh 36.5 Queuing Method Commands 36.6 Static Route Commands 36.7 Enabling MAC Filtering 36.8 Enabling Trunking 36.9 Enabling Port Authentication 36.9.1 RADIUS Server Settings 36.9.2 Port Authentication Settings Page Page Interface Commands 37.1 Overview 37.2 Interface Command Examples 37.2.1 interface port-channel 37.2.2 bpdu-control 37.2.3 broadcast-limit 37.2.4 bandwidth-limit 37.2.5 mirror 37.2.6 gvrp 37.2.7 ingress-check 37.2.8 frame-type 37.2.9 weight 37.2.10 egress set 37.2.11 qos priority 37.2.12 name 37.2.13 speed-duplex 37.2.14 test 37.3 Interface no Command Examples 37.3.1 no bandwidth-limit IEEE 802.1Q Tagged VLAN Page Page Page Page Page Page Page Multicast VLAN Registration Page Troubleshooting 40.1 Problems Starting Up the Switch 40.2 Problems Accessing the Switch 40.2.1 Pop-upWindows, JavaScripts and Java Permissions 40.2.1.1 Internet Explorer Pop-upBlockers 2Select Settings…to open the Pop-upBlocker Settings screen Allowed sites 40.2.1.2JavaScripts Custom Level Scripting Active scripting Scripting of Java applets 40.2.1.3 Java Permissions Advanced 2make sure that Use Java 2 for <applet> under Java (Sun) is selected 40.3 Problems with the Password Page Page Page Page Page Introduction to IP Addresses IP Address Classes and Hosts IP Address Classes and Network ID Subnet Masks Subnetting Example: Two Subnets Example: Four Subnets Example Eight Subnets Subnetting With Class A and Class B Networks Page Symbols Numerics Index