Manuals / Brands / Computer Equipment / Switch / ZyXEL Communications / Computer Equipment / Switch

ZyXEL Communications GS-4012F/4024 Port Authentication, 16.1 Overview, 16.2 Configuring Port Authentication, 16.1.1 RADIUS

1 326

Download 326 pages, 6.98 Mb

GS-4012F/4024 User’s Guide

CHAPTER 16

Port Authentication

This chapter describes the 802.1x authentication method and RADIUS server connection setup.

16.1 Overview

IEEE 802.1x is an extended authentication protocol2 that allows support of RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) for centralized user profile and accounting management on a network RADIUS server.

16.1.1 RADIUS

RADIUS (Remote Authentication Dial-In User Service) authentication is a popular protocol used to authenticate users by means of an external server instead of (or in addition to) an internal device user database that is limited to the memory capacity of the device. In essence, RADIUS authentication allows you to validate an unlimited number of users from a central location.

Figure 49 RADIUS Server

16.2 Configuring Port Authentication

For network security, enable port authentication to check the identity of the user before access to the network is allowed. The switch authenticates users against the remote RADIUS server you specify.

To enable port authentication:

•activate IEEE802.1x security (both on the switch and the port(s))

•configure the RADIUS server settings.

2.At the time of writing, only Windows XP of the Microsoft operating systems supports it. See the Microsoft web site for information on other Windows operating system support. For other operating systems, see its documentation. If your operating system does not support 802.1x, then you may need to install 802.1x client software.

Chapter 16 Port Authentication

116

Contents

User’s Guide Copyright Disclaimer Interference Statements and Warnings FCC Statement FCC Warning CE Mark Warning: Taiwanese BSMI (Bureau of Standards, Metrology and Inspection) A Warning: Certifications Registration Safety Warnings ZyXEL Limited Warranty Note Customer Support Page Table of Contents The Web Configurator Basic Setting Page Page Page RIP OSPF IP Multicast Differentiated Services Page Page Page Chapter Appendix A Appendix B Page List of Figures Page Page Page Page Page List of Tables Page Page Page Preface About This User's Guide Related Documentation Syntax Conventions Graphics Icons Key User Guide Feedback Getting to Know Your Switch 1.1 Introduction 1.2 Software Features IP Routing Domain DHCP VLAN VLAN Stacking Differentiated Services (DiffServ) Classifier and Policy Queuing IGMP IGMP Snooping IP Multicast Multicast VLAN Registration (MVR) RIP 1.3Hardware Features Mini-GBICSlots Gigabit Ethernet Ports Management Port Console Port 1.4 Applications 1.4.1 Backbone Application 1.4.2 Bridging Example 1.4.3 High Performance Switching Example 1.4.4 IEEE 802.1Q VLAN Application Examples 1.4.4.1 Tag-basedVLAN Example 1.4.4.2 VLAN Shared Server Example Hardware Installation and Connection 2.1 Freestanding Installation 2.2 Mounting the Switch on a Rack 2.2.1Rack-mountedInstallation Requirements 2.2.1.1Precautions 2.2.2Attaching the Mounting Brackets to the Switch 2.2.3Mounting the Switch on a Rack Page Page Hardware Overview 3.1 Front Panel Connection 3.1.1 Console Port 3.1.2 Gigabit Ethernet Ports 3.1.2.1 Default Ethernet Settings 3.1.3SFP Slots 3.1.3.1 Transceiver Installation 3.1.3.2 Transceiver Removal 3.2 Rear Panel 3.2.1 Power Connector 3.2.2 External Backup Power Supply Connector 3.3 Front Panel LEDs Page The Web Configurator 4.1 Introduction 4.2 System Login 4.3The Status Screen Page Page Page 4.3.1 Change Your Password 4.4 Switch Lockout 4.5 Resetting the Switch 4.5.1 Reload the Configuration File 4.6 Logging Out of the Web Configurator 4.7 Help Page Initial Setup Example 5.1 Overview 5.1.1Configuring an IP Interface 5.1.2Configuring DHCP Server Settings 5.1.3 Creating a VLAN 5.1.4Setting Port VID 5.1.5Enabling RIP Page System Status and Port Statistics 6.1 Overview 6.2 Port Status Summary 6.2.1 Port Details Page Page Page Page Basic Setting 7.1 Overview 7.2 System Information Page 7.3 General Setup Page 7.4 Introduction to VLANs 7.5 IGMP Snooping 7.6 Switch Setup Screen Page 7.7 IP Setup 7.7.1 IP Interfaces Figure 31 IP Setup Table 11 IP Setup 7.8 Port Setup Figure 32 Port Setup Page VLAN 8.1 Introduction to IEEE 802.1Q Tagged VLANs 8.1.1 Forwarding Tagged and Untagged Frames 8.2 Automatic VLAN Registration 8.2.1 GARP 8.2.1.1 GARP Timers 8.2.2 GVRP 8.3 Port VLAN Trunking 8.4 Select the VLAN Type 8.5 Static VLAN 8.5.1 Static VLAN Status 8.5.2 Configure a Static VLAN Page 8.5.3 Configure VLAN Port Settings 8.6 Port-basedVLANs 8.6.1 Configure a Port-basedVLAN Page Page Static MAC Forward Setup 9.1 Overview 9.2 Configuring Static MAC Forwarding Page Filtering 10.1 Overview 10.2 Configure a Filtering Rule Page Spanning Tree Protocol 11.1 STP/RSTP Overview 11.1.1 STP Terminology 11.1.2 How STP Works 11.1.3 STP Port States 11.2 STP Status Page 11.2.1 Configure STP Page Page Bandwidth Control 12.1 Introduction to Bandwidth Control 12.1.1 CIR and PIR 12.2 Bandwidth Control Setup Page Broadcast Storm Control 13.1 Overview 13.2 Broadcast Storm Control Setup Page Mirroring 14.1 Overview 14.2 Port Mirroring Configuration Page Link Aggregation 15.1 Overview 15.1.1 Dynamic Link Aggregation 15.1.2 Link Aggregation ID 15.2 Link Aggregation Status 15.3 Link Aggregation Setup Page Page Page Port Authentication 16.1 Overview 16.1.1 RADIUS 16.2 Configuring Port Authentication 16.2.1 Activating IEEE 802.1x Security 16.2.2 Configuring RADIUS Server Settings Page Port Security 17.1 Overview 17.2 Port Security Setup Page Classifier 18.1 Overview 18.2Configuring the Classifier Figure 54 Classifier Page 18.3 Viewing and Editing Classifier Configuration 18.4 Classifier Example Page Policy Rule 19.1 Overview 19.1.1 DiffServ 19.1.2 DSCP and Per-HopBehavior 19.2 Configuring Policy Rules Advanced Applications Policy Rule Table 38 Policy 19.3 Viewing and Editing Policy Configuration 19.4 Policy Example Page Queuing Method 20.1 Overview 20.1.1 Strict Priority Queuing (SPQ) 20.1.2 Weighted Round Robin Scheduling (WRR) 20.2 Configuring Queuing Page Page VLAN Stacking 21.1 Introduction 21.1.1 VLAN Stacking Example 21.2 VLAN Stacking Port Roles 21.3 VLAN Tag Format 21.3.1 Frame Format 21.4 Configuring VLAN Stacking Port Setup Page Multicast 22.1 Overview 22.1.1 IP Multicast Addresses 22.1.2 IGMP Filtering 22.1.3 IGMP Snooping 22.2 Multicast Status 22.2.1 Multicast Setting Page 22.2.2 IGMP Filtering Profile 22.3 MVR Overview 22.3.1 Types of MVR Ports 22.3.2 MVR Modes 22.3.3 How MVR Works 22.4 General MVR Configuration 22.5 MVR Group Configuration Page 22.5.1 MVR Configuration Example Page Page Static Route 23.1 Configuring Page RIP 24.1 Overview 24.2 Configuring Figure 75 RIP OSPF 25.1 Overview 25.1.1 OSPF Autonomous Systems and Areas 25.1.2 How OSPF Works 25.1.3 Interfaces and Virtual Links 25.1.4 Configuring OSPF 25.2 OSPF Status 25.3 Enabling OSPF and General Settings Page 25.4 Configuring OSPF Areas 25.4.1 Viewing OSPF Area Information Table 25.5 Configuring OSPF Interfaces 25.6 OSPF Virtual Links Page Page Page IGMP 26.1 Overview 26.2 Configuring Page DVMRP 27.1 Overview 27.2 How DVMRP Works 27.2.1 DVMRP Terminology 27.3 Configuring DVMRP 27.3.1 DVMRP Configuration Error Messages 27.4 Default DVMRP Timer Values IP Multicast 28.1 Overview 28.2 Configuring Page Differentiated Services 29.1 Overview 29.1.1 DSCP and Per-HopBehavior 29.1.2 DiffServ Network Example 29.2 Activating DiffServ 29.3 DSCP-to-IEEE802.1pPriority Mapping 29.3.1 Configuring DSCP Settings Page DHCP 30.1 Overview 30.1.1 DHCP modes 30.2DHCP Server Status 30.3 Configuring DHCP Server Page 30.3.1 DHCP Server Configuration Example 30.4 DHCP Relay 30.4.1 DHCP Relay Agent Information 30.4.2Configuring DHCP Relay 30.4.3 DHCP Relay Configuration Example VRRP 31.1 Overview 31.2 Viewing VRRP Status 31.3 Configuring VRRP 31.3.1 IP Interface Setup 31.3.2 VRRP Parameters 31.3.2.1 Advertisement Interval 31.3.2.2 Priority 31.3.2.3 Preempt Mode 31.3.3 Configuring VRRP Parameters 31.4 VRRP Configuration Summary 31.5 VRRP Configuration Examples 31.5.1 One Subnet Network Example Page 31.5.2 Two Subnets Example Page Page Maintenance 32.1 The Maintenance Screen 32.2 Firmware Upgrade 32.3 Restore a Configuration File 32.4 Backing Up a Configuration File 32.5Load Factory Defaults 32.6Reboot System 32.7FTP Command Line 32.7.1 Filename Conventions 32.7.1.1 Example FTP Commands 32.7.2 FTP Command Line Procedure 32.7.3GUI-basedFTP Clients 32.7.4 FTP Restrictions Access Control 33.1Overview 33.2 The Access Control Main Screen 33.3 About SNMP 33.3.1 Supported MIBs 33.3.2SNMP Traps 33.3.3 Configuring SNMP 33.3.4 Setting Up Login Accounts Logins 33.4 SSH Overview 33.5 How SSH works 33.6SSH Implementation on the Switch 33.6.1 Requirements for Using SSH 33.7 Introduction to HTTPS 33.8 HTTPS Example 33.8.1 Internet Explorer Warning Messages 33.8.2 Netscape Navigator Warning Messages 33.8.3 The Main Screen Page 33.9 Service Port Access Control 33.10 Remote Management Page Page Diagnostic 34.1 Diagnostic Page Cluster Management 35.1 Overview 35.2 Cluster Management Status 35.2.1 Cluster Member Switch Management 35.2.1.1 Uploading Firmware to a Cluster Member Switch 35.3 Configuring Cluster Management Page Page MAC Table 36.1 Overview 36.2 Viewing the MAC Table IP Table 37.1 Overview 37.2 Viewing the IP Table ARP Table 38.1 Overview 38.1.1 How ARP Works 38.2 Viewing the ARP Table Figure 149 ARP Table Table 91 ARP Table Routing Table 39.1 Overview 39.2 Viewing the Routing Table Page Introducing the Commands 40.1 Overview 40.1.1 Switch Configuration File 40.2 Accessing the CLI 40.2.1Access Priority 40.2.2The Console Port 40.2.2.1Initial Screen 40.2.3 Telnet 40.3The Login Screen 40.4 Command Syntax Conventions 40.5 Getting Help 40.5.1List of Available Commands 40.5.2 Detailed Command Information 40.6 Command Modes 40.7 Using Command History 40.8 Saving Your Configuration 40.8.1 Logging Out 40.9 Command Summary 40.9.1 User Mode 40.9.2 Enable Mode Page Page Page 40.9.3 General Configuration Mode Page Page Page Page Page Page Page Page Page Page Page Page Page 40.9.4 interface port-channelCommands Page Page 40.9.5 interface route-domainCommands 40.9.6 config-vlanCommands 40.10 mvr Commands Page Command Examples 41.1 Overview 41.2 show Commands 41.2.1 show system-information 41.2.2 show hardware-monitor 41.2.3 show ip 41.2.4 show logging 41.2.5 show interface 41.2.6 show mac address-table 41.3 ping 41.4 traceroute 41.5 Enabling RSTP 41.6 Configuration File Maintenance 41.6.1 Configuration Backup 41.6.2 Configuration Restoration 41.6.3 Using a Different Configuration File 41.6.4 Resetting to the Factory Default 41.7 no Command Examples 41.7.1 no mirror-port 41.7.2 no https timeout 41.7.3 no trunk 41.7.4 no port-access-authenticator 41.7.5 no ssh 41.8 interface Commands 41.8.1 interface port-channel 41.8.2 interface route-domain 41.8.3 bpdu-control 41.8.4 broadcast-limit 41.8.5 bandwidth-limit 41.8.6 mirror 41.8.7 gvrp 41.8.8 ingress-check 41.8.9 frame-type 41.8.10 spq 41.8.11 wrr 41.8.12 egress set 41.8.13 qos priority 41.8.14 name 41.8.15 speed-duplex Page IEEE 802.1Q Tagged VLAN Commands 42.1 IEEE 802.1Q Tagged VLAN Overview 42.2 VLAN Databases 42.2.1 Static Entries (SVLAN Table) 42.3 Configuring Tagged VLAN 42.4 Global VLAN1Q Tagged VLAN Configuration Commands 42.4.1 GARP Status 42.4.2 GARP Timer 42.4.3 GVRP Timer 42.4.4 Enable GVRP 42.4.5 Disable GVRP 42.5 Port VLAN Commands 42.5.1 Set Port VID 42.5.2 Set Acceptable Frame Type 42.5.3 Enable or Disable Port GVRP 42.5.4 Modify Static VLAN 42.5.4.1Modify a Static VLAN Table Example 42.5.4.2 Forwarding Process Example Tagged Frames 42.5.5Delete VLAN ID 42.6 Enable VLAN 42.7 Disable VLAN 42.8 Show VLAN Setting Page Page Troubleshooting 43.1 Problems Starting Up the Switch 43.2 Problems Accessing the Switch 43.2.1 Pop-upWindows, JavaScripts and Java Permissions 43.2.1.1 Internet Explorer Pop-upBlockers 2Select Settings…to open the Pop-upBlocker Settings screen Allowed sites 43.2.1.2JavaScripts Custom Level Scripting Active scripting Enable Scripting of Java applets 43.2.1.3 Java Permissions Advanced 2make sure that Use Java 2 for <applet> under Java (Sun) is selected 43.3 Problems with the Password Page Product Specifications Page Page Page IP Subnetting IP Addressing IP Classes Subnet Masks Subnetting Example: Two Subnets Page Example: Four Subnets Example Eight Subnets Subnetting With Class A and Class B Networks Page Symbols Numerics Index