Guest Vlan | ZyXEL Communications MES-2110 specs

Chapter 10 802.1x

authentication request to a RADIUS server. The RADIUS server validates whether this client is allowed access to the port.

Figure 31 IEEE 802.1x Authentication Process

1

New Connection

2

Login Info Request

3

		4
Login Credentials		4

Authentication Request

5

Authentication Reply

Session Granted/Denied

10.1.2 Guest VLAN

When 802.1x port authentication is enabled on the MES-2110, clients that do not have the correct credentials are blocked from using the port(s). You can configure your MES-2110 to have one Guest VLAN. Traffic coming from the Guest VLAN are directed to the Guest network and can have access to unrestricted areas of the network, such as the Internet. The rights granted to the Guest VLAN depends on how the network administrator configures switches or routers with the Guest network feature.

Note: Use the MES-2110 to assign the Guest VLAN to a port. This assignment should corresponds to the network’s Guest VLAN. The Guest network is not configurable in this MES-2110.

To enable port authentication, first activate the port authentication method (both on the MES-2110 and the port(s)) then configure the RADIUS server settings in the Radius Server Configuration screen (Section 10.4 on page 81).

78

MES-2110 User’s Guide

Image 78

ZyXEL Communications MES-2110 manual Guest Vlan, Ieee 802.1x Authentication Process

Contents

MES-2110 Page About This Users Guide Intended Audience Customer Support Document Conventions Syntax Conventions Firewall MES-2110 Computer ServerDslam Telephone Router Safety Warnings Safety Warnings MES-2110 User’s Guide Contents Overview Contents Overview MES-2110 User’s Guide Table of Contents Chapter System Details 10.1 Igmp 137 Chapter Command Line Interface 179 Index 229 Table of Contents MES-2110 User’s Guide Introduction OverviewBackbone Application Bridging Example Backbone Application High Performance Switching Example Ieee 802.1Q Vlan Application Examples Shared Server Using Vlan Example Metro Ethernet Ways to Manage the MES-2110 Metro Ethernet Good Habits for Managing the MES-2110 Hardware Installation and Connection Installation ScenariosDesktop Installation Procedure Rack-mounted Installation Requirements Mounting the MES-2110 on a Rack Attaching the Mounting Brackets to the MES-2110 Attaching the Mounting Brackets Mounting the MES-2110 on a Rack Mounting the MES-2110 on a Rack Hardware Overview Front Panel Front Panel Connections Console PortGigabit Ethernet Ports Label Description Default Ethernet Negotiation Settings Mini-GBIC Slots Transceiver Installation Power Connections Overview Removing the Fiber Optic Cables AC Power Connection DC Power Connection LED Descriptions Powering on the MES-2110LEDs LED Color Statu Description Green Blinking Mbps Ethernet network Tutorials Igmp Snooping Radius Configuration Set Igmp Query Mode to Auto Tutorials Tutorials MVR Tutorial Values MVR ConfigurationSetting Value Based802.1q before proceeding Open the Configuration Igmp Menu MVR screen Tutorials For Pri-Overide, select Enable Vlan ID Priority Untrusted ARP Inspection Set Action to Enable and Dhcp Snooping Vlan Mode to All-VLAN Outgoing Traffic Bandwidth Frame Tagging Frame Tagging Example To configure frame tagging Tutorials MES-2110 User’s Guide Web Configurator System LoginIntroduction Web Configurator Login Web Configurator Main Screen Main Screen System Details Configuration Mgmt Config System Restart Menu Navigation Panel Sub-links Overview Snmp Web Configurator Screen Sub-links DetailsSystem Details Configuration Mgmt Config Restart Menu Sntp Navigation Panel Links Link DescriptionDhcp ARP Saving Your Configuration Set Up the Administrative PasswordMade on the MES-2110 and restart the MES-2110 Switch Lockout Resetting the MES-2110Reload the Configuration File Resetting the MES-2110 Via the Console Port System Details System Information Screen Board Information Screen IP address from a Dhcp server if Dhcp client is enabled Dhcp Configuration ScreenAddress, subnet mask and a default gateway IP address Undo Click this to restore your last saved settings Apply System Details Dhcp Config Apply Configuration Port Configuration Screen Truncated in some Web Configurator screens Auto Port Status Screen Duplex This indicates the port’s duplex mode Half or FullDisabled Manage the MES-2110 via that port Rmon Status Screen This shows whether auto-negotiation is On or Off RX+TX Configuration Rmon Status Switch in Loop State Loop Detection Loop Detection Screen Loop detection Probe Frame Enabled, the MES-2110 sends probe frames from this port to Snmp traps when it shuts down a port via the loop detectionFeature Down this port Loop Detection MES-2110 User’s Guide Jumbo Frame Configuration Screen Jumbo FrameFrame Size Jumbo Frame MES-2110 User’s Guide Ieee 802.1x Authentication 802.1x Ieee 802.1x Authentication Process Guest Vlan 10.2 802.1x Global Configuration Screen Server UDP 10.3 802.1x Radius Server Configuration ScreenMES-2110. The key is not sent over the network Port Number 1812 Server 10.4 802.1x Port Configuration Screen Before configuring it on each port Reauthenticat Guest Vlan 10.5 802.1x Radius Server Configuration Screen Clients for port access Supported Radius Attributes Technical ReferenceRadius and TACACS+ Radius vs. TACACS+ Attributes Used for Authentication Attributes Used for Authenticating Privilege Access Radius Attributes Exec Events via Console Attribute Start INTERIM-UPDATE StopAttributes Used for Accounting Radius Attributes Exec Events via Telnet/SSH Attributes Used for Accounting Ieee 802.1x Events Radius Attributes-Exec Events via 802.1x MES-2110 User’s Guide STP Path Costs BridgeSTP Terminology Link Recommended Allowed Speed Value Range How STP Works Path 16Mbps 40 to Cost 100Mbps 10 to 1Gbps 10Gbps STP Port States Bridge Configuration ScreenSTP Port States Port Description State You select Rstp 802.1W in the Ring Protocol field Rstp System Configuration ScreenAre done configuring Tunnel port receives Bridge Protocol Data Units Bpdu Root Bridge Information Same priority, the switch with the lowest MAC address willDetermines Hello Time, Max Age and Forwarding Delay List box Selected from among the MES-2110 ports attached to Allowed range is 4 to 30 secondsAs a general rule Network. The allowed range is 6 to 40 seconds Spanning Tree Port Configuration 255 and the default value isCost 1~65535 Enter the port’s path cost P2P User Priority Introduction to Ieee 802.1Q Tagged VLANsTpid CFI Vlan ID Vlan Term Description Parameter Forwarding Tagged and Untagged FramesIeee 802.1Q Vlan Terminology Vlan Vlan Type Screen Port-Based Vlan ScreenVlan Type Use this to set the MES-2110 to Port-Based or Tag 100 Port-Based Vlan ConfigurationThen you cannot access the web configurator from a computer Connected to this port Vlan Stacking Example Tag-Based Vlan ScreensVlan Stacking 101 Vlan Stacking Port Roles 102 Vlan Tag Format Vlan Tag Format103 Type Priority Single and Double Tagged 802.11Q Frame Format Frame Format104 802.1Q Frame Vlan Stacking Configuration Screen 105SP Tpid 106 Spvid Tag-Based Port Information Screen 107Pvid 108 Tag-Based Port Configuration ScreenEnter the Vlan ID from 1-4094 that you want to configure Select whether you want to Add or Modify a Vlan ID Management Vlan Screen 109 Unless your current access belongs to the new Vlan 110Management Vlan This is the current management Vlan Bandwidth Control Setup Bandwidth Control111 112 Broadcast Storm Control Setup Broadcast Storm Control113 Storm Control Configuration 114Storm Control Status Port Mirroring Setup Port Mirroring115 Volatile memory when you are done configuring 116Select the monitor port number from the list Link Aggregation Dynamic Link Aggregation117 Static Trunking Example Link Aggregation ID Local SwitchLink Aggregation ID Peer Switch Link Aggregation ID Link Aggregation Setting 119 Link Aggregation Control Protocol 120Lacp Lacp Link Status 121MAC 122 IP Multicast Addresses Igmp Snooping123 Igmp Configuration Igmp Snooping and VLANs124 125 Igmp Vlan Igmp Vlan Query Mode 126 Igmp Status MVR Overview127 Types of MVR Ports MVR ModesHow MVR Works 128 General MVR Configuration 129 Disable to turn this feature off 130Select Dynamic to send Igmp reports to all MVR source ports MVR Group Configuration 131 Drop-down list box Group Configuration132 MVR Group Status MVR Configuration Example 133 134 MVR Group Configuration Example 135 136 137 Dhcp Relay ConfigurationDhcp Relay Agent Information Relay Agent Information Bytes This is the Vlan that the port belongs to Dhcp Relay Configuration138 To a Dhcp server 139 Option82 Information 140 IP Source Guard 141 Dhcp Snooping Overview 142 Dhcp Snooping Configuration 143 144 Dhcp requests will not succeed Mode VLANs or specific VLANs to Dhcp servers Dhcp Snooping Dhcp Binding Table145 146 Ddhhmm Configuring ARP Inspection ARP Inspection Screen147 148 Addresses permanently 149 150 MAC 151 MAC Table Status Screen 152 Lock MAC Address Learning Screen Undo Click this to load your last saved settings ApplyMES-2110 or static manually configured 153 Port This is the port number Lock MAC Filter Configuration Screen154 To activate MAC address learning on the port 155 156 MAC Limit Configuration ScreenAddresses may access port 2 at any one time. a sixth device Aged out. MAC address aging out time can be set in the MAC QoS Base Configuration Screen QoS157 Configuring the Base Configuration Screen 158 159 802.1p Priority Table 160 161 Tag Priority TableIP Dscp Priority Table Number This is the Ieee 802.1p priority level Priority Configuration QoS Menu IP Dscp Priority 162 Priority Override Configuration Screen 163 164 Mgmt Config and System Restart Menu Serial Port Configuration Screen165 Snmp Configuration Screens 166 Snmp Communities Screen Snmp CommandsCommand Description IP Trap Manager Screen Sntp Screen 168Traps to 169 Alarms and Logs 170 171 Syslog User Password User Configuration ScreenCharacters using characters found on a standard keyboard 172 Cable Test Screen 173PHY RX/TX Host DoS Protection 174Test Port Abnormal Traffic Detection Screen 175Fields below Upgrading the Firmware 176 Managing the Configuration File 177 Restarting the System 178 Console Port Management Command Line InterfaceSetting Default Value Logging Saving Changes Using Shortcuts and Getting HelpCommand / Keys Description 180 Basic Commands Command ModesExit Command Logging Out Basic Commands 182 Privileged Command Mode Privileged Commands183 184 185 Make while using the MES-2110Command line interface Permanently save any changes you 186 Configuration ModeConfiguration Mode Commands Ancillary Trigger Description 187 188 189 190 191 Address over Telnet 192 Igmp Snooping Example 193 Radius Configuration Example 194 This command to work MVR ModeMVR-Configuration Mode Commands 195 MVR Command Example 196 Vlan Mode Vlan Mode Commands197 Interface Mode Vlan ID Priority Example198 Interface Mode Commands 199 200 201 Bytes 1522 bytes + 4 bytes for 202Port, the port must allow frames Second tag to pass through it Outgoing Traffic Bandwidth Limit Example Sets the service provider Vlan ID of the current PortsUntrusted ARP Inspection Example 203 Frame Tagging Examples 204 205 206 Troubleshooting Power, Hardware Connections, and LEDs207 MES-2110 Access and Login 208 209 Advanced Suggestions 210 Pop-up Windows, JavaScript and Java Permissions MES-2110 Configuration and Console 211 My changes in the Web Configurator keep getting overwritten 212 213 214 Specification Description Product SpecificationsHardware Specifications 215 Firmware Specifications Feature Description216 217 218 Standards SupportedStandard Description Installing a Fuse Removing a Fuse219 220 Common Services 221 Commonly Used Services 222Name Protocol Ports Description 223 224 Copyright Certifications225 226 FCC Warning CE Mark Warning ZyXEL Limited Warranty 227 228 Index 229 230 231 MVR 127 configurationPassword 58 path cost 89, 93 port authentication TACACS+ Weighted round robin scheduling 232