Port Authentication, Radius | ZyXEL Communications MSAP2000 instruction

MSAP2000 AAMS User’s Guide

CHAPTER 14

Port Authentication

This chapter describes the 802.1x authentication method and RADIUS server connection setup.

14.1 Introduction to Authentication

IEEE 802.1X is an extended authentication protocol1 that allows support of RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) for centralized user profile management on a network RADIUS server.

14.1.1 RADIUS

RADIUS (Remote Authentication Dial-In User Service) authentication is a popular protocol used to authenticate users by means of an external server instead of (or in addition to) an internal device user database that is limited to the memory capacity of the device. In essence, RADIUS authentication allows you to validate an unlimited number of users from a central location.

Figure 48 RADIUS Server

14.1.2Introduction to Local User Database

By storing user profiles locally on the MSAP2000 AAMS, your MSAP2000 AAMS is able to authenticate users without interacting.

14.2 Port Authentication Configuration

Click Advanced Application and Port Authentication in the navigation panel to display the screen as shown.

1.Not all Windows operating systems support IEEE 802.1X (see the Microsoft web site for details). For other operating systems, see its documentation. If your operating system does not support IEEE 802.1X, then you may need to install IEEE 802.1X client software.

106

Image 106

ZyXEL Communications MSAP2000 manual Introduction to Authentication, Port Authentication Configuration, Radius

Contents

MSAP2000 Disclaimer CopyrightTrademark FCC Warning CE Mark Warning Interference Statements and WarningsFCC Statement Registration Safety Warnings ZyXEL Limited Warranty Customer Support Table of Contents 12.1 CH a P T E R 114 137 190 27.2.2 218 237 Page Syntax Conventions About This Users GuideRelated Documentation ZyXEL Web Site Firmware Naming Conventions Graphics Icons KeyUser Guide Feedback MSAP2000 Aams Introduction RJ-45 connectorsGetting to Know Your System Description Console Port thru UI menu from MSAP2000 MPM IP Protocols Adsl Compliance Ieee 802.1p Priority Ieee 802.1x Port-based AuthenticationMAC Media Access Control Count Filter Multiple PVC and ATM QoS Applications MTU Application Curbside Application MTU Application Hardware Specification Front Panel Front Access Ports Green ：Normal Working Front Panel LEDsLED Status Description LED status and description Default Ethernet Settings Console Port via MSAP2000 MPM Dimension Hardware specificationMSAP2000 Aams Specification Hardware Interface Standard Accessing the Web Configurator Web Configurator IntroductionWeb Configurator Overview Password This is the web configurators Home screen Home Screen Web Configurator Screens Navigation Panel Sub-links Overview MSAP2000 Aams User’s Guide Web Configurator Screens Changing Your Password Saving Your ConfigurationLogging Out of the Web Configurator Initial Configuration Overview Initial ConfigurationInitial Configuration Under Basic Setting, click xDSL Port Setup Click VC Setup Deleting a PVC Select Ports Click Config Save and Config Save Default Settings Default SettingsThis table lists major default settings VID Defval MSAP2000 Aams User’s Guide Default SettingsVPI VCI UBR PCR Home and Port Statistics Screens Overview Home and Port Statistics ScreensScreen as shown next Following table describes the labels in this screen Ethernet Port StatisticsEnet Ethernet Port Statistics MSAP2000 Aams User’s Guide Ethernet Port Statistics Adsl Port Statistics Adsl Port Statistics MSAP2000 Aams User’s Guide Adsl Port Statistics VPI/VCI Basic Setting Screens Overview Basic Setting ScreensSystem Information System Information MAX General SetupMSAP2000 Aams User’s Guide System Information MIN General Setup MSAP2000 Aams User’s Guide General Setup Igmp Snooping Switch Setup Screen Switch Setup MSAP2000 Aams User’s Guide Switch Setup IP Setup Enet Port Setup Enet Port Setup Following table describes the fields in this screen Downstream and Upstream Adsl Port SetupAdsl Standards Overview Profiles Configured Versus Actual Rate Interleave DelayFast Mode XDSL Port Setup XDSL Port Setting screen XDSL Port Setting MSAP2000 Aams User’s Guide XDSL Port Setup PMM Virtual ChannelsSRA VC Mux Super Channel2 LLC Virtual Channel Profile VC Setup Screen VPI MSAP2000 Aams User’s Guide VC Setup Want to change other settings, add a new PVC withDesired settings. Then you can delete any unwanted PVCs Pvid MSAP2000 Aams User’s Guide VC Setup Port Profile Screen Port Profile MSAP2000 Aams User’s Guide Port Profile ATM Traffic Classes ATM QoSTraffic Shaping Constant Bit Rate CBR Peak Cell Rate PCR Traffic ParametersUnspecified Bit Rate UBR Sustained Cell Rate SCR Burst Tolerance BT Cell Delay Variation Tolerance CdvtVC Profile Screen Theoretical Arrival Time TAT AAL VC ProfileSCR Alarm Profile Screen MSAP2000 Aams User’s Guide VC Profile ATU-C ATU-R MSAP2000 Aams User’s Guide Alarm Profile Igmp Filter Profile Screen Igmp Filter Profile Line Rate Information MSAP2000 Aams User’s Guide Igmp Filter Profile Counters. Line Data Line Performance Line Performance Line Data MSAP2000 Aams User’s Guide Line Performance Line Data Following table describes the fields in this screen Introduction to VLANs This chapter shows you how to configure 802.1Q tagged VLANsIntroduction to Ieee 802.1Q Tagged Vlan Garp Automatic Vlan RegistrationForwarding Tagged and Untagged Frames Tpid Gvrp Garp TimersVlan Status Ieee 802.1Q Vlan Terminology Vlan Status Static Vlan Setting Static Vlan Setting MSAP2000 Aams User’s Guide Static Vlan Setting Vlan Port SettingVlan ID Vlan Port Setting Gvrp MSAP2000 Aams User’s Guide Vlan Port Setting 118 Igmp Snooping Screen Igmp SnoopingThis chapter describes the Igmp Snooping screen ENET2 Static Multicast Screen Static MulticastStatic Multicast Filter This chapter describes the Static Multicast screen MSAP2000 Aams User’s Guide Static Multicast Packet Filter Configuration Packet Filtering MSAP2000 Aams User’s Guide Packet Filter MAC Filter Introduction MAC Filter ConfigurationMAC Filter This chapter introduces the MAC filter MAC Filter MAC Spanning Tree Protocol STP Path Costs STP Root Ports and Designated Ports Rstp Port States STP Status MSAP2000 Aams User’s Guide Rstp Port States Forwarding Delay MSAP2000 Aams User’s Guide Spanning Tree Protocol Status MSAP2000 Aams in standalone mode with a Configure STPNetwork topology that has loops 105 Port Authentication Configuration Port AuthenticationIntroduction to Authentication Radius Port Authentication Radius MSAP2000 Aams User’s Guide Port Authentication Radius Ieee 802.1x Configuration802.1x link to display the screen as shown 109 Port Security Port Security SetupThis chapter shows you how to set up port security About Port Security 111 Dhcp Relay Dhcp Relay SetupThis chapter shows you how to set up Dhcp relay Dhcp Relay Overview Dhcp Relay Dhcp Relay Syslog feature sends logs to an external syslog server Syslog SetupThis chapter explains how to set the syslog parameters Syslog Access Control Overview Access ControlAbout Access Control This chapter describes how to configure access control About Snmp Snmp Management Model RFC-1215 Snmp Traps Snmp CommandsSupported MIBs RFC-1215 Snmp Traps MSAP2000 Aams User’s Guide RFC-1215 Snmp Traps ZyXEL Private MIB Snmp Traps Configuring SnmpZyXEL Private MIB Snmp Traps Setting Up the Administrator Login Account Access Control Logins Service Access Control Configuration Access Control Service Access Control Secured Client Configuration Icmp Routing Protocol Static Route Following table describes the labels in the summary table MSAP2000 Aams User’s Guide Static Routing Firmware Upgrade MaintenanceMaintenance This chapter explains how to use the maintenance screens Restore a Text Configuration File Backing Up a Configuration File Load Factory Defaults Reboot System Command Line FTP Confirm Restart Diagnostic DiagnosticThis chapter explains the Diagnostic screen Before using Get LDM Data Log Format Log Messages Following table lists and describes the system log messages Valuevoltage mV MSAP2000 Aams User’s Guide Log MessagesNominalnominal mV Voltage released Line Diagnostics Test Parameters Line Diagnostics Test Parameters QLN MSAP2000 Aams User’s Guide Line Diagnostics Test ParametersSNR Introduction to MAC Table MAC TableThis chapter introduces the MAC Table screen Viewing the MAC Table MAC Table Viewing the ARP Table ARP TableIntroduction to ARP Table How ARP Works ARP Table Commands Overview Command Line Interface Saving Your Configuration Commands Summary Enable MSAP2000 Aams User’s Guide CommandsDisable Index Set Index start ip Disable Portlist Msec0disableEnable Portlist Monitor Show Map Portlist Set ProfileFast Glitegdmtt14 Show Portlist Alarmprofi lePvc Vpi vci Set Portlist Showmap Port number Annexl Enable PortlistSra Enable Portlist Showport Port Garptimer Show Pmm Enable PortlistSwitch Igmpsnoop Show Igmpfilter Set Port Option82 Enable Fwdelay Fwdelay secEnet1enet2 Disable Name Enable Vid Sec0disabled Count Show Disable VidEnabledisable Portlist Disable Pppoeiparpnetbiosdhc EtbiosdhcpeapPppoeonly portlist command Peapoligmpnone command Port port Password Delete nameName Enable Portlist Secret secret Netmask Netmask Gateway ip Metric name DefaultArp Show Gateway Gateway ip Vlan Vlanlist Config Show SysswadslRestore Port Portlist Sys Commands Summary Sys CommandsSys Commands Telnetftp MSAP2000 Aams User’s Guide Sys CommandsEnd ip 0100~1200 Set Msec0disable Sys Command ExamplesInfo Show Command Syntax Password Command Snmp Overview Set Community Command Snmp CommandsGet Community Command Trusted Host Set Command Trap Destination Set Command Server Show CommandTrap Community Command Show Snmp Settings Command Server Port Command Client Show Command Syslog Show Command Client Set CommandSyslog Server Command Time Set Command Syslog Enable CommandTime Show Command Date Show Command Time Server Show Command Date Set CommandTime Server Set Command Log Show Command Monitor Vlimit Command Log Clear CommandMonitor Show Command This command clears the system error log Monitor Tlimit Command Monitor Tlimit Command Example Adsl Commands Adsl CommandsAdsl Commands Summary Down max margin Down min rate Vpi vci Super vid = 4094 Priority Vcprofile Delete Portlist MSAP2000 Aams User’s Guide Adsl CommandsDelete Profile Linediag Setld Port number Vbrnrt-vbr Pcr cdvt Scr bt Delete LoopbackVbrrt Vpi vci Super vid = 4094 Priority Vcprofile Delete 172 = You can specify a single Adsl port 1, all Adsl Adsl Command ExamplesAdsl Show Command Include a range of ports 1,5,6~10 This command forcibly enables the specified Adsl ports Adsl Enable CommandAdsl Disable Command This command forcibly disables the specified Adsl ports Adsl Profile Show Command Adsl Profile Set Command Up max margin MarginRas adsl profile set gold fast 800 8000 5 0 30 64 5 0 30 Adsl Profile Delete Command Adsl Profile Map Command Adsl Tel Command Adsl Name CommandDescriptive name for the port Adsl Loopback Command Line Diagnostics Set Command Line Diagnostics Get Command = The name of an alarm profile Adsl Alarm Profile CommandsAlarm Profile Show Command QLN SNR Following example displays the default alarm profile Defval Alarm Profile Set CommandATU-C ATU-R Permitted to occur within 15 minutes Alarm Profile Delete CommandNumber of Severely Errored Seconds that are Number of UnAvailable Seconds that are = The number of an Adsl port Alarm Profile Map CommandAlarm Profile Showmap Command Portlist Profile Set Virtual Channel Profile Command Virtual Channel Profile CommandsShow Virtual Channel Profile Command = The name of the virtual channel profile up to 31 Ascii = Peak Cell Rate 0 to 300000 or *, the maximum rate = Cell Delay Variation Tolerance is the acceptedDelay and the expected transfer delay number Tolerance of the difference between a cell’s transfer PVC Channels Delete Virtual Channel Profile CommandPVC Show Command = The name of the virtual channel profile up to Ports or all of the Adsl ports if you do not specify any PVC Set CommandVPI and VCI of an individual PVC Portlist Vpi Vci Super vid = 1..4094 priority Vcprofile PVC Delete Command Portlist Vpi vci Switch Commands Switch Commands27.1 Switch Commands Summary Profile Set name MSAP2000 Aams User’s Guide Switch Commands 192 Peapoligmpnonecommand Mac mac Delete port Ospf Igmp Filter Show Command Igmp Filter CommandsIgmp Filter Set Command Igmp Filter Profile Set Command = The name of an Igmp filter profile or all Igmp Filter Profile Delete CommandIgmp Filter Profile Show Command Igmp filter profiles Use these commands to configure the Dhcp relay feature Dhcp Relay CommandsDhcp Relay Server Set Command MSAP2000 Aams User’s Guide Igmp Filter Show Command Example Dhcp Relay Show Command Dhcp Relay Enable CommandDhcp Relay Disable Command Option 82 Enable Command Ieee 802.1Q Tagged Vlan Overview Option 82 Disable CommandOption 82 Set Command Filtering Databases Garp Timer Join Command Ieee VLAN1Q Tagged Vlan Configuration CommandsGarp Timer Show Command Static Entries Svlan Table Garp Timer Leave Command Garp Timer Leaveall Command Vlan Port Show Command Vlan Pvid Command Vlan Set Command Modify a Static Vlan Table Example Forwarding Process Example Or a list of DSL ports 1,3 . You can also Vlan Frame Type Command= You can specify a single DSL port 1, all DSL ports Include a range of DSL ports 1,5,6~10 Vlan CPU Set Command Vlan CPU Show CommandConfiguring Management Vlan Example = This is the priority value 0 to 7 to use for incoming Vlan Priority CommandVlan Delete Command Frames with an Ieee 802.1Q Vlan tag Vlan Disable Vlan EnableVlan Show Command Ffffffffffff MAC Filter CommandsMAC Filter Show Command Fxxxxxxxxxxx MAC Filter Enable Command MAC Filter Disable Command Number of an Adsl port MAC Filter Set CommandMAC Filter Delete Command Source MAC address in 00a0c5123456 format MAC Count Show Command MAC Count CommandsMAC Count Enable Command MAC Count Disable Command MAC Count Set Command Packet Filter Commands Packet Filter Show Command Packet Filter Set Command Packet Filter Set Command Example IP Settings and Default Gateway IP CommandsIP Commands Introduction New ip address Netmask IP Commands IP Commands SummaryNetmask Gateway ip Metric name MSAP2000 Aams User’s Guide IP Commands Ping Command General IP CommandsShow Command Route Set Command Route Delete Command Route Show Command ARP Show Command ARP Flush Command Statistics Commands Statistics CommandsStatistics Commands Summary Statistics Monitor MSAP2000 Aams User’s Guide Statistics Commands Statistics Monitor CommandStatistics Port Command Statistics Monitor Command Example = This field shows the number of unicast packets Use clearto have the MSAP2000 Aams setSpecified ports or PVC’s counters back to zero Transmitted on this port Statistics Adsl Linedata Command Statistics Adsl CommandsStatistics Adsl Show Command Use these commands to display Adsl port statistics Statistics Adsl Lineinfo Command Linedata Command Example Lineinfo Command Example Adsl Lineperf Command Lineperf Command Example Want to display performance statistics is Adsl 15 Minute Performance Command= Specify for which 15-minute interval 0~96 you Current 15 minutes Following table explains these counters Sesl Adsl 1 Day Performance CommandUasl Statistics IP Command See on page 259 for details about these counters Config show Command Example Config CommandsConfig Commands Summary Config Commands Config Show Command Example Ftp get config-0 config.txt Firmware and Configuration File MaintenanceFirmware and Configuration File Maintenance Overview Filename Conventions Enter the management password 1234 by default Editable Configuration FileEditable Configuration File Backup Enter the User name just press Enter Quit FTP Edit Configuration FileEditable Configuration File Upload Ftp quit Firmware File Upgrade Password Logged Ftp put xxx.dat config-0 ALM LED Troubleshooting TroubleshootingSYS LED Troubleshooting SYS or PWR LED Does Not Turn On DSL Data Transmission DSL Data Transmission TroubleshootingAdsl Voice Troubleshooting There Is No Voice on an Adsl Connection Local Server Troubleshooting MSAP2000 Aams User’s Guide Testing In-house WiringLocal Server Data Rate Configured SettingsPassword Snmp Telnet Troubleshooting Switch LockoutResetting the Defaults Telnet MSAP2000 Aams restarts Resetting the Defaults Via CLI CommandResetting the Defaults Via Boot Commands Type y at the question Do you want to proceedy/n? Recovering the Firmware Example Xmodem Upload 248