ZyXEL Communications MSAP2000 Port Authentication

106

MSAP2000 AAMS User’s Guide

C HAPTER 14

Port Authentication

This chapter describes the 802.1x authentication method and RADIUS server

connection setup.

14.1 Introduction to Authentication

IEEE 802.1X is an extended authentication protocol1 that allows support of

RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) for

centralized user profile management on a network RADIUS server.

14.1.1 RADIUS

RADIUS (Remote Authentication Dial-In User Service) authentication is a

popular protocol used to authenticate users by means of an external server

instead of (or in addition to) an internal device user database that is limited to the

memory capacity of the device. In essence, RADIUS authentication allows you to

validate an unlimited number of users from a central location.

Figure 48 RADIUS Server

14.1.2 Introduction to Local User Database

By storing user profiles locally on the MSAP2000 AAMS, your MSAP2000 AAMS

is able to authenticate users without interacting.

14.2 Port Authentication Configuration

Click Advanced Application and Port Authentication in the navigation panel to

display the screen as shown.

1. Not all Windows operating systems su pport IEEE 802.1X (see the Microsoft web site for

details). For other operating systems, see its documentation. If your operatin g system does

not support IEEE 802.1X, then you may need to install IEEE 802.1X client software.

Contents

Main MSAP2000 MSAP2000 AAMS Users Guide V2.5 MSAP2000 Multi-Service Access Platform Copyright Disclaimer Trademark Warnings FCC Statement Page Customer Support Page Page Page Page Page Page Page Page Page Page Preface User Guide Feedback A firmware version includes the model code and release number as shown in the following example. Firmware Version: V3.50(ABA.0) C HAPTER 1 Getting to Know Your MSAP2000 AAMS Page Page 1.3.2 Curbside Application C HAPTER 2 Hardware Specification The figure shows the front panel of the MSAP2000 AAMS. 2.1.1 Front Access Ports POTS LINE FXS 2.1.2 Front Panel LEDs Page 2.1.5 Hardware specification Web Configurator Introduction This is the web configurator's Home screen. Page C HAPTER 4 Initial Configuration in the next screen. 15 Click Config Save and Config Save. This table lists major default settings. 40 MSAP2000 AAMS Users Guide Table 5 Default Settings C HAPTER 5 H Statistics Screens This chapter describes the Home (status) and Port Statistics screens. The following table describes the labels in this screen. 5.2.1 Ethernet Port Statistics Page 44 MSAP2000 AAMS Users Guide Table 7 Ethernet Port Statistics (continued) 45 5.2.2 ADSL Port Statistics Page Page C HAPTER 6 B Page 50 MSAP2000 AAMS Users Guide Table 9 System Information (continued) 6.3 General Setup Click Basic Setting and General Setup in the navigation panel to display the screen as shown. Page Page Click Basic Setting and then Switch Setup in the navigation panel to display the screen as shown. The following table describes the labels in this screen. 54 MSAP2000 AAMS Users Guide Note: Standalone mode is recommended for network topologies that use loops. Note: Daisychain mode is recommended for network topologies that do not use loops. Page Page C HAPTER 7 ADSL Port Setup 7.2 Downstream and Upstream Click Basic Setting and then xDSL Port Setup in the navigation panel to open the following screen. 60 MSAP2000 AAMS Users Guide Table 15 xDSL Port Setup 62 MSAP2000 AAMS Users Guide The following table describes the fields in this screen. 7.8 Virtual Channels Page Use this screen to view and configure a port's channel (PVC) settings. The following table describes the fields in this screen. Page Page Page Page 69 MSAP2000 AAMS Users Guide Table 18 Port Profile (continued) Page 7.14 Alarm Profile Screen Page 76 MSAP2000 AAMS Users Guide Table 20 Alarm Profile (continued) 7.15 IGMP Filter Profile Screen The following table describes the fields in this screen. 7.16 Line Rate Information 79 MSAP2000 AAMS Users Guide Table 22 Line Rate Information The following table describes the fields in this screen. 7.17.1 Line Data The bit allocation contents are only valid when the link is up. Page C HAPTER 8 VLAN 86 MSAP2000 AAMS Users Guide 8.3.1.1 GARP Timers 8.3.2 GVRP Please refer to the following table for common IEEE 802.1Q VLAN terminology. Table 25 IEEE 802.1Q VLAN Terminology Click Advanced Application and then VLAN to display the VLAN Status screen as shown next. The following table describes the labels in this screen. The following table describes the labels in this screen. 8.6 VLAN Port Setting Page Page C HAPTER 9 IGMP Snooping 93 MSAP2000 AAMS Users Guide Table 29 IGMP Snooping C HAPTER 10 Static Multicast This chapter describes the Static Multicast screen. The following table describes the related labels in this screen. 95 MSAP2000 AAMS Users Guide Table 30 Static Multicast (continued) C HAPTER 11 Packet Filtering This chapter describes how to configure the Packet Filter screen. The following table describes the labels in this screen. 97 MSAP2000 AAMS Users Guide Table 31 Packet Filter (continued) MAC Filter This chapter introduces the MAC filter. Page C HAPTER 13 Spanning Tree Protocol (Spanning Tree Protocol) Page 13.2 STP Status The following table describes the labels in this screen. 103 MSAP2000 AAMS Users Guide Table 35 Spanning Tree Protocol: Status (continued) 13.2.1 Configure STP Click STP Config to display the Spanning Tree Protocol Configuration screen as shown next. The following table describes the labels in this screen. Page C HAPTER 14 Port Authentication Page 14.2.1 IEEE 802.1x Configuration 109 MSAP2000 AAMS Users Guide Table 38 Port Authentication: 802.1x C HAPTER 15 Port Security This chapter shows you how to set up port security. 111 MSAP2000 AAMS Users Guide Table 39 Port Security C HAPTER 16 DHCP Relay Page C HAPTER 17 Syslog This chapter explains how to set the syslog parameters. The syslog feature sends logs to an external syslog server. The following table describes the labels in this screen. Access Control 18.2 Access Control Overview Page Page 18.3.3 ZyXEL Private MIB SNMP Traps 18.3.4 Configuring SNMP The following table describes the labels in this screen. 18.3.5 Setting Up the Administrator Login Account password ("1234"). The following table describes the labels in this screen. 18.3.6 Service Access Control Configuration The following table describes the labels in this screen. 18.3.7 Secured Client Configuration The following table describes the labels in this screen. C HAPTER 19 Routing Protocol This chapter shows you how to configure the static routing function. The following table describes the related labels you use to create a static route. The following table describes the labels in the summary table. C HAPTER 20 Maintenance Page Page C HAPTER 21 Diagnostic This chapter explains the Diagnostic screen. The following table describes the labels in this screen. Note: Wait at least one minute after using Set LDM Port before using Get LDM Data. The following table lists and describes the system log messages. 133 MSAP2000 AAMS Users Guide 21.3 Line Diagnostics Test Parameters Table 55 Line Diagnostics Test Parameters Page C HAPTER 22 MAC Table Click Management in the navigation panel and then MAC Table to display the following screen. The following table describes the labels in this screen. C HAPTER 23 ARP Table Page C HAPTER 24 Commands Overview The following table lists commands that you can use with the MSAP2000 AAMS. Page Page Page Page Page Page Page Page Page Page Page Page C HAPTER 25 Sys Commands The following table lists the sys commands you can use with the MSAP2000 AAMS. Page 25.2 Sys Command Examples These are the commonly used commands that belong to the sys (system ) group of commands. Syntax: Page Page Page Page This command displays the systems current date. An example is shown next. 25.2.15 Date Set Command Syntax: This command sets the systems date. An example is shown next. 25.2.17 Time Server Set Command Syntax: 25.2.19 Log Clear Command Syntax: This command clears the system error log. Syntax: This command displays the hardware monitors statistics. where where Page C HAPTER 26 ADSL Commands The following table lists the adsl commands you can use with the MSAP2000 AAMS. Page Page Page Page These are the commonly used commands that belong to the ADSL group of commands. Syntax: where ports <*> or a list of ADSL ports <1,3,5>. You can also include a range of ports <1,5,6~10>. The following example displays information on ADSL port 5. Page Page Page 26.3.13 ADSL Alarm Profile Commands Configure alarm profiles to set alarm settings and thresholds for the ADSL ports. Syntax: Displays the settings of the specified alarm profile (or al l of them if you do not specify one). 26.3.15 Alarm Profile Set Command Page Page 26.4 Virtual Channel Profile Commands Page 26.5 PVC Channels Page C HAPTER 27 Switch Commands This chapter describes how to configure some of the The following table lists the switch commands you can use with the MSAP2000 AAMS. Page Page Page Page Page 27.2.4 IGMP Filter Profile Delete Command Syntax: where This command removes an IGMP filter profile. The following example removes the voice IGMP filter profile. 27.2.5 IGMP Filter Profile Show Command Syntax: where The following example displays the voice IGMP filter profiles settings. 27.3 DHCP Relay Overview Use these commands to configure the DHCP relay feature. Syntax: where 27.5 DHCP Relay Option 82 (Agent Information) Page Commands Page Page 27.9 VLAN Enable This command shows information about the specified ports VLAN settings. The following example shows the settings for all VIDs. 27.11 MAC Filter Commands Syntax: where ports <*> or a list of ADSL ports <1,3,5>. You can also include a range of ports <1,5,6~10>. Syntax: where ports <*> or a list of ADSL ports <1,3,5>. You can also include a range of ports <1,5,6~10>. The following example turns on the MAC filtering feature on ADSL port 5. 27.11.3 MAC Filter Disable Command Syntax: Page 27.12 MAC Count Commands Page 27.13 Packet Filter Commands Page Protocol is used when sending packets to a specific group of hosts. packets. This command sets the packet type filter for the specified ADSL port(s). The following example sets ADSL port 9 to reject ARP, PPPoE and IGMP packets. C HAPTER 28 IP Commands The following table lists the ip commands you can use with the MSAP2000 AAMS. Page Page 28.4.6 ARP Show Command Syntax: An example is shown next. 28.4.7 ARP Flush Command Syntax: Statistics Commands This chapter describes the statistics commands. The following table lists the statistics commands you can use with the MSAP2000 AAMS. Syntax: An example is shown next. 29.3 Statistics Port Command Syntax: Page 29.4.3 Statistics ADSL Lineinfo Command Page Syntax: where <*> or a list of ADSL ports <1,3,5>. You can also include a range of ports <1,5,6~10>. want to display performance statistics. 0 is the current 15 minutes. An example is shown next. The following table explains these counters. These counters are also used in the alarm profiles (see Section 27.3.13 on page 208). Syntax: where <*> or a list of ADSL ports <1,3,5>. You can also include a range of ports <1,5,6~10>. This command displays line performance statistics for the current and previous 24 hours. See Table 65 on page 259 for details about these counters. Syntax: This command shows the statistics for the CPU IP traffic. An example is shown next. Config Commands This chapter describes the config commands. The following table lists the config commands you can use with the MSAP2000 AAMS. Syntax: An example is shown next. Page C HAPTER 31 Firmware and Configuration File Overview Quit FTP. file correspond to the commands documented in this Users Guide. You can upload the configuration file by following the steps below. Use an FTP client to connect to the MSAP2000 AAMS. Page C HAPTER 32 Troubleshooting 32.2 The ALM LED Is On 242 MSAP2000 AAMS Users Guide 32.4 There Is No Voice on an ADSL Connection Table 71 ADSL Voice Troubleshooting 32.5 Local Server The SYNC-rate is not the same as the configured rate. 32.7 Configured Settings The configured settings do not take effect. 32.8 Password The SNMP manager server cannot get information from the MSAP2000 AAMS. 32.11 Switch Lockout upload on your terminal. Transfer, then Send File to display the following screen.