D-Link DES-3528 Product Manual - Page 214

X Global Settings, Host-based Network Access Control

Get D-Link DES-3528 - xStack Switch - Stackable PDF manuals and user guides
UPC - 790069314346
View all D-Link DES-3528 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 214 highlights

xStack® DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch Web UI Reference Guide Host-based Network Access Control In order to successfully make use of 802.1X in a shared media LAN segment, it would be necessary to create "logical" Ports, one for each attached device that required access to the LAN. The Switch would regard the single physical Port connecting it to the shared media segment as consisting of a number of distinct logical Ports, each logical Port being independently controlled from the point of view of EAPOL exchanges and authorization state. The Switch learns each attached devices' individual MAC addresses, and effectively creates a logical Port that the attached device can then use to communicate with the LAN via the Switch. Ethernet Switch RADIUS Server 802.1X 802.1X 802.1X Client Client Client 802.1X 802.1X 802.1X Client Client Client 802.1X 802.1X 802.1X Client Client Client ... 802.1X 802.1X 802.1X Client Client Client Network access controlled port Network access uncontrolled port Figure 8-8 Example of Typical Host-based Configuration 802.1X Global Settings Users can configure the 802.1X global parameter. To view this window, click Security > 802.1X > 802.1X Global Settings, as shown below: Figure 8-9 802.1X Global Settings window The fields that can be configured are described below: Parameter Description Authentication State Choose the 802.1X authenticator state. Authentication Protocol Choose the authenticator protocol, Local or RADIUS EAP. Forward EAPOL PDU This is a global setting to control the forwarding of EAPOL PDU. When 802.1X functionality is disabled globally or for a port, and if 802.1X forward PDU is enabled both globally and for the port, a received EAPOL packet on the port will be flooded in the same VLAN to those ports for which 802.1X forward PDU is enabled and 802.1X is disabled (globally or just for the port). The default state is disabled. Max Users (1-448) Specifies the maximum number of users. The limit on the maximum users is 448 users. RADIUS Authorization This option is used to enable or disable acceptation of authorized configuration. When the authorization is enabled for 802.1X's RADIUS, the authorized data assigned by the RADIUS server will be accepted if the global authorization network is enabled. Click the Apply button to accept the changes made. 205

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312
  • 313
  • 314
  • 315
  • 316
  • 317
  • 318
  • 319
  • 320
  • 321
  • 322
  • 323
  • 324
  • 325
  • 326
  • 327
  • 328
  • 329
  • 330
  • 331
  • 332
  • 333
  • 334
  • 335
  • 336
  • 337
  • 338
  • 339
  • 340
  • 341
  • 342
  • 343
  • 344
  • 345
  • 346
  • 347
  • 348
  • 349
  • 350
  • 351
  • 352
  • 353
  • 354
  • 355
  • 356
  • 357
  • 358
  • 359
  • 360
  • 361
  • 362
  • 363
  • 364
  • 365
  • 366
  • 367
xStack® DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch Web UI Reference Guide
Host-based Network Access Control
In order to successfully make use of 802.1X in a
shared media LAN segment, it would be necessary to
create “logical” Ports, one for each attached device
that required access to the LAN. The Switch would
regard the single physical Port connecting it to the
shared media segment as consisting of a number of
distinct logical Ports, each logical Port being
independently controlled from the point of view of
EAPOL exchanges and authorization state. The Switch
learns each attached devices’ individual MAC
addresses, and effectively creates a logical Port that
the attached device can then use to communicate with
the LAN via the Switch.
802.1X
Client
Network access controlled port
Network access uncontrolled port
RADIUS
Server
Ethernet Switch
802.1X
Client
802.1X
Client
802.1X
Client
802.1X
Client
802.1X
Client
802.1X
Client
802.1X
Client
802.1X
Client
802.1X
Client
802.1X
Client
802.1X
Client
Figure 8-8 Example of Typical Host-based Configuration
802.1X Global Settings
Users can configure the 802.1X global parameter.
To view this window, click
Security > 802.1X > 802.1X Global Settings
, as shown below:
Figure 8-9 802.1X Global Settings window
The fields that can be configured are described below:
Parameter
Description
Authentication State
Choose the 802.1X authenticator state.
Authentication Protocol
Choose the authenticator protocol,
Local
or
RADIUS EAP
.
Forward EAPOL PDU
This is a global setting to control the forwarding of EAPOL PDU. When 802.1X
functionality is disabled globally or for a port, and if 802.1X forward PDU is enabled
both globally and for the port, a received EAPOL packet on the port will be flooded in
the same VLAN to those ports for which 802.1X forward PDU is enabled and 802.1X is
disabled (globally or just for the port). The default state is disabled.
Max Users (1-448)
Specifies the maximum number of users. The limit on the maximum users is
448
users.
RADIUS Authorization
This option is used to enable or disable acceptation of authorized configuration. When
the authorization is enabled for 802.1X’s RADIUS, the authorized data assigned by the
RADIUS server will be accepted if the global authorization network is enabled.
Click the
Apply
button to accept the changes made.
205