Home » TP-Link Manuals » Hubs & Switches » TP-Link T1500-28PCT » Manual Viewer

TP-Link T1500-28PCT T1500-28PCTTL-SL2428PUN V3 User Guide - Page 559

Adding RADIUS Server, Follow these steps to add RADIUS server on the switch

View all TP-Link T1500-28PCT manuals

Add to My Manuals
Save this manual to your list of manuals

Page 559 highlights

Configuring AAA AAA Configuration trying to access the switch, and the others act as backup servers in case the first one breaks down. ■■ Adding RADIUS Server Follow these steps to add RADIUS server on the switch: Step 1 configure Enter global configuration mode. Step 2 radius-server host ip-address [ auth-port port-id ] [ acct-port port-id ] [ timeout time ] [ retransmit number ] [ nas-id nas-id ] key { [ 0 ] string | 7 encrypted-string } Add the RADIUS server and configure the related parameters as needed. host ip-address: Enter the IP address of the server running the RADIUS protocol. auth-port port-id: Specify the UDP destination port on the RADIUS server for authentication requests. The default setting is 1812. acct-port port-id: Specify the UDP destination port on the RADIUS server for accounting requests. The default setting is 1813. Usually, it is used in the 802.1X feature. timeout time: Specify the time interval that the switch waits for the server to reply before resending. The valid values are from 1 to 9 seconds and the default setting is 5 seconds. retransmit number: Specify the number of times a request is resent to the server if the server does not respond. The valid values are from 1 to 3 and the default setting is 2. nas-id nas-id: Specify the name of the NAS (Network Access Server) to be contained in RADIUS packets for identification. It ranges from 1 to 31 characters. The default value is the MAC address of the switch. Generally, the NAS indicates the switch itself. key { [ 0 ] string | 7 encrypted-string }: Specify the shared key. 0 and 7 represent the encryption type. 0 indicates that an unencrypted key will follow. 7 indicates that a symmetric encrypted key with a fixed length will follow. By default, the encryption type is 0. string is the shared key for the switch and the server, which contains 32 characters at most. encrypted-string is a symmetric encrypted key with a fixed length, which you can copy from the configuration file of another switch. The key or encrypted-key you configure here will be displayed in the encrypted form. Step 3 show radius-server Verify the configuration of RADIUS server. Step 4 end Return to privileged EXEC mode. Step 5 copy running-config startup-config Save the settings in the configuration file. The following example shows how to add a RADIUS server on the switch. Set the IP address of the server as 192.168.0.10, the authentication port as 1812, the shared key as 123456, the timeout as 8 seconds and the retransmit number as 3. Switch#configure User Guide 536

Section	Page
About This Guide	24
Intended Readers	24
Conventions	24
More Information	25
Accessing the Switch	26
Determine the Management Method	27
Web Interface Access	28
Login	28
Save Config Function	29
Disable the Web Server	30
Change the Switch's IP Address and Default Gateway	30
Command Line Interface Access	32
Console Login (only for switch with console port)	32
Telnet Login	34
SSH Login	35
Disable Telnet Login	39
Disable SSH Login	40
Copy running-config startup-config	40
Change the Switch's IP Address and Default Gateway	41
Managing System	42
System	43
Overview	43
Supported Features	43
System Info Configurations	45
Using the GUI	45
Viewing the System Summary	45
Configuring the Device Description	49
Configuring the System Time	50
Configuring the Daylight Saving Time	51
Configuring LED (Only for Certain Devices)	52
Configuring the System IP	53
Configuring the System IPv6	54
Using the CLI	56
Viewing the System Summary	56
Configuring the Device Description	57
Configuring the System Time	59
Configuring the Daylight Saving Time	61
Configuring LED (Only for Certain Devices)	63
Configuring the System IP	63
Configuring System IPv6 Parameters	64
User Management Configurations	67
Using the GUI	67
Creating Accounts	67
Configuring Enable Password	68
Using the CLI	69
Creating Accounts	69
Configuring Enable Password	71
System Tools Configurations	73
Using the GUI	73
Configuring the Boot File	73
Restoring the Configuration of the Switch	75
Backing up the Configuration File	75
Upgrading the Firmware	76
Rebooting the switch	77
Reseting the Switch	78
Using the CLI	78
Configuring the Boot File	78
Restoring the Configuration of the Switch	80
Backing up the Configuration File	80
Upgrading the Firmware	81
Rebooting the Switch	81
Reseting the Switch	83
EEE Configuration	84
Using the CLI	84
PoE Configurations (Only for Certain Devices)	86
Using the GUI	87
Configuring the PoE Parameters Manually	87
Configuring the PoE Parameters Using the Profile	90
Using the CLI	93
Configuring the PoE Parameters Manually	93
Configuring the PoE Parameters Using the Profile	95
SDM Template Configuration	98
Using the GUI	98
Using the CLI	99
Time Range Configuration	101
Using the GUI	101
Adding Time Range Entries	101
Configuring Holiday	103
Using the CLI	104
Adding Time Range Entries	104
Configuring Holiday	105
Example for PoE Configurations	107
Network Requirements	107
Configuring Scheme	107
Using the GUI	107
Using the CLI	110
Appendix: Default Parameters	111
Managing Physical Interfaces	114
Physical Interface	115
Overview	115
Supported Features	115
Basic Parameters Configurations	116
Using the GUI	116
Using the CLI	117
Port Isolation Configurations	120
Using the GUI	120
Using the CLI	121
Loopback Detection Configuration	123
Using the GUI	123
Using the CLI	125
Configuration Examples	127
Example for Port Isolation	127
Network Requirements	127
Configuration Scheme	127
Using the GUI	127
Using the CLI	129
Example for Loopback Detection	130
Network Requirements	130
Configuration Scheme	130
Using the GUI	131
Using the CLI	132
Appendix: Default Parameters	133
Configuring LAG	134
LAG	135
Overview	135
Supported Features	135
LAG Configuration	136
Using the GUI	137
Configuring Load-balancing Algorithm	137
Configuring Static LAG or LACP	138
Using the CLI	140
Configuring Load-balancing Algorithm	140
Configuring Static LAG or LACP	141
Configuration Example	145
Network Requirements	145
Configuration Scheme	145
Using the GUI	146
Using the CLI	147
Appendix: Default Parameters	149
Managing MAC Address Table	150
MAC Address Table	151
Overview	151
Supported Features	151
MAC Address Configurations	152
Using the GUI	152
Adding Static MAC Address Entries	152
Modifying the Aging Time of Dynamic Address Entries	154
Adding MAC Filtering Address Entries	155
Viewing Address Table Entries	155
Using the CLI	156
Adding Static MAC Address Entries	156
Modifying the Aging Time of Dynamic Address Entries	157
Adding MAC Filtering Address Entries	158
Appendix: Default Parameters	160
Configuring 802.1Q VLAN	161
Overview	162
802.1Q VLAN Configuration	163
Using the GUI	164
Configuring the VLAN	164
Configuring the Port Parameters for 802.1Q VLAN	165
Using the CLI	166
Creating a VLAN	166
Adding the Port to the Specified VLAN	167
Configuring the Port	168
Configuration Example	170
Network Requirements	170
Configuration Scheme	170
Network Topology	171
Using the GUI	171
Using the CLI	174
Appendix: Default Parameters	177
Configuring MAC VLAN	178
Overview	179
MAC VLAN Configuration	180
Using the GUI	180
Configuring 802.1Q VLAN	180
Binding the MAC Address to the VLAN	180
Enabling MAC VLAN for the Port	181
Using the CLI	182
Configuring 802.1Q VLAN	182
Binding the MAC Address to the VLAN	182
Enabling MAC VLAN for the Port	183
Configuration Example	184
Network Requirements	184
Configuration Scheme	184
Using the GUI	185
Using the CLI	190
Appendix: Default Parameters	194
Configuring Protocol VLAN	195
Overview	196
Protocol VLAN Configuration	197
Using the GUI	197
Configuring 802.1Q VLAN	197
Creating Protocol Template	198
Configuring Protocol VLAN	199
Using the CLI	200
Configuring 802.1Q VLAN	200
Creating a Protocol Template	200
Configuring Protocol VLAN	201
Configuration Example	204
Network Requirements	204
Configuration Scheme	204
Using the GUI	206
Using the CLI	211
Appendix: Default Parameters	216
Configuring GVRP	217
Overview	218
GVRP Configuration	219
Using the GUI	220
Using the CLI	221
Configuration Example	224
Network Requirements	224
Configuration Scheme	224
Using the GUI	225
Using the CLI	229
Appendix: Default Parameters	233
Configuring Layer 2 Multicast	234
Layer 2 Multicast	235
Overview	235
Supported Features	237
IGMP Snooping Configuration	238
Using the GUI	238
Configuring IGMP Snooping Globally	238
Configuring IGMP Snooping for VLANs	239
Configuring IGMP Snooping for Ports	243
Configuring Hosts to Statically Join a Group	243
Using the CLI	244
Configuring IGMP Snooping Globally	244
Configuring IGMP Snooping for VLANs	246
Configuring IGMP Snooping for Ports	251
Configuring Hosts to Statically Join a Group	252
MLD Snooping Configuration	254
Using the GUI	254
Configuring MLD Snooping Globally	254
Configuring MLD Snooping for VLANs	255
Configuring MLD Snooping for Ports	258
Configuring Hosts to Statically Join a Group	259
Using the CLI	259
Configuring MLD Snooping Globally	259
Configuring MLD Snooping for VLANs	260
Configuring MLD Snooping for Ports	265
Configuring Hosts to Statically Join a Group	266
MVR Configuration	268
Using the GUI	268
Configuring 802.1Q VLANs	268
Configuring MVR Globally	269
Adding Multicast Groups to MVR	270
Configuring MVR for the Port	271
(Optional) Adding Ports to MVR Groups Statically	272
Using the CLI	273
Configuring 802.1Q VLANs	273
Configuring MVR Globally	273
Configuring MVR for the Ports	275
Multicast Filtering Configuration	278
Using the GUI	278
Creating the Multicast Profile	278
Configure Multicast Filtering for Ports	280
Using the CLI	281
Creating the Multicast Profile	281
Binding the Profile to Ports	284
Viewing Multicast Snooping Information	288
Using the GUI	288
Viewing IPv4 Multicast Table	288
Viewing IPv4 Multicast Statistics on Each Port	289
Viewing IPv6 Multicast Table	290
Viewing IPv6 Multicast Statistics on Each Port	291
Using the CLI	292
Viewing IPv4 Multicast Snooping Information	292
Viewing IPv6 Multicast Snooping Configurations	292
Configuration Examples	293
Example for Configuring Basic IGMP Snooping	293
Network Requirements	293
Configuration Scheme	293
Using the GUI	294
Using the CLI	296
Example for Configuring MVR	298
Network Requirements	298
Network Topology	298
Configuration Scheme	299
Using the GUI	299
Using the CLI	302
Example for Configuring Unknown Multicast and Fast Leave	305
Network Requirement	305
Configuration Scheme	306
Using the GUI	306
Using the CLI	308
Example for Configuring Multicast Filtering	309
Network Requirements	309
Configuration Scheme	309
Network Topology	310
Using the GUI	310
Using the CLI	314
Appendix: Default Parameters	317
Default Parameters for IGMP Snooping	317
Default Parameters for MLD Snooping	318
Default Parameters for MVR	319
Default Parameters for Multicast Filtering	319
Configuring Spanning Tree	320
Spanning Tree	321
Overview	321
Basic Concepts	321
STP/RSTP Concepts	321
MSTP Concepts	325
STP Security	326
STP/RSTP Configurations	329
Using the GUI	329
Configuring STP/RSTP Parameters on Ports	329
Configuring STP/RSTP Globally	331
Verifying the STP/RSTP Configurations	333
Using the CLI	335
Configuring STP/RSTP Parameters on Ports	335
Configuring Global STP/RSTP Parameters	337
Enabling STP/RSTP Globally	339
MSTP Configurations	341
Using the GUI	341
Configuring Parameters on Ports in CIST	341
Configuring the MSTP Region	344
Configuring MSTP Globally	348
Verifying the MSTP Configurations	350
Using the CLI	351
Configuring Parameters on Ports in CIST	351
Configuring the MSTP Region	354
Configuring Global MSTP Parameters	357
Enabling Spanning Tree Globally	359
STP Security Configurations	361
Using the GUI	361
Using the CLI	362
Configuring the STP Security	362
Configuration Example for MSTP	365
Network Requirements	365
Configuration Scheme	365
Using the GUI	366
Using the CLI	373
Appendix: Default Parameters	380
Configuring LLDP	382
LLDP	383
Overview	383
Supported Features	383
LLDP Configurations	384
Using the GUI	384
Configuring LLDP Globally	384
Configuring LLDP For the Port	386
Using the CLI	387
Global Config	387
Port Config	389
LLDP-MED Configurations	392
Using the GUI	392
Configuring LLDP Globally	392
Configuring LLDP-MED Globally	392
Configuring LLDP-MED for Ports	393
Using the CLI	395
Global Config	395
Port Config	396
Viewing LLDP Settings	399
Using GUI	399
Viewing LLDP Device Info	399
Viewing LLDP Statistics	403
Using CLI	404
Viewing LLDP-MED Settings	405
Using GUI	405
Using CLI	408
Configuration Example	409
Network Requirements	409
Network Topology	409
Configuration Scheme	409
Using the GUI	409
Using CLI	410
Appendix: Default Parameters	417
Configuring DHCP Service	418
DHCP	419
Overview	419
Supported Features	419
DHCP Relay Configuration	423
Using the GUI	423
Enabling DHCP Relay and Configuring Option 82	423
Configuring DHCP VLAN Relay	425
Using the CLI	426
Enabling DHCP Relay	426
(Optional) Configuring Option 82	427
Configuring DHCP VLAN Relay	429
DHCP L2 Relay Configuration	431
Using the GUI	431
Enabling DHCP L2 Relay	431
Configuring Option 82 for Ports	432
Using the CLI	433
Enabling DHCP L2 Relay	433
Configuring Option 82 for Ports	434
Configuration Examples	437
Example for DHCP VLAN Relay	437
Network Requirements	437
Configuration Scheme	437
Using the GUI	438
Using the CLI	441
Example for Option 82 in DHCP Relay	443
Network Requirements	443
Configuration Scheme	444
Configuring the DHCP Relay Switch	445
Configuring the DHCP Server	448
Example for DHCP L2 Relay	449
Network Requirements	449
Configuration Scheme	450
Configuring the DHCP Relay Switch	451
Configuring the DHCP Server	453
Appendix: Default Parameters	456
Configuring QoS	458
QoS	459
Overview	459
Supported Features	459
Class of Service Configuration	461
Using the GUI	462
Configuring Port Priority	462
Configuring 802.1p Priority	464
Configuring DSCP Priority	466
Specifying the Scheduler Settings	469
Using CLI	470
Configuring Port Priority	470
Configuring 802.1p Priority	472
Configuring DSCP Priority	475
Specifying the Scheduler Settings	479
Bandwidth Control Configuration	482
Using the GUI	482
Configuring Rate Limit	482
Configuring Storm Control	483
Using the CLI	484
Configuring Rate Limit	484
Configuring Storm Control	485
Voice VLAN Configuration	488
Using the GUI	488
Configuring OUI Addresses	488
Configuring Voice VLAN Globally	489
Adding Ports to Voice VLAN	490
Using the CLI	491
Auto VoIP Configuration	494
Using the GUI	494
Using the CLI	495
Configuration Examples	499
Example for Class of Service	499
Network Requirements	499
Configuration Scheme	499
Using the GUI	500
Using the CLI	502
Example for Voice VLAN	504
Network Requirements	504
Configuration Scheme	505
Using the GUI	505
Using the CLI	509
Example for Auto VoIP	512
Network Requirements	512
Configuration Scheme	513
Using the GUI	513
Using the CLI	518
Appendix: Default Parameters	523
Configuring Access Security	527
Access Security	528
Overview	528
Supported Features	528
Access Security Configurations	529
Using the GUI	529
Configuring the Access Control Feature	529
Configuring the HTTP Function	532
Configuring the HTTPS Function	534
Configuring the SSH Feature	537
Configuring the Telnet Function	538
Using the CLI	539
Configuring the Access Control Feature	539
Configuring the HTTP Function	540
Configuring the HTTPS Function	542
Configuring the SSH Feature	545
Configuring the Telnet Function	547
Appendix: Default Parameters	548
Configuring AAA	550
Overview	551
AAA Configuration	552
Using the GUI	553
Adding Servers	553
Configuring Server Groups	555
Configuring the Method List	555
Configuring the AAA Application List	557
Configuring Login Account and Enable Password	557
Using the CLI	558
Adding Servers	558
Configuring Server Groups	561
Configuring the Method List	562
Configuring the AAA Application List	563
Configuring Login Account and Enable Password	566
Configuration Example	569
Network Requirements	569
Configuration Scheme	569
Using the GUI	570
Using the CLI	572
Appendix: Default Parameters	575
Configuring 802.1x	577
Overview	578
802.1x Configuration	579
Using the GUI	579
Configuring the RADIUS Server	579
Configuring 802.1x Globally	582
Configuring 802.1x on Ports	583
View the Authenticator State	585
Using the CLI	586
Configuring the RADIUS Server	586
Configuring 802.1x Globally	588
Configuring 802.1x on Ports	590
Viewing Authenticator State	592
Configuration Example	594
Network Requirements	594
Configuration Scheme	594
Network Topology	594
Using the GUI	595
Using the CLI	597

Match case Limit results 1 per page

User Guide

536

Configuring AAA

AAA Configuration

trying to access the switch, and the others act as backup servers in case the first one

breaks down.

■

Adding RADIUS Server

Follow these steps to add RADIUS server on the switch:

Step 1

configure

Enter global configuration mode.

Step 2

radius-server host

ip-address

[ auth-port

port-id

] [ acct-port

port-id

] [ timeout

time

] [

retransmit

number

] [ nas-id

nas-id

] key {

[ 0 ]

string

encrypted-string

}

Add the RADIUS server and configure the related parameters as needed.

host

ip-address

Enter the IP address of the server running the RADIUS protocol.

auth-port

port-id

Specify the UDP destination port on the RADIUS server for authentication

requests. The default setting is 1812.

acct-port

port-id:

Specify the UDP destination port on the RADIUS server for accounting

requests. The default setting is 1813. Usually, it is used in the 802.1X feature.

timeout

time

Specify the time interval that the switch waits for the server to reply before

resending. The valid values are from 1 to 9 seconds and the default setting is 5 seconds.

retransmit

number

Specify the number of times a request is resent to the server if the

server does not respond. The valid values are from 1 to 3 and the default setting is 2.

nas-id

Specify the name of the NAS (Network Access Server) to be contained in

RADIUS packets for identification. It ranges from 1 to 31 characters. The default value is the

MAC address of the switch. Generally, the NAS indicates the switch itself.

key {

[ 0 ]

string

encrypted-string

}

Specify the shared key. 0 and 7 represent the

encryption type. 0 indicates that an unencrypted key will follow. 7 indicates that a

symmetric encrypted key with a ﬁxed length will follow. By default, the encryption type is 0.

string

is the shared key for the switch and the server, which contains 32 characters at most.

encrypted-string

is a symmetric encrypted key with a ﬁxed length, which you can copy from

the configuration file of another switch. The key or encrypted-key you configure here will be

displayed in the encrypted form.

Step 3

show radius-server

Verify the configuration of RADIUS server.

Step 4

end

Return to privileged EXEC mode.

Step 5

copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to add a RADIUS server on the switch. Set the IP address

of the server as 192.168.0.10, the authentication port as 1812, the shared key as 123456,

the timeout as 8 seconds and the retransmit number as 3.

Switch#configure