Home » LevelOne Manuals » Hubs & Switches » LevelOne GSW-4876 » Manual Viewer

LevelOne GSW-4876 Manual - Page 89

Reauthentication Enabled, EAPOL Timeout, Aging Period

Add to My Manuals
Save this manual to your list of manuals

Page 89 highlights

CHAPTER 4 | Configuring the Switch Configuring Security these encryption methods in Windows 95 and 98, you can use the AEGIS dot1x client or other comparable client software.) MAC-based authentication allows for authentication of more than one user on the same port, and does not require the user to have special 802.1X software installed on his system. The switch uses the client's MAC address to authenticate against the backend server. However, note that intruders can create counterfeit MAC addresses, which makes MAC-based authentication less secure than 802.1X authentication. PATH Advanced Configuration, Security, Network, NAS USAGE GUIDELINES When 802.1X is enabled, you need to configure the parameters for the authentication process that runs between the client and the switch (i.e., authenticator), as well as the client identity lookup process that runs between the switch and authentication server. These parameters are described in this section. PARAMETERS These parameters are displayed: System Configuration ◆ Mode - Indicates if 802.1X and MAC-based authentication are globally enabled or disabled on the switch. If globally disabled, all ports are allowed to forward frames. ◆ Reauthentication Enabled - Sets clients to be re-authenticated after an interval specified by the Re-authentication Period. Re-authentication can be used to detect if a new device is plugged into a switch port. (Default: Disabled) For MAC-based ports, reauthentication is only useful if the RADIUS server configuration has changed. It does not involve communication between the switch and the client, and therefore does not imply that a client is still present on a port (see Age Period below). ◆ Reauthentication Period - Sets the time period after which a connected client must be re-authenticated. (Range: 1-3600 seconds; Default: 3600 seconds) ◆ EAPOL Timeout - Sets the time the switch waits for a supplicant response during an authentication session before retransmitting a Request Identify EAPOL packet. (Range: 1-255 seconds; Default: 30 seconds) ◆ Aging Period - The period used to calculate when to age out a client allowed access to the switch through Single 802.1X, Multi 802.1X, and MAC-based authentication as described below. (Range: 10-1000000 seconds; Default: 300 seconds) When the NAS module uses the Port Security module to secure MAC addresses, the Port Security module needs to check for activity on the - 89 -

Section	Page
GSW-4876 User Manual	1
About This Guide	5
Contents	7
Figures	13
Tables	19
Getting Started	21
Introduction	23
Key Features	23
Description of Software Features	24
System Defaults	28
Initial Switch Configuration	31
Web Configuration	33
Using the Web Interface	35
Navigating the Web Browser Interface	35
Home Page	35
Configuration Options	36
Panel Display	36
Main Menu	36
Configuring the Switch	45
Configuring System Information	45
Setting an IP Address	46
Setting an IPv4 Address	46
Setting an IPv6 Address	48
Configuring NTP Service	50
Configuring the Time Zone and Daylight Savings Time	51
Configuring Remote Log Messages	53
Configuring Power Reduction	55
Reducing Power to Idle Queue Circuits	55
Configuring Port Connections	56
Configuring Security	58
Configuring User Accounts	58
Configuring User Privilege Levels	60
Configuring The Authentication Method For Management Access	62
Configuring SSH	65
Configuring HTTPS	66
Filtering IP Addresses for Management Access	67
Using Simple Network Management Protocol	68
Configuring SNMP System and Trap Settings	69
Setting SNMPv3 Community Access Strings	73
Configuring SNMPv3 Users	74
Configuring SNMPv3 Groups	76
Configuring SNMPv3 Views	77
Configuring SNMPv3 Group Access Rights	78
Remote Monitoring	79
Configuring RMON Statistical Samples	79
Configuring RMON History Samples	80
Configuring RMON Alarms	81
Configuring RMON Events	83
Configuring Port Limit Controls	84
Configuring Authentication Through Network Access Servers	87
Filtering Traffic with Access Control Lists	98
Assigning ACL Policies and Responses	98
Configuring Rate Limiters	100
Configuring Access Control Lists	101
Configuring DHCP Snooping	108
Configuring DHCP Relay and Option 82 Information	111
Configuring IP Source Guard	112
Configuring Global and Port Settings for IP Source Guard	112
Configuring Static Bindings for IP Source Guard	114
Configuring ARP Inspection	116
Configuring Global and Port Settings for ARP Inspection	117
Configuring Static Bindings for ARP Inspection	118
Specifying Authentication Servers	119
Creating Trunk Groups	121
Configuring Static Trunks	122
Configuring LACP	124
Configuring the Spanning Tree Algorithm	126
Configuring Global Settings for STA	128
Configuring Multiple Spanning Trees	132
Configuring Spanning Tree Bridge Priorities	134
Configuring STP/RSTP/CIST Interfaces	135
Configuring MIST Interfaces	138
Multicast VLAN Registration	139
Configuring General MVR Settings	140
Configuring MVR Channel Settings	143
IGMP Snooping	144
Configuring Global and Port-Related Settings for IGMP Snooping	145
Configuring VLAN Settings for IGMP Snooping and Query	148
Configuring IGMP Filtering	150
MLD Snooping	151
Configuring Global and Port-Related Settings for MLD Snooping	151
Configuring VLAN Settings for MLD Snooping and Query	154
Configuring MLD Filtering	157
Link Layer Discovery Protocol	157
Configuring LLDP Timing and TLVs	158
Configuring LLDP- MED TLVs	161
Configuring the MAC Address Table	166
IEEE 802.1Q VLANs	168
Assigning Ports to VLANs	169
Configuring VLAN Attributes for Port Members	170
Using Port Isolation	173
Configuring MAC-based VLANs	173
Protocol VLANs	175
Configuring Protocol VLAN Groups	175
Mapping Protocol Groups to Ports	177
Configuring IP Subnet-based VLANs	178
Managing VoIP Traffic	179
Configuring VoIP Traffic	180
Configuring Telephony OUI	182
Quality of Service	183
Configuring Port Classification	184
Configuring Port Policiers	185
Configuring Egress Port Scheduler	186
Configuring Egress Port Shaper	188
Configuring Port Remarking Mode	189
Configuring Port DSCP Translation and Rewriting	192
Configuring DSCP- based QoS Ingress Classification	193
Configuring DSCP Translation	194
Configuring DSCP Classification	195
Configuring QoS Control Lists	196
Configuring Storm Control	200
Configuring Random Early Detection	201
Using Congestion Management	203
Configuring Local Port Mirroring	204
Configuring Remote Port Mirroring	205
Configuring UPnP	210
Configuring sFlow	211
Monitoring the Switch	215
Displaying Basic Information About the System	215
Displaying System Information	215
Displaying CPU Utilization	216
Displaying Log Messages	217
Displaying Log Details	219
Displaying Information About Ports	219
Displaying Port Status On the Front Panel	219
Displaying an Overview of Port Statistics	220
Displaying QoS Statistics	220
Displaying QCL Status	221
Displaying Detailed Port Statistics	222
Displaying Information About Security Settings	225
Displaying Access Management Statistics	225
Displaying Information About Switch Settings for Port Security	226
Displaying Information About Learned MAC Addresses	228
Displaying Port Status for Authentication Services	229
Displaying Port Statistics for 802.1X or Remote Authentication Service	230
Displaying ACL Status	234
Displaying Statistics for DHCP Snooping	236
Displaying DHCP Relay Statistics	237
Displaying MAC Address Bindings for ARP Packets	238
Displaying Entries in the IP Source Guard Table	239
Displaying Information on Authentication Servers	240
Displaying a List of Authentication Servers	240
Displaying Statistics for Configured Authentication Servers	241
Displaying Information on RMON	245
Displaying RMON Statistics	245
Displaying RMON Historical Samples	246
Displaying RMON Alarm Settings	247
Displaying RMON Event Settings	248
Displaying Information on LACP	249
Displaying an Overview of LACP Groups	249
Displaying LACP Port Status	249
Displaying LACP Port Statistics	250
Displaying Information on the Spanning Tree	251
Displaying Bridge Status for STA	251
Displaying Port Status for STA	254
Displaying Port Statistics for STA	255
Displaying MVR Information	256
Displaying MVR Statistics	256
Displaying MVR Group Information	257
Displaying MVR SFM Information	258
Showing IGMP Snooping Information	259
Showing IGMP Snooping Status	259
Showing IGMP Snooping Group Information	260
Showing IPv4 SFM Information	261
Showing MLD Snooping Information	262
Showing MLD Snooping Status	262
Showing MLD Snooping Group Information	263
Showing IPv6 SFM Information	264
Displaying LLDP Information	265
Displaying LLDP Neighbor Information	265
Displaying LLDP- MED Neighbor Information	266
Displaying LLDP Neighbor EEE Information	268
Displaying LLDP Port Statistics	270
Displaying the MAC Address Table	271
Displaying Information About VLANs	272
VLAN Membership	272
VLAN Port Status	273
Displaying Information About MAC-based VLANs	275
Displaying Information About Flow Sampling	276
Performing Basic Diagnostics	279
Pinging an IPv4 or IPv6 Address	279
Running Cable Diagnostics	281
Performing System Maintenance	283
Restarting the Switch	283
Restoring Factory Defaults	284
Upgrading Firmware	284
Activating the Alternate Image	285
Managing Configuration Files	286
Saving Configuration Settings	286
Restoring Configuration Settings	287
Appendices	289
Software Specifications	291
Software Features	291
Management Features	292
Standards	293
Management Information Bases	293
Troubleshooting	295
Problems Accessing the Management Interface	295
Using System Logs	296
License Information	297
The GNU General Public License	297
Glossary	301

Match case Limit results 1 per page

HAPTER

Configuring the Switch

Configuring Security

–

these encryption methods in Windows 95 and 98, you can use the

AEGIS dot1x client or other comparable client software.)

MAC-based authentication allows for authentication of more than one user

on the same port, and does not require the user to have special 802.1X

software installed on his system. The switch uses the client's MAC address

to authenticate against the backend server. However, note that intruders

can create counterfeit MAC addresses, which makes MAC-based

authentication less secure than 802.1X authentication.

ATH

Advanced Configuration, Security, Network, NAS

SAGE

UIDELINES

When 802.1X is enabled, you need to configure the parameters for the

authentication process that runs between the client and the switch (i.e.,

authenticator), as well as the client identity lookup process that runs

between the switch and authentication server. These parameters are

described in this section.

ARAMETERS

These parameters are displayed:

System Configuration

◆

Mode

- Indicates if 802.1X and MAC-based authentication are globally

enabled or disabled on the switch. If globally disabled, all ports are

allowed to forward frames.

◆

Reauthentication Enabled

- Sets clients to be re-authenticated after

an interval specified by the Re-authentication Period. Re-authentication

can be used to detect if a new device is plugged into a switch port.

(Default: Disabled)

For MAC-based ports, reauthentication is only useful if the RADIUS

server configuration has changed. It does not involve communication

between the switch and the client, and therefore does not imply that a

client is still present on a port (see Age Period below).

◆

Reauthentication Period

- Sets the time period after which a

connected client must be re-authenticated. (Range: 1-3600 seconds;

Default: 3600 seconds)

◆

EAPOL Timeout

- Sets the time the switch waits for a supplicant

response during an authentication session before retransmitting a

Request Identify EAPOL packet. (Range: 1-255 seconds; Default: 30

seconds)

◆

Aging Period

- The period used to calculate when to age out a client

allowed access to the switch through Single 802.1X, Multi 802.1X, and

MAC-based authentication as described below. (Range: 10-1000000

seconds; Default: 300 seconds)

When the NAS module uses the Port Security module to secure MAC

addresses, the Port Security module needs to check for activity on the