Home » LevelOne Manuals » Hubs & Switches » LevelOne GSW-4876 » Manual Viewer

LevelOne GSW-4876 Manual - Page 96

RADIUS-Assigned QoS Enabled, Guest VLAN Enabled, Port State, Globally Disabled, Link Down, Authorized

Add to My Manuals
Save this manual to your list of manuals

Page 96 highlights

CHAPTER 4 | Configuring the Switch Configuring Security The advantage of MAC-based authentication over port-based 802.1X is that several clients can be connected to the same port (e.g. through a 3rd party switch or a hub) and still require individual authentication, and that the clients don't need special supplicant software to authenticate. The advantage of MAC-based authentication over 802.1X-based authentication is that the clients don't need special supplicant software to authenticate. The disadvantage is that MAC addresses can be spoofed by malicious users - equipment whose MAC address is a valid RADIUS user can be used by anyone. Also, only the MD5-Challenge method is supported. The maximum number of clients that can be attached to a port can be limited using the Port Security Limit Control functionality. Further Guidelines for Port Admin State ■ Port Admin state can only be set to Force-Authorized for ports participating in the Spanning Tree algorithm (see page 135). ■ When 802.1X authentication is enabled on a port, the MAC address learning function for this interface is disabled, and the addresses dynamically learned on this port are removed from the common address table. ■ Authenticated MAC addresses are stored as dynamic entries in the switch's secure MAC address table. Configured static MAC addresses are added to the secure address table when seen on a switch port (see page 166). Static addresses are treated as authenticated without sending a request to a RADIUS server. ■ When port status changes to down, all MAC addresses are cleared from the secure MAC address table. Static VLAN assignments are not restored. ◆ RADIUS-Assigned QoS Enabled - Enables or disables this feature for a given port. Refer to the description of this feature under the System Configuration section. ◆ RADIUS-Assigned VLAN Enabled - Enables or disables this feature for a given port. Refer to the description of this feature under the System Configuration section. ◆ Guest VLAN Enabled - Enables or disables this feature for a given port. Refer to the description of this feature under the System Configure section. ◆ Port State - The current state of the port: ■ Globally Disabled - 802.1X and MAC-based authentication are globally disabled. (This is the default state.) ■ Link Down - 802.1X or MAC-based authentication is enabled, but there is no link on the port. ■ Authorized - The port is in Force Authorized mode, or a singlesupplicant mode and the supplicant is authorized. - 96 -

Section	Page
GSW-4876 User Manual	1
About This Guide	5
Contents	7
Figures	13
Tables	19
Getting Started	21
Introduction	23
Key Features	23
Description of Software Features	24
System Defaults	28
Initial Switch Configuration	31
Web Configuration	33
Using the Web Interface	35
Navigating the Web Browser Interface	35
Home Page	35
Configuration Options	36
Panel Display	36
Main Menu	36
Configuring the Switch	45
Configuring System Information	45
Setting an IP Address	46
Setting an IPv4 Address	46
Setting an IPv6 Address	48
Configuring NTP Service	50
Configuring the Time Zone and Daylight Savings Time	51
Configuring Remote Log Messages	53
Configuring Power Reduction	55
Reducing Power to Idle Queue Circuits	55
Configuring Port Connections	56
Configuring Security	58
Configuring User Accounts	58
Configuring User Privilege Levels	60
Configuring The Authentication Method For Management Access	62
Configuring SSH	65
Configuring HTTPS	66
Filtering IP Addresses for Management Access	67
Using Simple Network Management Protocol	68
Configuring SNMP System and Trap Settings	69
Setting SNMPv3 Community Access Strings	73
Configuring SNMPv3 Users	74
Configuring SNMPv3 Groups	76
Configuring SNMPv3 Views	77
Configuring SNMPv3 Group Access Rights	78
Remote Monitoring	79
Configuring RMON Statistical Samples	79
Configuring RMON History Samples	80
Configuring RMON Alarms	81
Configuring RMON Events	83
Configuring Port Limit Controls	84
Configuring Authentication Through Network Access Servers	87
Filtering Traffic with Access Control Lists	98
Assigning ACL Policies and Responses	98
Configuring Rate Limiters	100
Configuring Access Control Lists	101
Configuring DHCP Snooping	108
Configuring DHCP Relay and Option 82 Information	111
Configuring IP Source Guard	112
Configuring Global and Port Settings for IP Source Guard	112
Configuring Static Bindings for IP Source Guard	114
Configuring ARP Inspection	116
Configuring Global and Port Settings for ARP Inspection	117
Configuring Static Bindings for ARP Inspection	118
Specifying Authentication Servers	119
Creating Trunk Groups	121
Configuring Static Trunks	122
Configuring LACP	124
Configuring the Spanning Tree Algorithm	126
Configuring Global Settings for STA	128
Configuring Multiple Spanning Trees	132
Configuring Spanning Tree Bridge Priorities	134
Configuring STP/RSTP/CIST Interfaces	135
Configuring MIST Interfaces	138
Multicast VLAN Registration	139
Configuring General MVR Settings	140
Configuring MVR Channel Settings	143
IGMP Snooping	144
Configuring Global and Port-Related Settings for IGMP Snooping	145
Configuring VLAN Settings for IGMP Snooping and Query	148
Configuring IGMP Filtering	150
MLD Snooping	151
Configuring Global and Port-Related Settings for MLD Snooping	151
Configuring VLAN Settings for MLD Snooping and Query	154
Configuring MLD Filtering	157
Link Layer Discovery Protocol	157
Configuring LLDP Timing and TLVs	158
Configuring LLDP- MED TLVs	161
Configuring the MAC Address Table	166
IEEE 802.1Q VLANs	168
Assigning Ports to VLANs	169
Configuring VLAN Attributes for Port Members	170
Using Port Isolation	173
Configuring MAC-based VLANs	173
Protocol VLANs	175
Configuring Protocol VLAN Groups	175
Mapping Protocol Groups to Ports	177
Configuring IP Subnet-based VLANs	178
Managing VoIP Traffic	179
Configuring VoIP Traffic	180
Configuring Telephony OUI	182
Quality of Service	183
Configuring Port Classification	184
Configuring Port Policiers	185
Configuring Egress Port Scheduler	186
Configuring Egress Port Shaper	188
Configuring Port Remarking Mode	189
Configuring Port DSCP Translation and Rewriting	192
Configuring DSCP- based QoS Ingress Classification	193
Configuring DSCP Translation	194
Configuring DSCP Classification	195
Configuring QoS Control Lists	196
Configuring Storm Control	200
Configuring Random Early Detection	201
Using Congestion Management	203
Configuring Local Port Mirroring	204
Configuring Remote Port Mirroring	205
Configuring UPnP	210
Configuring sFlow	211
Monitoring the Switch	215
Displaying Basic Information About the System	215
Displaying System Information	215
Displaying CPU Utilization	216
Displaying Log Messages	217
Displaying Log Details	219
Displaying Information About Ports	219
Displaying Port Status On the Front Panel	219
Displaying an Overview of Port Statistics	220
Displaying QoS Statistics	220
Displaying QCL Status	221
Displaying Detailed Port Statistics	222
Displaying Information About Security Settings	225
Displaying Access Management Statistics	225
Displaying Information About Switch Settings for Port Security	226
Displaying Information About Learned MAC Addresses	228
Displaying Port Status for Authentication Services	229
Displaying Port Statistics for 802.1X or Remote Authentication Service	230
Displaying ACL Status	234
Displaying Statistics for DHCP Snooping	236
Displaying DHCP Relay Statistics	237
Displaying MAC Address Bindings for ARP Packets	238
Displaying Entries in the IP Source Guard Table	239
Displaying Information on Authentication Servers	240
Displaying a List of Authentication Servers	240
Displaying Statistics for Configured Authentication Servers	241
Displaying Information on RMON	245
Displaying RMON Statistics	245
Displaying RMON Historical Samples	246
Displaying RMON Alarm Settings	247
Displaying RMON Event Settings	248
Displaying Information on LACP	249
Displaying an Overview of LACP Groups	249
Displaying LACP Port Status	249
Displaying LACP Port Statistics	250
Displaying Information on the Spanning Tree	251
Displaying Bridge Status for STA	251
Displaying Port Status for STA	254
Displaying Port Statistics for STA	255
Displaying MVR Information	256
Displaying MVR Statistics	256
Displaying MVR Group Information	257
Displaying MVR SFM Information	258
Showing IGMP Snooping Information	259
Showing IGMP Snooping Status	259
Showing IGMP Snooping Group Information	260
Showing IPv4 SFM Information	261
Showing MLD Snooping Information	262
Showing MLD Snooping Status	262
Showing MLD Snooping Group Information	263
Showing IPv6 SFM Information	264
Displaying LLDP Information	265
Displaying LLDP Neighbor Information	265
Displaying LLDP- MED Neighbor Information	266
Displaying LLDP Neighbor EEE Information	268
Displaying LLDP Port Statistics	270
Displaying the MAC Address Table	271
Displaying Information About VLANs	272
VLAN Membership	272
VLAN Port Status	273
Displaying Information About MAC-based VLANs	275
Displaying Information About Flow Sampling	276
Performing Basic Diagnostics	279
Pinging an IPv4 or IPv6 Address	279
Running Cable Diagnostics	281
Performing System Maintenance	283
Restarting the Switch	283
Restoring Factory Defaults	284
Upgrading Firmware	284
Activating the Alternate Image	285
Managing Configuration Files	286
Saving Configuration Settings	286
Restoring Configuration Settings	287
Appendices	289
Software Specifications	291
Software Features	291
Management Features	292
Standards	293
Management Information Bases	293
Troubleshooting	295
Problems Accessing the Management Interface	295
Using System Logs	296
License Information	297
The GNU General Public License	297
Glossary	301

Match case Limit results 1 per page

HAPTER

Configuring the Switch

Configuring Security

–

The advantage of MAC-based authentication over port-based

802.1X is that several clients can be connected to the same port

(e.g. through a 3rd party switch or a hub) and still require individual

authentication, and that the clients don't need special supplicant

software to authenticate. The advantage of MAC-based

authentication over 802.1X-based authentication is that the clients

don't need special supplicant software to authenticate. The

disadvantage is that MAC addresses can be spoofed by malicious

users - equipment whose MAC address is a valid RADIUS user can

be used by anyone. Also, only the MD5-Challenge method is

supported. The maximum number of clients that can be attached to

a port can be limited using the Port Security Limit Control

functionality.

Further Guidelines for Port Admin State

■

Port Admin state can only be set to Force-Authorized for ports

participating in the Spanning Tree algorithm (see

page 135

■

When 802.1X authentication is enabled on a port, the MAC address

learning function for this interface is disabled, and the addresses

dynamically learned on this port are removed from the common

address table.

■

Authenticated MAC addresses are stored as dynamic entries in the

switch's secure MAC address table. Configured static MAC addresses

are added to the secure address table when seen on a switch port

(see

page 166

). Static addresses are treated as authenticated

without sending a request to a RADIUS server.

■

When port status changes to down, all MAC addresses are cleared

from the secure MAC address table. Static VLAN assignments are

not restored.

◆

RADIUS-Assigned QoS Enabled

- Enables or disables this feature for

a given port. Refer to the description of this feature under the System

Configuration section.

◆

RADIUS-Assigned VLAN Enabled

- Enables or disables this feature

for a given port. Refer to the description of this feature under the

System Configuration section.

◆

Guest VLAN Enabled

- Enables or disables this feature for a given

port. Refer to the description of this feature under the System

Configure section.

◆

Port State

- The current state of the port:

■

Globally Disabled

- 802.1X and MAC-based authentication are

globally disabled. (This is the default state.)

■

Link Down

- 802.1X or MAC-based authentication is enabled, but

there is no link on the port.

■

Authorized

- The port is in Force Authorized mode, or a single-

supplicant mode and the supplicant is authorized.