Home » Netgear Manuals » Hubs & Switches » Netgear GS110TP » Manual Viewer

Netgear GS110TP GS108T/ GS110TP Smart Switch Software Administration Manual - Page 255

X Example Configuration, Authenticator, Supplicant, Authentication server

UPC - 606449069129

Add to My Manuals
Save this manual to your list of manuals

Page 255 highlights

GS108T and GS110TP Smart Switch Software Administration Manual A Port Access Entity (PAE) is able to adopt one of two distinct roles within an access control interaction: 1. Authenticator: A Port that enforces authentication before allowing access to services available via that Port. 2. Supplicant: A Port that attempts to access services offered by the Authenticator. Additionally, there exists a third role: 3. Authentication server: Performs the authentication function necessary to check the credentials of the Supplicant on behalf of the Authenticator. All three roles are required in order to complete an authentication exchange. switch switches support the Authenticator role only, in which the PAE is responsible for communicating with the Supplicant. The Authenticator PAE is also responsible for submitting the information received from the Supplicant to the Authentication Server in order for the credentials to be checked, which will determine the authorization state of the Port. The Authenticator PAE controls the authorized/unauthorized state of the controlled Port depending on the outcome of the RADIUS-based authentication process. Supplicant Authenticator Switch Authentication Server (RADIUS) 192.168.10.23 Supplicant 802.1X Example Configuration This example shows how to configure the switch so that 802.1X-based authentication is required on the ports in a corporate conference room (g5-g8). These ports are available to visitors and need to be authenticated before granting access to the network. The authentication is handled by an external RADIUS server. When the visitor is successfully authenticated, traffic is automatically assigned to the guest VLAN. This example assumes that a VLAN has been configured with a VLAN ID of 150 and VLAN Name of Guest. 1. From the Port Authentication screen, select ports g5, g6, g7, and g8. 2. From the Port Control menu, select Unauthorized. The Port Control setting for all other ports where authentication is not needed should Authorized. When the Port Control setting is Authorized, the port is unconditionally put in a force-Authorized state and does not require any authentication. When the Port Control setting is Auto, the authenticator PAE sets the controlled port mode Appendix B: Configuration Examples | 255

Section	Page
GS108T and GS110TP Smart Switch	1
Table of Contents	3
1. Getting Started	8
Getting Started with the GS108T and GS110TP Gigabit Smart Switches	9
Switch Management Interface	10
Connecting the Switch to the Network	11
Switch Discovery in a Network with a DHCP Server	12
Switch Discovery in a Network without a DHCP Server	14
Configuring the Network Settings on the Administrative System	15
Web Access	17
Smart Control Center Utilities	18
Network Utilities	18
Configuration Upload and Download	19
Firmware Upgrade	21
Viewing and Managing Tasks	22
Understanding the User Interfaces	24
Using the Web Interface	24
Using SNMP	29
Interface Naming Convention	30
2. Configuring System Information	32
Management	33
System Information	33
IP Configuration	34
Time	36
Denial of Service	42
DNS	44
Green Ethernet Configuration	47
PoE (GS110TP Only)	48
PoE Configuration	48
PoE Port Configuration	49
Timer Global Configuration	51
Timer Schedule Configuration	52
SNMP	54
SNMPV1/V2	54
Trap Flags	57
SNMP v3 User Configuration	58
LLDP	59
LLDP Configuration	59
LLDP Port Settings	61
LLDP-MED Network Policy	62
LLDP-MED Port Settings	64
Local Information	65
Neighbors Information	67
Services — DHCP Filtering	72
DHCP Filtering Configuration	72
Interface Configuration	73
3. Configuring Switching Information	75
Ports	76
Port Configuration	76
Flow Control	78
Link Aggregation Groups	79
LAG Configuration	79
LAG Membership	81
LACP Configuration	82
LACP Port Configuration	83
VLANs	84
VLAN Configuration	84
VLAN Membership Configuration	86
Port VLAN ID Configuration	87
Voice VLAN	89
Voice VLAN Properties	89
Voice VLAN Port Setting	90
Voice VLAN OUI	91
Auto-VoIP	93
Spanning Tree Protocol	94
STP Switch Configuration	95
CST Configuration	97
CST Port Configuration	98
CST Port Status	100
Rapid STP	101
MST Configuration	102
MST Port Configuration	104
STP Statistics	106
Multicast	108
Auto-Video Configuration	108
IGMP Snooping	109
IGMP Snooping Querier	117
Forwarding Database	121
MAC Address Table	121
Dynamic Address Configuration	123
Static MAC Address	124
4. Configuring Quality of Service	125
Class of Service	126
Basic CoS Configuration	126
CoS Interface Configuration	128
Interface Queue Configuration	129
802.1p to Queue Mapping	130
DSCP to Queue Mapping	131
Differentiated Services	133
Defining DiffServ	133
Diffserv Configuration	134
Class Configuration	135
Policy Configuration	138
Service Configuration	142
Service Statistics	143
5. Managing Device Security	145
Management Security Settings	146
Change Password	146
RADIUS Configuration	147
Configuring TACACS+	153
Authentication List Configuration	155
Configuring Management Access	157
HTTP Configuration	157
Secure HTTP Configuration	158
Certificate Download	159
Access Profile Configuration	161
Access Rule Configuration	162
Port Authentication	164
802.1X Configuration	164
Port Authentication	165
Port Summary	169
Traffic Control	171
MAC Filter Configuration	171
MAC Filter Summary	173
Storm Control	174
Port Security Configuration	175
Port Security Interface Configuration	176
Security MAC Address	178
Protected Ports Membership	179
Configuring Access Control Lists	180
ACL Wizard	180
MAC ACL	182
MAC Rules	183
MAC Binding Configuration	184
MAC Binding Table	186
IP ACL	187
IP Rules	188
IP Extended Rule	189
IP Binding Configuration	193
IP Binding Table	194
6. Monitoring the System	195
Ports	196
Switch Statistics	196
Port Statistics	198
Port Detailed Statistics	199
EAP Statistics	206
System Logs	208
Memory Logs	208
FLASH Log Configuration	210
Server Log Configuration	212
Trap Logs	214
Event Logs	215
Port Mirroring	216
Multiple Port Mirroring	216
7. Maintaining the System	219
Reset	220
Device Reboot	220
Factory Default	221
Upload File From Switch	222
Download File To Switch	223
TFTP File Download	223
HTTP File Download	225
File Management	228
Dual Image Configuration	228
Dual Image Status	229
Troubleshooting	231
Ping	231
Traceroute	232
8. Accessing Help	235
Online Help	235
Support	235
User Guide	236
A. Hardware Specifications and Default Values	238
GS108T and GS110TP Gigabit Smart Switches Specifications	238
GS108 Specifications	238
GS110 Specifications	238
GS108T and GS110TP Switch Performance	239
GS108T and GS110TP Switch Features and Defaults	239
Port Characteristics	239
Traffic Control	240
Quality Of Service	240
Security	240
System Setup	241
Management	241
Other Features	242
B. Configuration Examples	243
Virtual Local Area Networks (VLANs)	244
VLAN Example Configuration	245
Access Control Lists (ACLs)	246
MAC ACL Example Configuration	246
Standard IP ACL Example Configuration	248
Differentiated Services (DiffServ)	249
Class	249
DiffServ Traffic Classes	250
Creating Policies	250
DiffServ Example Configuration	252
802.1X	254
802.1X Example Configuration	255
MSTP	257
MSTP Example Configuration	258
C. Notification of Compliance	262

Match case Limit results 1 per page

Appendix B:

Configuration Examples

255

GS108T and GS110TP Smart Switch Software Administration Manual

A Port Access Entity (PAE) is able to adopt one of two distinct roles within an access control

interaction:

Authenticator

: A Port that enforces authentication before allowing access to services

available via that Port.

Supplicant

: A Port that attempts to access services offered by the Authenticator.

Additionally, there exists a third role:

Authentication server

: Performs the authentication function necessary to check the

credentials of the Supplicant on behalf of the Authenticator.

All three roles are required in order to complete an authentication exchange.

switch switches support the Authenticator role only, in which the PAE is responsible for

communicating with the Supplicant. The Authenticator PAE is also responsible for submitting

the information received from the Supplicant to the Authentication Server in order for the

credentials to be checked, which will determine the authorization state of the Port. The

Authenticator PAE controls the authorized/unauthorized state of the controlled Port

depending on the outcome of the RADIUS-based authentication process.

Supplicant

Authenticator

Switch

Authentication

Server (RADIUS)

192.168.10.23

802.1X Example Configuration

This example shows how to configure the switch so that 802.1X-based authentication is

required on the ports in a corporate conference room (g5–g8). These ports are available to

visitors and need to be authenticated before granting access to the network. The

authentication is handled by an external RADIUS server. When the visitor is successfully

authenticated, traffic is automatically assigned to the guest VLAN. This example assumes

that a VLAN has been configured with a VLAN ID of 150 and VLAN Name of Guest.

From the Port Authentication screen, select ports g5, g6, g7, and g8.

From the Port Control menu, select Unauthorized.

The Port Control setting for all other ports where authentication is not needed should

Authorized. When the Port Control setting is Authorized, the port is unconditionally put in

a force-Authorized state and does not require any authentication. When the Port Control

setting is Auto, the authenticator PAE sets the controlled port mode