Home » Netgear Manuals » Hubs & Switches » Netgear GS110TP » Manual Viewer

Netgear GS110TP GS108Tv2/GS110TP Software Reference Manual - Page 191

Port Authentication, Source IP Address, Priority, Apply, Delete, Cancel, Authenticators, Supplicants

UPC - 606449069129

Add to My Manuals
Save this manual to your list of manuals

Page 191 highlights

GS108T and GS110TP Smart Switch Software Administration Manual • Source IP Address. Specify the IP Address of the client originating the management traffic. • Mask. Specify the subnet mask associated with the IP address. The subnet mask is a standard subnet mask, and not an inverse (wildcard) mask that you use with IP ACLs. • Priority. Configure priority to the rule. The rules are validated against the incoming management request in the ascending order of their priorities. If a rule matches, action is performed and subsequent rules below are ignored. For example, if a Source IP 10.10.10.10 is configured with priority 1 to permit, and Source IP 10.10.10.10 is configured with priority 2 to Deny, then access is permitted if the profile is active, and the second rule is ignored. 2. To modify an access rule, select the check box next to the Rule Type, update the desired settings, and click Apply 3. To delete an access rule, select the check box next to the Rule Type, and click Delete. 4. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch. Port Authentication In port-based authentication mode, when 802.1X is enabled globally and on the port, successful authentication of any one supplicant attached to the port results in all users being able to use the port without restrictions. At any given time, only one supplicant is allowed to attempt authentication on a port in this mode. Ports in this mode are under bidirectional control. This is the default authentication mode. The 802.1X network has three components: • Authenticators: Specifies the port that is authenticated before permitting system access. • Supplicants: Specifies the host connected to the authenticated port requesting access to the system services. • Authentication Server: Specifies the external server, for example, the RADIUS server that performs the authentication on behalf of the authenticator, and indicates whether the user is authorized to access system services. Managing Device Security v1.0, April 2010 5-23

Section	Page
GS108T and GS110TP Smart Switch Software Administration Manual	1
Contents	5
About This Manual	11
Audience	11
Organization	11
Conventions, Formats and Scope	12
How to Print this Manual	14
Revision History	14
Chapter 1 Getting Started	15
Switch Management Interface	15
Connecting the Switch to the Network	16
Switch Discovery in a Network with a DHCP Server	17
Switch Discovery in a Network without a DHCP Server	19
Configuring the Network Settings on the Administrative System	21
Web Access	22
Smart Control Center Utilities	23
Network Utilities	23
Configuration Upload and Download	24
Firmware Upgrade	26
Viewing and Managing Tasks	28
Understanding the User Interfaces	29
Using the Web Interface	29
Navigation Tabs, Feature Links, and Page Menu	30
Configuration and Monitoring Options	31
Device View	32
Help Page Access	34
User-Defined Fields	34
Using SNMP	34
Interface Naming Convention	35
Chapter 2 Configuring System Information	37
Management	37
System Information	37
IP Configuration	39
Time	41
Time Configuration	42
SNTP Server Configuration	45
Denial of Service	48
Auto-DoS Configuration	48
DoS Configuration	49
DNS	51
DNS Configuration	51
Host Configuration	52
Green Ethernet Configuration	53
PoE (GS110TP Only)	54
PoE Configuration	55
PoE Port Configuration	56
Timer Global Configuration	58
Timer Schedule Configuration	59
SNMP	61
SNMPV1/V2	61
Community Configuration	61
Trap Configuration	63
Trap Flags	64
SNMP v3 User Configuration	65
LLDP	67
LLDP Configuration	67
LLDP Port Settings	69
LLDP-MED Network Policy	70
LLDP-MED Port Settings	72
Local Information	73
Neighbors Information	76
Services — DHCP Filtering	81
DHCP Filtering Configuration	81
Interface Configuration	82
Chapter 3 Configuring Switching Information	85
Ports	85
Port Configuration	85
Flow Control	88
Link Aggregation Groups	89
LAG Configuration	89
LAG Membership	91
LACP Configuration	92
LACP Port Configuration	93
VLANs	94
VLAN Configuration	95
VLAN Membership Configuration	96
Port VLAN ID Configuration	98
Voice VLAN	100
Voice VLAN Properties	100
Voice VLAN Port Setting	102
Voice VLAN OUI	103
Auto-VoIP	104
Spanning Tree Protocol	106
STP Switch Configuration	107
CST Configuration	109
CST Port Configuration	111
CST Port Status	113
Rapid STP	115
MST Configuration	116
MST Port Configuration	118
STP Statistics	121
Multicast	122
Auto-Video Configuration	122
IGMP Snooping	123
IGMP Snooping Configuration	124
IGMP Snooping Interface Configuration	125
IGMP Snooping Table	127
Multicast Forwarding Database Table	129
MFDB Statistics	130
IGMP Snooping VLAN Configuration	132
IGMP Snooping Querier	133
IGMP Snooping Querier Configuration	134
IGMP Snooping Querier VLAN Configuration	135
IGMP Snooping Querier VLAN Status	136
Forwarding Database	137
MAC Address Table	138
Dynamic Address Configuration	139
Static MAC Address	140
Chapter 4 Configuring Quality of Service	143
Class of Service	143
Basic CoS Configuration	144
CoS Interface Configuration	146
Interface Queue Configuration	147
802.1p to Queue Mapping	149
DSCP to Queue Mapping	151
Differentiated Services	152
Defining DiffServ	152
Diffserv Configuration	153
Class Configuration	155
Policy Configuration	159
Service Configuration	165
Service Statistics	166
Chapter 5 Managing Device Security	169
Management Security Settings	169
Change Password	170
RADIUS Configuration	171
Global Configuration	171
RADIUS Server Configuration	173
Accounting Server Configuration	175
Configuring TACACS+	178
TACACS+ Configuration	178
TACACS+ Server Configuration	179
Authentication List Configuration	181
Configuring Management Access	182
HTTP Configuration	183
Secure HTTP Configuration	184
Certificate Download	186
Access Profile Configuration	187
Access Rule Configuration	189
Port Authentication	191
802.1X Configuration	192
Port Authentication	193
Port Summary	198
Traffic Control	200
MAC Filter Configuration	200
MAC Filter Summary	202
Storm Control	203
Port Security Configuration	205
Port Security Interface Configuration	206
Security MAC Address	208
Protected Ports Membership	209
Configuring Access Control Lists	210
ACL Wizard	211
MAC ACL	212
MAC Rules	214
MAC Binding Configuration	216
MAC Binding Table	217
IP ACL	218
IP Rules	220
IP Extended Rule	221
IP Binding Configuration	226
IP Binding Table	227
Chapter 6 Monitoring the System	229
Ports	229
Switch Statistics	229
Port Statistics	232
Port Detailed Statistics	233
EAP Statistics	241
System Logs	242
Memory Logs	243
FLASH Log Configuration	245
Server Log Configuration	247
Trap Logs	249
Event Logs	250
Port Mirroring	252
Multiple Port Mirroring	252
Chapter 7 Maintenance	255
Reset	255
Device Reboot	255
Factory Default	256
Upload File From Switch	257
Download File To Switch	259
TFTP File Download	259
HTTP File Download	262
File Management	263
Dual Image Configuration	264
Dual Image Status	265
Troubleshooting	266
Ping	266
Traceroute	268
Chapter 8 Help	271
Online Help	271
Support	271
User Guide	272
Appendix A Hardware Specifications and Default Values	273
GS108T Gigabit Smart Switch and GS110TP Gigabit Smart Switch Specifications	273
GS108T and GS110TP Switch Features and Defaults	274
Appendix B Configuration Examples	279
Virtual Local Area Networks (VLANs)	279
VLAN Example Configuration	281
Access Control Lists (ACLs)	282
MAC ACL Example Configuration	282
Standard IP ACL Example Configuration	284
Differentiated Services (DiffServ)	285
Class	286
DiffServ Traffic Classes	286
Creating Policies	287
Traffic Conditioning Policy	287
DiffServ Example Configuration	288
802.1X	290
802.1X Example Configuration	292
MSTP	293
MSTP Example Configuration	295

Match case Limit results 1 per page

GS108T and GS110TP Smart Switch Software Administration Manual

Managing Device Security

5-23

v1.0, April 2010

•

Source IP Address

. Specify the IP Address of the client originating the management

traffic.

•

Mask

. Specify the subnet mask associated with the IP address. The subnet mask is a

standard subnet mask, and

not

an inverse (wildcard) mask that you use with IP ACLs.

•

Priority

. Configure priority to the rule. The rules are validated against the incoming

management request in the ascending order of their priorities. If a rule matches, action is

performed and subsequent rules below are ignored. For example, if a Source IP

10.10.10.10 is configured with priority 1 to permit, and Source IP 10.10.10.10 is

configured with priority 2 to Deny, then access is permitted if the profile is active, and the

second rule is ignored.

To modify an access rule, select the check box next to the Rule Type, update the desired

settings, and click

Apply

To delete an access rule, select the check box next to the Rule Type, and click

Delete

Click

Cancel

to cancel the configuration on the screen and reset the data on the screen to the

latest value of the switch.

Port Authentication

In port-based authentication mode, when 802.1X is enabled globally and on the port, successful

authentication of any one supplicant attached to the port results in all users being able to use the

port without restrictions. At any given time, only one supplicant is allowed to attempt

authentication on a port in this mode. Ports in this mode are under bidirectional control. This is the

default authentication mode.

The 802.1X network has three components:

•

Authenticators

: Specifies the port that is authenticated before permitting system access.

•

Supplicants

: Specifies the host connected to the authenticated port requesting access to the

system services.

•

Authentication Server

: Specifies the external server, for example, the RADIUS server that

performs the authentication on behalf of the authenticator, and indicates whether the user is

authorized to access system services.