Home » Netgear Manuals » Hubs & Switches » Netgear GS110TP » Manual Viewer

Netgear GS110TP GS108Tv2/GS110TP Software Reference Manual - Page 291

Authenticator, Supplicant, Authentication server

UPC - 606449069129

Add to My Manuals
Save this manual to your list of manuals

Page 291 highlights

GS108T and GS110TP Smart Switch Software Administration Manual The ports of an 802.1X authenticator switch provide the means in which it can offer services to other systems reachable via the LAN. Port-based network access control allows the operation of a switch's ports to be controlled in order to ensure that access to its services is only permitted by systems that are authorized to do so. Port access control provides a means of preventing unauthorized access by supplicants to the services offered by a system. Control over the access to a switch and the LAN to which it is connected can be desirable in order to restrict access to publicly accessible bridge ports or to restrict access to departmental LANs. Access control is achieved by enforcing authentication of supplicants that are attached to an authenticator's controlled ports. The result of the authentication process determines whether the supplicant is authorized to access services on that controlled port. A Port Access Entity (PAE) is able to adopt one of two distinct roles within an access control interaction: 1. Authenticator: A Port that enforces authentication before allowing access to services available via that Port. 2. Supplicant: A Port that attempts to access services offered by the Authenticator. Additionally, there exists a third role: 3. Authentication server: Performs the authentication function necessary to check the credentials of the Supplicant on behalf of the Authenticator. All three roles are required in order to complete an authentication exchange. GS108T and GS110TP switches support the Authenticator role only, in which the PAE is responsible for communicating with the Supplicant. The Authenticator PAE is also responsible for submitting the information received from the Supplicant to the Authentication Server in order for the credentials to be checked, which will determine the authorization state of the Port. The Authenticator PAE controls the authorized/unauthorized state of the controlled Port depending on the outcome of the RADIUS-based authentication process. Configuration Examples v1.0, April 2010 B-13

Section	Page
GS108T and GS110TP Smart Switch Software Administration Manual	1
Contents	5
About This Manual	11
Audience	11
Organization	11
Conventions, Formats and Scope	12
How to Print this Manual	14
Revision History	14
Chapter 1 Getting Started	15
Switch Management Interface	15
Connecting the Switch to the Network	16
Switch Discovery in a Network with a DHCP Server	17
Switch Discovery in a Network without a DHCP Server	19
Configuring the Network Settings on the Administrative System	21
Web Access	22
Smart Control Center Utilities	23
Network Utilities	23
Configuration Upload and Download	24
Firmware Upgrade	26
Viewing and Managing Tasks	28
Understanding the User Interfaces	29
Using the Web Interface	29
Navigation Tabs, Feature Links, and Page Menu	30
Configuration and Monitoring Options	31
Device View	32
Help Page Access	34
User-Defined Fields	34
Using SNMP	34
Interface Naming Convention	35
Chapter 2 Configuring System Information	37
Management	37
System Information	37
IP Configuration	39
Time	41
Time Configuration	42
SNTP Server Configuration	45
Denial of Service	48
Auto-DoS Configuration	48
DoS Configuration	49
DNS	51
DNS Configuration	51
Host Configuration	52
Green Ethernet Configuration	53
PoE (GS110TP Only)	54
PoE Configuration	55
PoE Port Configuration	56
Timer Global Configuration	58
Timer Schedule Configuration	59
SNMP	61
SNMPV1/V2	61
Community Configuration	61
Trap Configuration	63
Trap Flags	64
SNMP v3 User Configuration	65
LLDP	67
LLDP Configuration	67
LLDP Port Settings	69
LLDP-MED Network Policy	70
LLDP-MED Port Settings	72
Local Information	73
Neighbors Information	76
Services — DHCP Filtering	81
DHCP Filtering Configuration	81
Interface Configuration	82
Chapter 3 Configuring Switching Information	85
Ports	85
Port Configuration	85
Flow Control	88
Link Aggregation Groups	89
LAG Configuration	89
LAG Membership	91
LACP Configuration	92
LACP Port Configuration	93
VLANs	94
VLAN Configuration	95
VLAN Membership Configuration	96
Port VLAN ID Configuration	98
Voice VLAN	100
Voice VLAN Properties	100
Voice VLAN Port Setting	102
Voice VLAN OUI	103
Auto-VoIP	104
Spanning Tree Protocol	106
STP Switch Configuration	107
CST Configuration	109
CST Port Configuration	111
CST Port Status	113
Rapid STP	115
MST Configuration	116
MST Port Configuration	118
STP Statistics	121
Multicast	122
Auto-Video Configuration	122
IGMP Snooping	123
IGMP Snooping Configuration	124
IGMP Snooping Interface Configuration	125
IGMP Snooping Table	127
Multicast Forwarding Database Table	129
MFDB Statistics	130
IGMP Snooping VLAN Configuration	132
IGMP Snooping Querier	133
IGMP Snooping Querier Configuration	134
IGMP Snooping Querier VLAN Configuration	135
IGMP Snooping Querier VLAN Status	136
Forwarding Database	137
MAC Address Table	138
Dynamic Address Configuration	139
Static MAC Address	140
Chapter 4 Configuring Quality of Service	143
Class of Service	143
Basic CoS Configuration	144
CoS Interface Configuration	146
Interface Queue Configuration	147
802.1p to Queue Mapping	149
DSCP to Queue Mapping	151
Differentiated Services	152
Defining DiffServ	152
Diffserv Configuration	153
Class Configuration	155
Policy Configuration	159
Service Configuration	165
Service Statistics	166
Chapter 5 Managing Device Security	169
Management Security Settings	169
Change Password	170
RADIUS Configuration	171
Global Configuration	171
RADIUS Server Configuration	173
Accounting Server Configuration	175
Configuring TACACS+	178
TACACS+ Configuration	178
TACACS+ Server Configuration	179
Authentication List Configuration	181
Configuring Management Access	182
HTTP Configuration	183
Secure HTTP Configuration	184
Certificate Download	186
Access Profile Configuration	187
Access Rule Configuration	189
Port Authentication	191
802.1X Configuration	192
Port Authentication	193
Port Summary	198
Traffic Control	200
MAC Filter Configuration	200
MAC Filter Summary	202
Storm Control	203
Port Security Configuration	205
Port Security Interface Configuration	206
Security MAC Address	208
Protected Ports Membership	209
Configuring Access Control Lists	210
ACL Wizard	211
MAC ACL	212
MAC Rules	214
MAC Binding Configuration	216
MAC Binding Table	217
IP ACL	218
IP Rules	220
IP Extended Rule	221
IP Binding Configuration	226
IP Binding Table	227
Chapter 6 Monitoring the System	229
Ports	229
Switch Statistics	229
Port Statistics	232
Port Detailed Statistics	233
EAP Statistics	241
System Logs	242
Memory Logs	243
FLASH Log Configuration	245
Server Log Configuration	247
Trap Logs	249
Event Logs	250
Port Mirroring	252
Multiple Port Mirroring	252
Chapter 7 Maintenance	255
Reset	255
Device Reboot	255
Factory Default	256
Upload File From Switch	257
Download File To Switch	259
TFTP File Download	259
HTTP File Download	262
File Management	263
Dual Image Configuration	264
Dual Image Status	265
Troubleshooting	266
Ping	266
Traceroute	268
Chapter 8 Help	271
Online Help	271
Support	271
User Guide	272
Appendix A Hardware Specifications and Default Values	273
GS108T Gigabit Smart Switch and GS110TP Gigabit Smart Switch Specifications	273
GS108T and GS110TP Switch Features and Defaults	274
Appendix B Configuration Examples	279
Virtual Local Area Networks (VLANs)	279
VLAN Example Configuration	281
Access Control Lists (ACLs)	282
MAC ACL Example Configuration	282
Standard IP ACL Example Configuration	284
Differentiated Services (DiffServ)	285
Class	286
DiffServ Traffic Classes	286
Creating Policies	287
Traffic Conditioning Policy	287
DiffServ Example Configuration	288
802.1X	290
802.1X Example Configuration	292
MSTP	293
MSTP Example Configuration	295

Match case Limit results 1 per page

GS108T and GS110TP Smart Switch Software Administration Manual

Configuration Examples

B-13

v1.0, April 2010

The ports of an 802.1X authenticator switch provide the means in which it can offer services to

other systems reachable via the LAN. Port-based network access control allows the operation of a

switch’s ports to be controlled in order to ensure that access to its services is only permitted by

systems that are authorized to do so.

Port access control provides a means of preventing unauthorized access by supplicants to the

services offered by a system. Control over the access to a switch and the LAN to which it is

connected can be desirable in order to restrict access to publicly accessible bridge ports or to

restrict access to departmental LANs.

Access control is achieved by enforcing authentication of supplicants that are attached to an

authenticator's controlled ports. The result of the authentication process determines whether the

supplicant is authorized to access services on that controlled port.

A Port Access Entity (PAE) is able to adopt one of two distinct roles within an access control

interaction:

Authenticator

: A Port that enforces authentication before allowing access to services

available via that Port.

Supplicant

: A Port that attempts to access services offered by the Authenticator.

Additionally, there exists a third role:

Authentication server

: Performs the authentication function necessary to check the

credentials of the Supplicant on behalf of the Authenticator.

All three roles are required in order to complete an authentication exchange.

GS108T and GS110TP switches support the Authenticator role only, in which the PAE is

responsible for communicating with the Supplicant. The Authenticator PAE is also responsible for

submitting the information received from the Supplicant to the Authentication Server in order for

the credentials to be checked, which will determine the authorization state of the Port. The

Authenticator PAE controls the authorized/unauthorized state of the controlled Port depending on

the outcome of the RADIUS-based authentication process.