Home » Netgear Manuals » Hubs & Switches » Netgear GS716Tv2 » Manual Viewer

Netgear GS716Tv2 GS716Tv2/GS724Tv3 Software Admin Manual - Page 148

Port Authentication, Table, 16. Access Rule Configuration Fields

Add to My Manuals
Save this manual to your list of manuals

Page 148 highlights

GS716Tv2 and GS724Tv3 Software Administration Manual Table 5-16. Access Rule Configuration Fields Field Description Rule Type Service Type Select Permit to allow access to the switch administrative pages for traffic that meets the criteria you configure for the rule. Any traffic that does not meet the rules is denied. Select Deny to prohibit access to the switch administrative pages for traffic that meets the criteria you configure for the rule. Any traffic that does not meet the rules is allowed access to the switch. Select the type of service to allow or prohibit from accessing the switch management interface: • SNMP • HTTP • HTTPS Source IP Address Enter Source IP Address of the client originating the management traffic. Enter the address in the Source IP address text box. Mask Priority Enter the subnet mask associated with the IP address. Configure priority to the rule. The rules are validated against the incoming management request in the ascending order of their priorities. If a rule matches, action is performed and subsequent rules below are ignored. For example, if a Source IP 10.10.10.10 is configured with priority 1 to permit, and Source IP 10.10.10.10 is configured with priority 2 to Deny, then access is permitted if the profile is active, and the second rule is ignored. 2. To add an Access Rule, enter information into the appropriate fields and click Add. 3. To delete an Access Rule, select the check box next to the Rule Type, and then click Delete. 4. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch. 5. If you make changes to the page, click Apply to apply the changes to the system. Port Authentication In port-based authentication mode, when 802.1X is enabled globally and on the port, successful authentication of any one supplicant attached to the port results in all users being able to use the port without restrictions. At any given time, only one supplicant is allowed to attempt authentication on a port in this mode. Ports in this mode are under bidirectional control. This is the default authentication mode. 5-22 v1.0, July 2009 Managing Device Security

Section	Page
GS716Tv2 and GS724Tv3 Software Administration Manual	1
Contents	5
About This Manual	11
Audience	11
Organization	11
Conventions, Formats and Scope	12
How to Use This Manual	14
How to Print this Manual	14
Revision History	15
Chapter 1 Getting Started	17
Connecting the Switch to the Network	17
Switch Management Interface	18
SmartWizard Discovery in a Network with a DHCP Server	19
SmartWizard Discovery in a Network without a DHCP Server	20
Manually Assigning Network Parameters	21
Configuring the Network Settings on the Administrative System	22
SmartWizard Discovery Utilities	22
Password Change	23
Firmware Upgrade	23
Exit	24
Understanding the User Interfaces	25
Using the Web Interface	25
Navigation Tabs	27
Configuration and Monitoring Options	28
Device View	29
Help Page Access	30
User-Defined Fields	30
Using SNMP	30
Common Parameter Values	31
Interface Naming Convention	32
Chapter 2 Configuring System Information	33
System Information	33
Defining System Information	35
Network Connectivity	35
Time	37
Time Configuration	38
SNTP Global Status	40
SNTP Server Configuration	42
SNTP Server Status	43
Denial of Service	45
Green Ethernet Configuration	47
SNMP V1/V2	48
Community Configuration	49
Trap Configuration	51
Trap Flags	52
SNMP v3 User Configuration	53
LLDP	55
LLDP Configuration	55
LLDP Port Settings	56
Local Information	59
Neighbors Information	62
Chapter 3 Configuring Switching Information	65
Configuring and Viewing Device Port Information	65
Port Configuration	65
Flow Control	68
Creating LAGs	69
LAG Configuration	69
LAG Membership	71
LACP Configuration	72
LACP Port Configuration	73
Managing VLANs	74
VLAN Configuration	74
VLAN Membership Configuration	76
Port VLAN ID Configuration	78
Configuring Spanning Tree Protocol	80
STP Switch Configuration/Status	81
CST Configuration	83
CST Port Configuration	85
CST Port Status	87
Rapid STP Configuration	88
MST Configuration	90
MST Port Configuration	91
STP Statistics	95
Configuring IGMP Snooping	96
Global Configuration	96
IGMP Snooping Interface Configuration	98
Viewing Multicast Forwarding Database Information	99
IGMP Snooping Table	100
MFDB Table	101
MFDB Statistics	103
IGMP Snooping VLAN Configuration	104
Configuring IGMP Snooping Queriers	106
IGMP Snooping Querier Configuration	107
IGMP Snooping Querier VLAN Configuration	108
IGMP Snooping Querier VLAN Status	109
Searching and Configuring the Forwarding Database	111
Searching the MAC Address Table	111
Dynamic Address Configuration	113
MAC Address Table	114
Static MAC Address	116
Chapter 4 Configuring Quality of Service	119
Configuring Class of Service	119
Basic CoS Configuration	120
CoS Interface Configuration	121
Interface Queue Configuration	123
802.1p to Queue Mapping	124
DSCP to Queue Mapping	125
Chapter 5 Managing Device Security	127
Management Security Settings	127
Change Password	128
RADIUS Configuration	129
Global Configuration	129
Server Configuration	131
Accounting Server Configuration	133
Configuring TACACS+	136
TACACS+ Configuration	136
Server Configuration	137
Authentication List Configuration	139
Configuring Management Access	141
HTTP Configuration	141
Secure HTTP Configuration	142
Certificate Download	144
Access Profile Configuration	145
Access Rule Configuration	147
Port Authentication	148
802.1X Configuration	149
Port Authentication	150
Port Summary	154
Traffic Control	156
MAC Filter Configuration	156
MAC Filter Summary	158
Storm Control	159
Port Security Configuration	160
Port Security Interface Configuration	161
Security MAC Address	163
Protected Ports Membership	164
Configuring Access Control Lists	165
MAC ACL	166
MAC Rules	168
MAC Binding Configuration	170
MAC Binding Table	171
IP ACL	173
IP Rules	174
IP Extended Rule	176
IP Binding Configuration	180
IP Binding Table	182
Chapter 6 Monitoring the System	183
Switch Statistics	183
Viewing Port Statistics	186
Port Statistics	186
Port Detailed Statistics	187
EAP Statistics	194
Managing Logs	196
Memory Logs	196
FLASH Log Configuration	198
Server Log Configuration	201
Trap Logs	203
Event Logs	204
Configuring Port Mirroring	205
Multiple Port Mirroring	205
Chapter 7 Maintenance	207
Reset	207
Rebooting the Switch	207
Reset Configuration to Defaults	208
Upload File From Switch	209
Uploading Files	211
Download File To Switch	211
TFTP File Download	212
Downloading a File to the Switch	214
HTTP File Download	214
File Management	216
Dual Image Configuration	216
Viewing the Dual Image Status	218
Troubleshooting	219
Ping	219
TraceRoute	220
Appendix A Hardware Specifications and Default Values	223
GS7xxT Gigabit Smart Switch Specifications	223
GS7xxTR Gigabit Smart Switch Features and Defaults	224
Appendix B Configuration Examples	227
Virtual Local Area Networks (VLANs)	227
VLAN Example Configuration	228
Access Control Lists (ACLs)	230
MAC ACL Example Configuration	231
Standard IP ACL Example Configuration	232
802.1X	234
802.1X Example Configuration	236
MSTP	237
MSTP Example Configuration	239

Match case Limit results 1 per page

GS716Tv2 and GS724Tv3 Software Administration Manual

5-22

Managing Device Security

v1.0, July 2009

To add an Access Rule, enter information into the appropriate fields and click

Add

To delete an Access Rule, select the check box next to the Rule Type, and then click

Delete

Click

Cancel

to cancel the configuration on the screen and reset the data on the screen to the

latest value of the switch.

If you make changes to the page, click

Apply

to apply the changes to the system.

Port Authentication

In port-based authentication mode, when 802.1X is enabled globally and on the port, successful

authentication of any one supplicant attached to the port results in all users being able to use the

port without restrictions. At any given time, only one supplicant is allowed to attempt

authentication on a port in this mode. Ports in this mode are under bidirectional control. This is the

default authentication mode.

Table

5-16. Access Rule Configuration Fields

Field

Description

Rule Type

Select Permit to allow access to the switch administrative pages for

traffic that meets the criteria you configure for the rule. Any traffic that

does not meet the rules is denied.

Select Deny to prohibit access to the switch administrative pages for

traffic that meets the criteria you configure for the rule. Any traffic that

does not meet the rules is allowed access to the switch.

Service Type

Select the type of service to allow or prohibit from accessing the switch

management interface:

• SNMP

• HTTP

• HTTPS

Source IP Address

Enter Source IP Address of the client originating the management

traffic. Enter the address in the Source IP address text box.

Mask

Enter the subnet mask associated with the IP address.

Priority

Configure priority to the rule. The rules are validated against the

incoming management request in the ascending order of their priorities.

If a rule matches, action is performed and subsequent rules below are

ignored. For example, if a Source IP 10.10.10.10 is configured with

priority 1 to permit, and Source IP 10.10.10.10 is configured with

priority 2 to Deny, then access is permitted if the profile is active, and

the second rule is ignored.