Home » Netgear Manuals » Hubs & Switches » Netgear GS716Tv2 » Manual Viewer

Netgear GS716Tv2 GS716Tv2/GS724Tv3 Software Admin Manual - Page 234

X, supplicant the system that requests authentication

Add to My Manuals
Save this manual to your list of manuals

Page 234 highlights

GS716Tv2 and GS724Tv3 Software Administration Manual The IP ACL in this example matches all packets with the source IP address and subnet mask of the Finance department's network and deny it on the Ethernet interfaces 14, 15, 16, 17, 18, 19, and 20 of the switch. The second rule permits all non-Finance traffic on the ports. The second rule is required because there is an explicit deny all rule as the lowest priority rule. 802.1X Local Area Networks (LANs) are often deployed in environments that permit unauthorized devices to be physically attached to the LAN infrastructure, or permit unauthorized users to attempt to access the LAN through equipment already attached. In such environments, it may be desirable to restrict access to the services offered by the LAN to those users and devices that are permitted to use those services. Port-based network access control makes use of the physical characteristics of LAN infrastructures in order to provide a means of authenticating and authorizing devices attached to a LAN port that has point-to-point connection characteristics and of preventing access to that port in cases in which the authentication and authorization process fails. In this context, a port is a single point of attachment to the LAN, such as ports of MAC bridges and associations between stations or access points in IEEE 802.11 Wireless LANs. The IEEE 802.11 standard describes an architectural framework within which authentication and consequent actions take place. It also establishes the requirements for a protocol between the authenticator (the system that passes an authentication request to the authentication server) and the supplicant (the system that requests authentication), as well as between the authenticator and the authentication server. The GS716T/GS724T switch supports a guest VLAN, which allows unauthenticated users to have limited access to the network resources. Note: You can use QoS features to provide rate limiting on the guest VLAN to limit the network resources the guest VLAN provides. Another 802.1X feature is the ability to configure a port to Enable/Disable EAPoL packet forwarding support.You can disable or enable the forwarding of EAPoL when 802.1X is disabled on the device. B-8 Configuration Examples v1.0, July 2009

Section	Page
GS716Tv2 and GS724Tv3 Software Administration Manual	1
Contents	5
About This Manual	11
Audience	11
Organization	11
Conventions, Formats and Scope	12
How to Use This Manual	14
How to Print this Manual	14
Revision History	15
Chapter 1 Getting Started	17
Connecting the Switch to the Network	17
Switch Management Interface	18
SmartWizard Discovery in a Network with a DHCP Server	19
SmartWizard Discovery in a Network without a DHCP Server	20
Manually Assigning Network Parameters	21
Configuring the Network Settings on the Administrative System	22
SmartWizard Discovery Utilities	22
Password Change	23
Firmware Upgrade	23
Exit	24
Understanding the User Interfaces	25
Using the Web Interface	25
Navigation Tabs	27
Configuration and Monitoring Options	28
Device View	29
Help Page Access	30
User-Defined Fields	30
Using SNMP	30
Common Parameter Values	31
Interface Naming Convention	32
Chapter 2 Configuring System Information	33
System Information	33
Defining System Information	35
Network Connectivity	35
Time	37
Time Configuration	38
SNTP Global Status	40
SNTP Server Configuration	42
SNTP Server Status	43
Denial of Service	45
Green Ethernet Configuration	47
SNMP V1/V2	48
Community Configuration	49
Trap Configuration	51
Trap Flags	52
SNMP v3 User Configuration	53
LLDP	55
LLDP Configuration	55
LLDP Port Settings	56
Local Information	59
Neighbors Information	62
Chapter 3 Configuring Switching Information	65
Configuring and Viewing Device Port Information	65
Port Configuration	65
Flow Control	68
Creating LAGs	69
LAG Configuration	69
LAG Membership	71
LACP Configuration	72
LACP Port Configuration	73
Managing VLANs	74
VLAN Configuration	74
VLAN Membership Configuration	76
Port VLAN ID Configuration	78
Configuring Spanning Tree Protocol	80
STP Switch Configuration/Status	81
CST Configuration	83
CST Port Configuration	85
CST Port Status	87
Rapid STP Configuration	88
MST Configuration	90
MST Port Configuration	91
STP Statistics	95
Configuring IGMP Snooping	96
Global Configuration	96
IGMP Snooping Interface Configuration	98
Viewing Multicast Forwarding Database Information	99
IGMP Snooping Table	100
MFDB Table	101
MFDB Statistics	103
IGMP Snooping VLAN Configuration	104
Configuring IGMP Snooping Queriers	106
IGMP Snooping Querier Configuration	107
IGMP Snooping Querier VLAN Configuration	108
IGMP Snooping Querier VLAN Status	109
Searching and Configuring the Forwarding Database	111
Searching the MAC Address Table	111
Dynamic Address Configuration	113
MAC Address Table	114
Static MAC Address	116
Chapter 4 Configuring Quality of Service	119
Configuring Class of Service	119
Basic CoS Configuration	120
CoS Interface Configuration	121
Interface Queue Configuration	123
802.1p to Queue Mapping	124
DSCP to Queue Mapping	125
Chapter 5 Managing Device Security	127
Management Security Settings	127
Change Password	128
RADIUS Configuration	129
Global Configuration	129
Server Configuration	131
Accounting Server Configuration	133
Configuring TACACS+	136
TACACS+ Configuration	136
Server Configuration	137
Authentication List Configuration	139
Configuring Management Access	141
HTTP Configuration	141
Secure HTTP Configuration	142
Certificate Download	144
Access Profile Configuration	145
Access Rule Configuration	147
Port Authentication	148
802.1X Configuration	149
Port Authentication	150
Port Summary	154
Traffic Control	156
MAC Filter Configuration	156
MAC Filter Summary	158
Storm Control	159
Port Security Configuration	160
Port Security Interface Configuration	161
Security MAC Address	163
Protected Ports Membership	164
Configuring Access Control Lists	165
MAC ACL	166
MAC Rules	168
MAC Binding Configuration	170
MAC Binding Table	171
IP ACL	173
IP Rules	174
IP Extended Rule	176
IP Binding Configuration	180
IP Binding Table	182
Chapter 6 Monitoring the System	183
Switch Statistics	183
Viewing Port Statistics	186
Port Statistics	186
Port Detailed Statistics	187
EAP Statistics	194
Managing Logs	196
Memory Logs	196
FLASH Log Configuration	198
Server Log Configuration	201
Trap Logs	203
Event Logs	204
Configuring Port Mirroring	205
Multiple Port Mirroring	205
Chapter 7 Maintenance	207
Reset	207
Rebooting the Switch	207
Reset Configuration to Defaults	208
Upload File From Switch	209
Uploading Files	211
Download File To Switch	211
TFTP File Download	212
Downloading a File to the Switch	214
HTTP File Download	214
File Management	216
Dual Image Configuration	216
Viewing the Dual Image Status	218
Troubleshooting	219
Ping	219
TraceRoute	220
Appendix A Hardware Specifications and Default Values	223
GS7xxT Gigabit Smart Switch Specifications	223
GS7xxTR Gigabit Smart Switch Features and Defaults	224
Appendix B Configuration Examples	227
Virtual Local Area Networks (VLANs)	227
VLAN Example Configuration	228
Access Control Lists (ACLs)	230
MAC ACL Example Configuration	231
Standard IP ACL Example Configuration	232
802.1X	234
802.1X Example Configuration	236
MSTP	237
MSTP Example Configuration	239

Match case Limit results 1 per page

GS716Tv2 and GS724Tv3 Software Administration Manual

B-8

Configuration Examples

v1.0, July 2009

The IP ACL in this example matches all packets with the source IP address and subnet mask of the

Finance department's network and deny it on the Ethernet interfaces 14, 15, 16, 17, 18, 19, and 20

of the switch. The second rule permits all non-Finance traffic on the ports. The second rule is

required because there is an explicit

deny all

rule as the lowest priority rule.

802.1X

Local Area Networks (LANs) are often deployed in environments that permit unauthorized

devices to be physically attached to the LAN infrastructure, or permit unauthorized users to

attempt to access the LAN through equipment already attached. In such environments, it may be

desirable to restrict access to the services offered by the LAN to those users and devices that are

permitted to use those services.

Port-based network access control makes use of the physical characteristics of LAN infrastructures

in order to provide a means of authenticating and authorizing devices attached to a LAN port that

has point-to-point connection characteristics and of preventing access to that port in cases in which

the authentication and authorization process fails. In this context, a port is a single point of

attachment to the LAN, such as ports of MAC bridges and associations between stations or access

points in IEEE 802.11 Wireless LANs.

The IEEE 802.11 standard describes an architectural framework within which authentication and

consequent actions take place. It also establishes the requirements for a protocol between the

authenticator (the system that passes an authentication request to the authentication server) and the

supplicant (the system that requests authentication), as well as between the authenticator and the

authentication server.

The GS716T/GS724T switch supports a guest VLAN, which allows unauthenticated users to have

limited access to the network resources.

Another 802.1X feature is the ability to configure a port to Enable/Disable EAPoL packet

forwarding support.You can disable or enable the forwarding of EAPoL when 802.1X is disabled

on the device.

Note:

You can use QoS features to provide rate limiting on the guest VLAN to limit the

network resources the guest VLAN provides.