Home » Netgear Manuals » Hubs & Switches » Netgear GS724TPv2 » Manual Viewer

Netgear GS724TPv2 User Manual - Page 302

X Example Configuration, Port Control, Unauthorized, Guest VLAN, Apply, Enable, EAPOL Flood Mode

Add to My Manuals
Save this manual to your list of manuals

Page 302 highlights

NETGEAR 24-Port Gigabit Smart Managed Pro Switch with PoE+ and 2 SFP Ports Model GS724TPv2 controls the authorized/unauthorized state of the controlled port depending on the outcome of the RADIUS-based authentication process. Figure 1. 802.1X authentication roles 802.1X Example Configuration This example shows how to configure the switch so that 802.1X-based authentication is required on the ports in a corporate conference room (g5-g8). These ports are available to visitors and must be authenticated before access is granted to the network. The authentication is handled by an external RADIUS server. When the visitor is successfully authenticated, traffic is automatically assigned to the guest VLAN. This example assumes that a VLAN was configured with a VLAN ID of 150 and VLAN name of Guest. 1. On the Port Authentication page (see Configure 802.1X Settings for a Port on page 204), select ports g5, g6, g7, and g8. 2. From the Port Control menu, select Unauthorized. The selection from the Port Control menu for all other ports on which authentication is not needed must be Authorized. When the selection from the Port Control menu is Authorized, the port is unconditionally put in a force-authorized state and does not require any authentication. When the selection from the Port Control menu is Auto, the authenticator PAE sets the controlled port mode. 3. In the Guest VLAN field for ports g5-g8, enter 150 to assign these ports to the guest VLAN. You can configure additional settings to control access to the network through the ports. See Configure a Port Security Interface on page 215 for information about the settings. 4. Click the Apply button. 5. On the 802.1X Configuration page, set the port based authentication state and guest VLAN mode to Enable, and then the Apply button. (See Configure the Global Port Security Mode on page 214.) This example uses the default values for the port authentication settings, but you can configure several additional settings. For example, the EAPOL Flood Mode field allows you to enable the forwarding of EAPoL frames when 802.1X is disabled on the device. Configuration Examples 302

Section	Page
24-Port Gigabit Smart Managed Pro Switch with PoE+ and 2 SFP Ports Model GS724TPv2	1
Contents	3
1. Get Started	8
Switch Management Interface Overview	9
Change the Default IP Address of the Switch	9
Discover a Switch in a Network With a DHCP Server	10
Discover a Switch in a Network Without a DHCP Server	11
Configure the Network Settings on Your Computer	12
Access the Web Browser–Based Management Interface	15
About the User Interfaces	15
Software Requirements to Use the Web Interface	15
Supported Web Browsers	16
Use a Web Browser to Access the Switch and Log In	16
Navigation Tabs, Configuration Menus, and Page Menu	17
Configuration and Status Options	18
Web Interface Buttons	18
User-Defined Fields	18
Web Browser–Based Management Interface Device View	19
Interface Naming Conventions	21
Configure Interface Settings	21
Context-Sensitive Help and Access to the Support WebSite	25
User Guide	26
Register Your Product	27
2. Configure System Information	28
View and Configure the Switch Management Settings	29
View or Define System Information and View Software Information	29
Configure the Switch IP Settings	31
Configure the IPv6 Network Interface	33
View the IPv6 Network Neighbor	34
Configure the Time Settings	35
Configure Denial of Service Settings	50
Configure DNS Settings	52
Configure Green Ethernet Settings	56
Use the Device View	58
Configure PoE	58
Configure PoE Trap Settings and View PoE Information	59
Configure the PoE Port Settings	60
Configure SNMP	63
Configure the SNMPv1/v2 Community	63
Configure SNMPv1/v2 Trap Settings	65
Configure SNMPv1/v2 Trap Flags	68
View the Supported MIBs	69
Configure SNMP V3 Users	70
Configure LLDP	71
Configure LLDP Global Settings	71
Configure LLDP Port Settings	73
View LLDP-MED Network Policy Information	74
Configure LLDP-MED Port Settings	76
View Local LLDP Information	77
View LLDP Neighbors Information	79
Configure DHCP Snooping	82
Set Up PoE Timer Schedules	87
Create a PoE Timer Schedule	87
Specify the Settings for a PoE Timer Schedule	88
Delete a PoE Timer Schedule	90
3. Configure Switching	92
Configure Port Settings	93
Configure Link Aggregation Groups	95
Configure LAG Settings	96
Configure LAG Membership	97
Set the LACP System Priority	98
Set the LACP Port Priority Settings	99
Configure VLANs	100
Configure VLAN Settings	101
Configure VLAN Membership	103
View VLAN Status	105
Configure Port PVID Settings	106
Configure a Voice VLAN	108
Configure Auto-VoIP	110
Configure Protocol-Based Port Settings	110
Configure Auto-VoIP OUI-Based Properties	111
Configure OUI-Based Port Settings	112
Manage the OUI Table	113
Display the Auto-VoIP Status	116
Configure Spanning Tree Protocol	117
Configure STP Settings	117
Configure CST Settings	119
Configure CST Port Settings	121
View CST Port Status	122
View Rapid STP Information	124
Manage MST Settings	125
Configure the MST Port Settings	127
View STP Statistics	130
Configure Multicast	131
View the MFDB Table	131
View the MFDB Statistics	132
IGMP Snooping Overview	133
Configure IGMP Snooping	134
Configure IGMP Snooping for Interfaces	135
View the IGMP Snooping Table	137
Configure IGMP Snooping for VLANs	138
Modify IGMP Snooping Settings for a VLAN	139
IGMP Snooping Querier Overview	140
Configure IGMP Snooping Querier	140
Configure IGMP Snooping Querier for VLANs	141
Display IGMP Snooping Querier for VLAN Status	142
Configure a Static Multicast Group	143
Remove a Static Multicast Group	144
Configure Multicast Group Membership	145
Configure the Multicast Forward All Option	147
View and Configure the MAC Address Table	148
Configure the MAC Address Table	148
Set the Dynamic Address Aging Interval	150
Configure a Static MAC Address	151
4. Configure Quality of Service	152
Manage Class of Service	153
CoS Configuration Overview	153
Configure Global CoS Settings	153
Configure CoS Interface Settings for an Interface	155
Configure CoS Queue Settings for an Interface	156
802.1p to Queue Mapping	158
DSCP to Queue Mapping	159
Manage Differentiated Services	160
DiffServ Configuration Overview	161
Configure DiffServ Settings	161
Enable the DiffServ Mode and View the DiffServ Status	161
Configure a DiffServ Class	163
Configure a DiffServ Policy	168
Configure the DiffServ Service Interface	174
View DiffServ Service Statistics	176
5. Manage Device Security	178
Configure the Management Security Settings	179
Change the Password	179
Configure RADIUS Servers	180
Configure TACACS+	189
Configure Authentication Lists	191
Configure Management Access	194
Configure HTTP Settings	194
Configure HTTPS Settings	195
Manage Certificates	197
Download Certificates	198
Configure Access Control	200
Configure Access Rule Settings	201
Configure Port Authentication	202
Configure Global 802.1X Settings	203
Manage Port Authentication	204
View the Port Summary	208
Configure Traffic Control	210
Manage MAC Filtering	210
MAC Filter Summary	212
Configure Storm Control	212
Configure Port Security	214
Configure Protected Ports	218
Configure Access Control Lists	219
Use the ACL Wizard to Create a Simple ACL	220
Configure a MAC ACL	225
Configure MAC ACL Rules	227
Configure MAC Bindings	231
View or Delete MAC ACL Bindings in the MAC Binding Table	233
Configure an IP ACL	234
Configure Rules for a Basic IP ACL	236
Configure Rules for an Extended IP ACL	240
Configure IP ACL Interface Bindings	244
View or Delete IP ACL Bindings in the IP ACL Binding Table	246
6. Monitor the System	248
Monitor the Switch and the Ports	249
View Switch Statistics	249
View Port Statistics	252
View Detailed Port Statistics	254
View EAP Statistics	260
Perform a Cable Test	262
Configure and View Logs	263
Manage the Memory Logs	263
Message Log Format	265
Manage the Flash Log	266
Manage the Server Log	267
View the Trap Logs	270
Configure Port Mirroring	272
7. Maintenance	275
Reboot the Switch	276
Reset the Switch to Its Factory Default Settings	276
Upload a File From the Switch	277
Upload a File to the TFTP Server	277
Upload a File Using HTTP	279
Download a File to the Switch	280
Download a File to the Switch Using TFTP	280
Download a File to the Switch Using HTTP	282
Manage Files	284
Configure Dual Image Settings	284
Delete an Image	285
Display the Dual Image Status	286
Perform Troubleshooting	287
Ping an IPv4 Address	287
Ping an IPv6 Address	288
Enable and Perform Remote Diagnostics	289
A. Configuration Examples	291
Virtual Local Area Networks (VLANs)	292
VLAN Configuration Examples	293
Access Control Lists (ACLs)	294
MAC ACL Sample Configuration	294
Standard IP ACL Sample Configuration	295
Differentiated Services (DiffServ)	296
Class	297
DiffServ Traffic Classes	298
Creating Policies	298
DiffServ Example Configuration	299
802.1X	300
802.1X Example Configuration	302
MSTP	303
MSTP Example Configuration	305
B. Specifications and Default Settings	307
Switch Default Settings	308
General Feature Default Settings	309
System Setup and Maintenance Settings	314
Port Characteristics	315
Traffic Control Settings	315
Quality of Service Settings	316
Security Settings	316
System Management Settings	317

Match case Limit results 1 per page

Configuration Examples

302

NETGEAR 24-Port Gigabit Smart Managed Pro Switch with PoE+ and 2 SFP Ports Model GS724TPv2

controls the authorized/unauthorized state of the controlled port depending on the outcome of

the RADIUS-based authentication process.

Figure 1. 802.1X authentication roles

802.1X Example Configuration

This example shows how to configure the switch so that 802.1X-based authentication is

required on the ports in a corporate conference room (g5–g8). These ports are available to

visitors and must be authenticated before access is granted to the network. The

authentication is handled by an external RADIUS server. When the visitor is successfully

authenticated, traffic is automatically assigned to the guest VLAN. This example assumes

that a VLAN was configured with a VLAN ID of 150 and VLAN name of Guest.

On the Port Authentication page (see

Configure 802.1X Settings for a Port

page 204), select ports

, and

From the

Port Control

menu, select

Unauthorized

The selection from the

Port Control

menu for all other ports on which authentication is

not needed must be

Authorized

. When the selection from the

Port Control

menu is

Authorized

, the port is unconditionally put in a force-authorized state and does not

require any authentication. When the selection from the

Port Control

menu is

Auto

, the

authenticator PAE sets the controlled port mode.

In the

Guest VLAN

field for ports g5–g8, enter

150

to assign these ports to the guest VLAN.

You can configure additional settings to control access to the network through the ports.

See

Configure a Port Security Interface

on page 215 for information about the settings.

Click the

Apply

button.

On the 802.1X Configuration page, set the port based authentication state and guest VLAN

mode to

Enable

, and then the

Apply

button. (See

Configure the Global Port Security Mode

on page 214.)

This example uses the default values for the port authentication settings, but you can

configure several additional settings. For example, the

EAPOL Flood Mode

field allows

you to enable the forwarding of EAPoL frames when 802.1X is disabled on the device.