Home » Netgear Manuals » Hubs & Switches » Netgear GS748Tv4 » Manual Viewer

Netgear GS748Tv4 GS748Tv4 Software Administration Manual - Page 259

X Example Configuration, Authenticator, Supplicant, Authentication server

Add to My Manuals
Save this manual to your list of manuals

Page 259 highlights

GS748T Smart Switch Software Administration Manual A Port Access Entity (PAE) is able to adopt one of two distinct roles within an access control interaction: 1. Authenticator: A Port that enforces authentication before allowing access to services available via that Port. 2. Supplicant: A Port that attempts to access services offered by the Authenticator. Additionally, there exists a third role: 3. Authentication server: Performs the authentication function necessary to check the credentials of the Supplicant on behalf of the Authenticator. All three roles are required in order to complete an authentication exchange. The GS748T Smart Switch supports the Authenticator role only, in which the PAE is responsible for communicating with the Supplicant. The Authenticator PAE is also responsible for submitting the information received from the Supplicant to the Authentication Server in order for the credentials to be checked, which will determine the authorization state of the Port. The Authenticator PAE controls the authorized/unauthorized state of the controlled Port depending on the outcome of the RADIUS-based authentication process. Supplicant Authenticator Switch Authentication Server (RADIUS) 192.168.10.23 Supplicant 802.1X Example Configuration This example shows how to configure the switch so that 802.1X-based authentication is required on the ports in a corporate conference room (g1-g8). These ports are available to visitors and need to be authenticated before granting access to the network. The authentication is handled by an external RADIUS server. When the visitor is successfully authenticated, traffic is automatically assigned to the guest VLAN. This example assumes that a VLAN has been configured with a VLAN ID of 150 and VLAN Name of Guest. 1. From the Port Authentication screen, select ports g1 through g8. 2. From the Port Control menu, select Unauthorized. The Port Control setting for all other ports where authentication is not needed should Authorized. When the Port Control setting is Authorized, the port is unconditionally put in a force-Authorized state and does not require any authentication. When the Port Control setting is Auto, the authenticator PAE sets the controlled port mode. Appendix B: Configuration Examples | 259

Section	Page
GS748T Smart Switch	1
Table of Contents	3
1. Getting Started	9
Getting Started with the GS748T Smart Switch	10
Switch Management Interface	11
Connecting the Switch to the Network	12
Switch Discovery in a Network with a DHCP Server	13
Switch Discovery in a Network without a DHCP Server	15
Configuring the Network Settings on the Administrative System	16
Web Access	18
Smart Control Center Utilities	19
Network Utilities	19
Configuration Upload and Download	20
Firmware Upgrade	22
Viewing and Managing Tasks	24
Understanding the User Interfaces	25
Using the Web Interface	25
Using SNMP	30
Interface Naming Convention	31
2. Configuring System Information	33
Management	34
System Information	34
IP Configuration	35
IPv6 Network Configuration	37
IPv6 Network Neighbor	39
Time	40
Denial of Service	45
DNS	48
Green Ethernet Configuration	51
SNMP	52
SNMPV1/V2	52
Trap Flags	55
SNMP v3 User Configuration	56
LLDP	58
LLDP Configuration	58
LLDP Port Settings	59
LLDP-MED Network Policy	61
LLDP-MED Port Settings	62
Local Information	64
Neighbors Information	66
Services — DHCP Filtering	71
DHCP Filtering Configuration	71
Interface Configuration	72
3. Configuring Switching Information	75
Ports	76
Port Configuration	76
Flow Control	77
Link Aggregation Groups	79
LAG Configuration	79
LAG Membership	81
LACP Configuration	82
LACP Port Configuration	83
VLANs	84
VLAN Configuration	84
VLAN Membership Configuration	85
Port VLAN ID Configuration	87
Voice VLAN	89
Voice VLAN Properties	89
Voice VLAN Port Setting	90
Voice VLAN OUI	91
Auto-VoIP Configuration	93
Spanning Tree Protocol	94
STP Switch Configuration	94
CST Configuration	96
CST Port Configuration	98
CST Port Status	99
Rapid STP	101
MST Configuration	101
MST Port Configuration	103
STP Statistics	105
Multicast	107
Auto-Video Configuration	107
IGMP Snooping	107
IGMP Snooping Querier	116
Forwarding Database	120
MAC Address Table	120
Dynamic Address Configuration	122
Static MAC Address	123
4. Configuring Quality of Service	125
Class of Service	126
Basic CoS Configuration	126
CoS Interface Configuration	127
Interface Queue Configuration	129
802.1p to Queue Mapping	130
DSCP to Queue Mapping	131
Differentiated Services	133
Defining DiffServ	133
Diffserv Configuration	134
Class Configuration	135
Policy Configuration	138
Service Configuration	143
Service Statistics	144
5. Managing Device Security	147
Management Security Settings	148
Change Password	148
RADIUS Configuration	149
Configuring TACACS+	154
Authentication List Configuration	157
Configuring Management Access	159
HTTP Configuration	159
Secure HTTP Configuration	160
Certificate Download	161
Access Profile Configuration	163
Access Rule Configuration	164
Port Authentication	166
802.1X Configuration	166
Port Authentication	168
Port Summary	172
Traffic Control	173
MAC Filter Configuration	173
MAC Filter Summary	175
Storm Control	175
Port Security Configuration	177
Port Security Interface Configuration	178
Security MAC Address	179
Protected Ports Membership	180
Configuring Access Control Lists	181
ACL Wizard	181
MAC ACL	182
MAC Rules	183
MAC Binding Configuration	185
MAC Binding Table	186
IP ACL	187
IP Rules	189
IP Extended Rules	190
IP Binding Configuration	194
IP Binding Table	195
6. Monitoring the System	197
Ports	198
Switch Statistics	198
Port Statistics	200
Port Detailed Statistics	201
EAP Statistics	208
Cable Test	209
System Logs	211
Memory Logs	211
FLASH Log Configuration	213
Server Log Configuration	214
Trap Logs	216
Event Logs	218
Port Mirroring	219
Multiple Port Mirroring	219
7. Maintenance	221
Reset	222
Device Reboot	222
Factory Default	222
Upload File From Switch	224
TFTP File Upload	224
HTTP File Upload	225
Download File To Switch	227
TFTP File Download	227
HTTP File Download	229
File Management	231
Dual Image Configuration	231
Dual Image Status	232
Troubleshooting	234
Ping	234
Ping IPv6	235
Traceroute	236
8. Help	239
Online Help	239
Support	239
User Guide	240
A. Hardware Specifications and Default Values	242
GS748T Smart Switch Specifications	242
GS748T Switch Features and Defaults	243
B. Configuration Examples	247
Virtual Local Area Networks (VLANs)	248
VLAN Example Configuration	249
Access Control Lists (ACLs)	250
MAC ACL Example Configuration	250
Standard IP ACL Example Configuration	252
Differentiated Services (DiffServ)	253
Class	253
DiffServ Traffic Classes	254
Creating Policies	254
DiffServ Example Configuration	255
802.1X	258
802.1X Example Configuration	259
MSTP	261
MSTP Example Configuration	262
C. Notification of Compliance	266

Match case Limit results 1 per page

Appendix B:

Configuration Examples

259

GS748T Smart Switch Software Administration Manual

A Port Access Entity (PAE) is able to adopt one of two distinct roles within an access control

interaction:

Authenticator

: A Port that enforces authentication before allowing access to services

available via that Port.

Supplicant

: A Port that attempts to access services offered by the Authenticator.

Additionally, there exists a third role:

Authentication server

: Performs the authentication function necessary to check the

credentials of the Supplicant on behalf of the Authenticator.

All three roles are required in order to complete an authentication exchange.

The GS748T Smart Switch supports the Authenticator role only, in which the PAE is

responsible for communicating with the Supplicant. The Authenticator PAE is also

responsible for submitting the information received from the Supplicant to the Authentication

Server in order for the credentials to be checked, which will determine the authorization state

of the Port. The Authenticator PAE controls the authorized/unauthorized state of the

controlled Port depending on the outcome of the RADIUS-based authentication process.

802.1X Example Configuration

This example shows how to configure the switch so that 802.1X-based authentication is

required on the ports in a corporate conference room (g1–g8). These ports are available to

visitors and need to be authenticated before granting access to the network. The

authentication is handled by an external RADIUS server. When the visitor is successfully

authenticated, traffic is automatically assigned to the guest VLAN. This example assumes

that a VLAN has been configured with a VLAN ID of 150 and VLAN Name of Guest.

From the Port Authentication screen, select ports g1 through g8.

From the Port Control menu, select Unauthorized.

The Port Control setting for all other ports where authentication is not needed should

Authorized. When the Port Control setting is Authorized, the port is unconditionally put in

a force-Authorized state and does not require any authentication. When the Port Control

setting is Auto, the authenticator PAE sets the controlled port mode.

Supplicant

Authenticator

Switch

Authentication

Server (RADIUS)

192.168.10.23