Home » Netgear Manuals » Hubs & Switches » Netgear GSM7212P » Manual Viewer

Netgear GSM7212P GSM5212P/GSM7212P/GSM7212F/GSM7224P User Manual - Page 371

X Example Configuration, Authenticator, Supplicant, Authentication server

Add to My Manuals
Save this manual to your list of manuals

Page 371 highlights

Web Management User Guide is connected can be desirable in order to restrict access to publicly accessible bridge ports or to restrict access to departmental LANs. Access control is achieved by enforcing authentication of supplicants that are attached to an authenticator's controlled ports. The result of the authentication process determines whether the supplicant is authorized to access services on that controlled port. A Port Access Entity (PAE) is able to adopt one of two distinct roles within an access control interaction: 1. Authenticator: A Port that enforces authentication before allowing access to services available via that Port. 2. Supplicant: A Port that attempts to access services offered by the Authenticator. Additionally, there exists a third role: 3. Authentication server: Performs the authentication function necessary to check the credentials of the Supplicant on behalf of the Authenticator. All three roles are required in order to complete an authentication exchange. NETGEAR® switches support the Authenticator role only, in which the PAE is responsible for communicating with the Supplicant. The Authenticator PAE is also responsible for submitting the information received from the Supplicant to the Authentication Server in order for the credentials to be checked, which will determine the authorization state of the Port. The Authenticator PAE controls the authorized/unauthorized state of the controlled Port depending on the outcome of the RADIUS-based authentication process. Supplicant Supplicant Authenticator Switch Authentication Server (RADIUS) 192.168.10.23 802.1X Example Configuration This example shows how to configure the switch so that 802.1X-based authentication is required on the ports in a corporate conference room (1/0/5 - 1/0/8). These ports are available to visitors and need to be authenticated before granting access to the network. The authentication is handled by an external RADIUS server. When the visitor is successfully authenticated, traffic is automatically assigned to the guest VLAN. This example assumes that a VLAN has been configured with a VLAN ID of 150 and VLAN Name of Guest. 371

Section	Page
ProSafe® Managed Switch	1
Contents	3
1. Getting Started	8
Switch Management Interface	8
Web Access	8
Understanding the User Interfaces	9
Using the Web Interface	9
Using SNMP	14
Interface Naming Convention	14
2. Configuring System Information	16
Management	16
System Information	16
Switch Statistics	21
System CPU Status	24
Loopback Interface	26
Network Interface	27
Time	31
DNS	38
SDM Template Preference	40
Services	42
DHCP Server	42
DHCP Relay	51
DHCP L2 Relay	52
UDP Relay	55
PoE	57
Basic	57
Advanced	59
SNMP	64
SNMPV1/V2	64
SNMP V3	70
LLDP	71
LLDP	72
LLDP-MED	78
ISDP	87
Basic	87
Advanced	88
Timer Schedule	93
Timer Global Configuration	93
Timer Schedule Configuration	94
3. Configuring Switching Information	96
VLANs	96
Basic	97
Advanced	99
Spanning Tree Protocol	112
Basic	112
Advanced	115
Multicast	127
MFDB	127
IGMP Snooping	129
MLD Snooping	140
MVR Configuration	147
Basic	147
Advanced	148
Address Table	152
Basic	152
Advanced	154
Ports	158
Port Configuration	158
Port Description	160
Link Aggregation Groups	161
LAG Configuration	162
LAG Membership	163
4. Routing	166
Routing Table	166
Basic	167
Advanced	169
IP	171
Basic	171
Advanced	178
VLAN	186
VLAN Routing Wizard	187
VLAN Routing Configuration	188
ARP	189
Basic	189
Advanced	190
Router Discovery	193
5. Configuring Quality of Service	196
Class of Service	197
Basic	197
Advanced	199
Differentiated Services	204
DiffServ Wizard	205
Auto VoIP Configuration	207
Basic	207
Advanced	209
6. Managing Device Security	224
Management Security Settings	224
Local User	224
Enable Password Configuration	227
Line Password Configuration	227
RADIUS	228
Configuring TACACS+	234
Authentication List Configuration	236
Login Sessions	240
Configuring Management Access	241
HTTP	241
HTTPS	243
SSH	246
Telnet	249
Console Port	251
Denial of Service	252
Port Authentication	253
Basic	254
Advanced	255
Traffic Control	262
MAC Filter	263
Port Security	265
Private Group	270
Protected Ports Configuration	272
Storm Control	273
Control	275
DHCP Snooping	275
IP Source Guard	281
Dynamic ARP Inspection	283
Configuring Access Control Lists	288
ACL Wizard	288
Basic	289
Advanced	294
7. Monitoring the System	308
Ports	308
Port Statistics	309
Port Detailed Statistics	311
EAP Statistics	317
Cable Test	320
Logs	321
Buffered Logs	322
Command Log Configuration	324
Console Log Configuration	324
SysLog Configuration	325
Trap Logs	326
Event Logs	328
Persistent Logs	329
Port Mirroring	330
Multiple Port Mirroring	330
sFlow	332
Basic	332
Advanced	333
8. Maintenance	336
Save Configuration	336
Save Configuration	336
Auto Install Configuration	337
Reset	337
Device Reboot	338
Factory Default	338
Password Reset	339
Upload File From Switch	339
File Upload	340
HTTP File Upload	341
USB File Upload	342
Download File To Switch	342
File Download	343
HTTP File Download	344
USB File Download	346
File Management	347
Copy	347
Dual Image Configuration	348
Troubleshooting	349
Ping IPv4	349
Ping IPv6	350
Traceroute IPv4	351
Traceroute IPv6	352
9. Help	354
Online Help	354
Support	354
User Guide	355
A. Default Settings	357
B. Configuration Examples	361
Virtual Local Area Networks (VLANs)	361
VLAN Example Configuration	362
Access Control Lists (ACLs)	363
MAC ACL Example Configuration	364
Standard IP ACL Example Configuration	365
Differentiated Services (DiffServ)	366
Class	366
DiffServ Traffic Classes	367
Creating Policies	367
DiffServ Example Configuration	368
802.1X	370
802.1X Example Configuration	371
MSTP	372
MSTP Example Configuration	374
C. Notification of Compliance	378

Match case Limit results 1 per page

371

Web Management User Guide

is connected can be desirable in order to restrict access to publicly accessible bridge ports or

to restrict access to departmental LANs.

Access control is achieved by enforcing authentication of supplicants that are attached to an

authenticator's controlled ports. The result of the authentication process determines whether

the supplicant is authorized to access services on that controlled port.

A Port Access Entity (PAE) is able to adopt one of two distinct roles within an access control

interaction:

Authenticator

: A Port that enforces authentication before allowing access to services

available via that Port.

Supplicant

: A Port that attempts to access services offered by the Authenticator.

Additionally, there exists a third role:

Authentication server

: Performs the authentication function necessary to check the

credentials of the Supplicant on behalf of the Authenticator.

All three roles are required in order to complete an authentication exchange.

NETGEAR® switches support the Authenticator role only, in which the PAE is responsible for

communicating with the Supplicant. The Authenticator PAE is also responsible for submitting

the information received from the Supplicant to the Authentication Server in order for the

credentials to be checked, which will determine the authorization state of the Port. The

Authenticator PAE controls the authorized/unauthorized state of the controlled Port

depending on the outcome of the RADIUS-based authentication process.

Supplicant

Authenticator

Switch

Authentication

Server (RADIUS)

192.168.10.23

802.1X Example Configuration

This example shows how to configure the switch so that 802.1X-based authentication is

required on the ports in a corporate conference room (1/0/5 - 1/0/8). These ports are

available to visitors and need to be authenticated before granting access to the network. The

authentication is handled by an external RADIUS server. When the visitor is successfully

authenticated, traffic is automatically assigned to the guest VLAN. This example assumes

that a VLAN has been configured with a VLAN ID of 150 and VLAN Name of Guest.