Home » TP-Link Manuals » Hubs & Switches » TP-Link 10GE » Manual Viewer

TP-Link 10GE T1700G-28TQUN V1 User Guide - Page 231

AAA

Add to My Manuals
Save this manual to your list of manuals

Page 231 highlights

Configuration Procedure: Step Operation Description 1 Install the 802.1X client Required. For the client computers, you are required to software. install the TP-LINK 802.1X Client provided on the CD. Please refer to the software guide in the same directory with the software for more information. 2 Configure the 802.1X globally. Required. By default, the global 802.1X function is disabled. On the Network Security→802.1X→Global Config page, configure the 802.1X function globally. 3 Configure the 802.1X for the Required. On the Network Security→802.1X→Port port. Config page, configure the 802.1X feature for the port of the switch basing on the actual network. 4 Connect an authentication Required. Record the information of the client in the LAN server to the switch and do to the authentication server and configure the some configuration. corresponding authentication username and password for the client. 5 Enable the AAA function Required. On the Network Security→AAA→Global globally. Conifg page, enable the AAA function globally. 6 Configure the parameters of Required. On the Network Security→AAA→RADIUS the authentication server. Server Conifg page, configure the parameters of the RADIUS server. Note: 1. The 802.1X function takes effect only when it is enabled globally on the switch and for the port. 2. The 802.1X function cannot be enabled for LAG member ports. That is, the port with 802.1X function enabled cannot be added to the LAG. 3. The 802.1X function should not be enabled for the port connected to the authentication server. 13.6 AAA  Overview AAA stands for authentication, authorization and accounting. This feature is used to authenticate users trying to log in to the switch or trying to access the administrative level privilege. Username and password pairs are used for login and privilege authentication. The authentication can be processed locally in the switch or centrally in the RADIUS/TACACS+ server(s). The local authentication username and password pairs can be configured in 4.2 User Management.  Applicable Access Application The authentication can be applied on the following access applications: Console, Telnet, SSH and HTTP.  Authentication Method List A method list describes the authentication methods and their sequence to authenticate a user. The switch supports Login List for users to gain access to the switch, and Enable List for normal users to gain administrative privileges. 221

Section	Page
Package Contents	11
Chapter 1 About this Guide	12
1.1 Intended Readers	12
1.2 Conventions	12
1.3 Overview of This Guide	12
Chapter 2 Introduction	16
2.1 Overview of the Switch	16
2.2 Appearance Description	16
2.2.1 Front Panel	16
2.2.2 Rear Panel	17
Chapter 3 Login to the Switch	19
3.1 Login	19
3.2 Configuration	20
Chapter 4 System	21
4.1 System Info	21
4.1.1 System Summary	21
4.1.2 Device Description	24
4.1.3 System Time	24
4.1.4 Daylight Saving Time	25
4.2 User Management	26
4.2.1 User Table	26
4.2.2 User Config	27
4.3 System Tools	28
4.3.1 Boot Config	28
4.3.2 Config Restore	29
4.3.3 Config Backup	30
4.3.4 Firmware Upgrade	31
4.3.5 System Reboot	31
4.3.6 System Reset	32
4.4 Access Security	32
4.4.1 Access Control	32
4.4.2 HTTP Config	34
4.4.3 HTTPS Config	34
4.4.4 SSH Config	37
4.4.5 Telnet Config	44
4.5 SDM Template	44
4.5.1 SDM Template Config	44
Chapter 5 Stack	46
5.1 Stack Management	53
5.1.1 Stack Info	53
5.1.2 Stack Config	54
5.2 Application Example for Stack	56
Chapter 6 Switching	57
6.1 Port	57
6.1.1 Port Config	57
6.1.2 Port Mirror	58
6.1.3 Port Security	60
6.1.4 Port Isolation	62
6.1.5 Loopback Detection	63
6.2 LAG	65
6.2.1 LAG Table	66
6.2.2 Static LAG	67
6.2.3 LACP Config	68
6.3 Traffic Monitor	70
6.3.1 Traffic Summary	70
6.3.2 Traffic Statistics	71
6.4 MAC Address	73
6.4.1 Address Table	74
6.4.2 Static Address	75
6.4.3 Dynamic Address	76
6.4.4 Filtering Address	78
Chapter 7 VLAN	80
7.1 802.1Q VLAN	81
7.1.1 VLAN Config	82
7.1.2 Port Config	83
7.2 Application Example for 802.1Q VLAN	85
7.3 MAC VLAN	86
7.3.1 MAC VLAN	87
7.3.2 Port Enable	87
7.4 Application Example for MAC VLAN	88
7.5 Protocol VLAN	90
7.5.1 Protocol Group Table	91
7.5.2 Protocol Group	91
7.5.3 Protocol Template	92
7.6 Application Example for Protocol VLAN	94
Chapter 8 Spanning Tree	96
8.1 STP Config	101
8.1.1 STP Config	101
8.1.2 STP Summary	103
8.2 Port Config	104
8.3 MSTP Instance	105
8.3.1 Region Config	106
8.3.2 Instance Config	106
8.3.3 Instance Port Config	107
8.4 STP Security	109
8.4.1 Port Protect	109
8.4.2 TC Protect	112
8.5 Application Example for STP Function	112
Chapter 9 Multicast	117
9.1 IGMP Snooping	121
9.1.1 Snooping Config	123
9.1.2 Port Config	125
9.1.3 VLAN Config	126
9.1.4 Multicast VLAN	127
9.1.5 Querier Config	130
9.1.6 Profile Config	132
9.1.7 Profile Binding	133
9.1.8 Packet Statistics	135
9.2 MLD Snooping	136
9.2.1 Snooping Config	138
9.2.2 Port Config	140
9.2.3 VLAN Config	141
9.2.4 Multicast VLAN	142
9.2.5 Querier Config	143
9.2.6 Profile Config	145
9.2.7 Profile Binding	146
9.2.8 Packet Statistics	148
9.3 Multicast Table	149
9.3.1 IPv4 Multicast Table	149
9.3.2 Static IPv4 Multicast Table	150
9.3.3 IPv6 Multicast Table	151
9.3.4 Static IPv6 Multicast Table	152
Chapter 10 Routing	154
10.1 Interface	154
10.2 Routing Table	160
10.2.1 IPv4 Routing Table	160
10.2.2 IPv6 Routing Table	160
10.3 Static Routing	161
10.3.1 IPv4 Static Routing Config	161
10.3.2 IPv6 Static Routing Config	162
10.4 DHCP Relay	163
10.4.1 Global Config	165
10.4.2 DHCP Server	166
10.5 ARP	167
10.5.1 ARP Table	167
10.5.2 Static ARP	167
Chapter 11 QoS	169
11.1 DiffServ	172
11.1.1 Port Priority	172
11.1.2 Schedule Mode	173
11.1.3 802.1P Priority	174
11.1.4 DSCP Priority	175
11.2 Bandwidth Control	177
11.2.1 Rate Limit	177
11.2.2 Storm Control	178
11.3 Voice VLAN	179
11.3.1 Global Config	181
11.3.2 Port Config	182
11.3.3 OUI Config	183
Chapter 12 ACL	185
12.1 Time-Range	185
12.1.1 Time-Range Summary	185
12.1.2 Time-Range Create	186
12.1.3 Holiday Config	187
12.2 ACL Config	187
12.2.1 ACL Summary	187
12.2.2 ACL Create	188
12.2.3 MAC ACL	188
12.2.4 Standard-IP ACL	190
12.2.5 Extend-IP ACL	191
12.2.6 IPv6 ACL	192
12.3 Policy Config	193
12.3.1 Policy Summary	193
12.3.2 Policy Create	194
12.3.3 Action Create	194
12.4 ACL Binding	195
12.4.1 Binding Table	196
12.4.2 Port Binding	197
12.4.3 VLAN Binding	198
12.5 Policy Binding	198
12.5.1 Binding Table	199
12.5.2 Port Binding	200
12.5.3 VLAN Binding	201
12.6 Application Example for ACL	201
Chapter 13 Network Security	204
13.1 IP-MAC Binding	204
13.1.1 Binding Table	204
13.1.2 Manual Binding	205
13.1.3 ARP Scanning	207
13.2 DHCP Snooping	209
13.2.1 Global Config	212
13.2.2 Port Config	212
13.2.3 Option 82 Config	214
13.3 ARP Inspection	215
13.3.1 ARP Detect	219
13.3.2 ARP Defend	220
13.3.3 ARP Statistics	221
13.4 DoS Defend	222
13.4.1 DoS Defend	224
13.5 802.1X	224
13.5.1 Global Config	228
13.5.2 Port Config	229
13.6 AAA	231
13.6.1 Global Config	232
13.6.2 Privilege Elevation	232
13.6.3 RADIUS Server Config	233
13.6.4 TACACS+ Server Config	234
13.6.5 Authentication Server Group Config	234
13.6.6 Authentication Method List Config	236
13.6.7 Application Authentication List Config	237
13.6.8 802.1X Authentication Server Config	238
13.6.9 Default Settings	238
Chapter 14 SNMP	240
14.1 SNMP Config	242
14.1.1 Global Config	242
14.1.2 SNMP View	243
14.1.3 SNMP Group	244
14.1.4 SNMP User	245
14.1.5 SNMP Community	247
14.2 Notification	249
14.3 RMON	251
14.3.1 Statistics	252
14.3.2 History	253
14.3.3 Event	254
14.3.4 Alarm Config	255
Chapter 15 LLDP	257
15.1 Basic Config	261
15.1.1 Global Config	261
15.1.2 Port Config	262
15.2 Device Info	263
15.2.1 Local Info	263
15.2.2 Neighbor Info	264
15.3 Device Statistics	265
15.4 LLDP-MED	267
15.4.1 Global Config	268
15.4.2 Port Config	268
15.4.3 Local Info	271
15.4.4 Neighbor Info	272
Chapter 16 Maintenance	273
16.1 System Monitor	273
16.1.1 CPU Monitor	273
16.1.2 Memory Monitor	274
16.2 Log	274
16.2.1 Log Table	275
16.2.2 Local Log	276
16.2.3 Remote Log	277
16.2.4 Backup Log	277
16.3 Device Diagnose	278
16.3.1 Cable Test	278
16.4 Network Diagnose	279
16.4.1 Ping	280
16.4.2 Tracert	280
Appendix A: Specifications	282

Match case Limit results 1 per page

Configuration Procedure:

Step

Operation

Description

Install

the

802.1X

client

software.

Required. For the client computers, you are required to

install the TP-LINK 802.1X Client provided on the CD.

Please refer to the software guide in the same directory

with the software for more information

Configure the 802.1X globally.

Required. By default, the global 802.1X function is

disabled. On the

Network Security

→

802.1X

→

Global

Config

page, configure the 802.1X function globally.

Configure the 802.1X for the

port.

Required. On the

Network Security

→

802.1X

→

Port

Config

page, configure the 802.1X feature for the port of

the switch basing on the actual network.

Connect

authentication

server to the switch and do

some configuration.

Required. Record the information of the client in the LAN

the

authentication

server

and

configure

the

corresponding authentication username and password for

the client.

Enable

the

AAA

function

globally.

Required. On the

Network Security

→

AAA

→

Global

Conifg

page, enable the AAA function globally.

Configure the parameters of

the authentication server.

Required. On the

Network Security

→

AAA

→

RADIUS

Server Conifg

page, configure the parameters of the

RADIUS server.

Note:

The 802.1X function takes effect only when it is enabled globally on the switch and for the port.

2. The 802.1X function cannot be enabled for LAG member ports. That is, the port with 802.1X

function enabled cannot be added to the LAG.

3. The 802.1X function should not be enabled for the port connected to the authentication server.

13.6 AAA



Overview

AAA stands for authentication, authorization and accounting. This feature is used to authenticate

users trying to log in to the switch or trying to access the administrative level privilege.

Username and password pairs are used for login and privilege authentication. The authentication

can be processed locally in the switch or centrally in the RADIUS/TACACS+ server(s). The local

authentication username and password pairs can be configured in

4.2 User Management.



Applicable Access Application

The authentication can be applied on the following access applications: Console, Telnet, SSH and

HTTP.



Authentication Method List

A method list describes the authentication methods and their sequence to authenticate a user. The

switch supports Login List for users to gain access to the switch, and Enable List for normal users

to gain administrative privileges.

221