TP-Link OC200 Omada Controller Software 4.1.5Windows/Linux User Guide - Page 182
profile records the information of the RADIUS server which acts as the authentication server during
View all TP-Link OC200 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 182 highlights
Chapter 4 Configure the Network with Omada SDN Controller profile records the information of the RADIUS server which acts as the authentication server during 802.1X authentication. Authentication Protocol Select the authentication protocol for exchanging messages between the switch and RADIUS server. As a bridge between the client and RADIUS server, the switch forwards messages for them. It uses EAP packets to exchange messages with the client, and processes the messages according to the specified authentication protocol before forwarding them to the RADIUS server. PAP: The EAP packets are converted to other protocol (such as RADIUS) packets, and transmitted to the RADIUS server. EAP: The EAP packets are encapsulated in other protocol (such as RADIUS) packets, and transmitted to the authentication server. To use this authentication mechanism, the RADIUS server should support EAP attributes. Authentication Type Select the 802.1X authentication type. Port Based: After a client connected to the port gets authenticated successfully, other clients can access the network via the port without authentication. MAC Based: Clients connected to the port need to be authenticated individually. The RADIUS server distinguishes clients by their MAC addresses. VLAN Assignment This feature allows the RADIUS server to send the VLAN configurations to the port dynamically. After the port is authenticated, the RADIUS server assigns the VLAN based on the username of the client connecting to the port. The username-to-VLAN mappings must be already stored in the RADIUS server database. This feature is available only when the 802.1X authentication type is Port Based. MAB MAB (MAC Authentication Bypass) allows clients to be authenticated without any client software installed. MAB is useful for authenticating devices without 802.1X capability like IP phones. When MAB is enabled on a port, the switch will learn the MAC address of the client automatically and send the authentication server a RADIUS access request frame with the client's MAC address as the username and password. MAB takes effect only when 802.1X authentication is enabled on the port. 180