Home » TP-Link Manuals » Hubs & Switches » TP-Link T1500G-8T » Manual Viewer

TP-Link T1500G-8T T1500G-10PSUN V1 User Guide - Page 179

X Authentication Procedure

Add to My Manuals
Save this manual to your list of manuals

Page 179 highlights

IEEE 802.1X authentication system uses EAP (Extensible Authentication Protocol) to exchange information between the supplicant system and the authentication server. 1. EAP protocol packets transmitted between the supplicant system and the authenticator system are encapsulated as EAPOL packets. 2. EAP protocol packets transmitted between the authenticator system and the RADIUS server can either be encapsulated as EAPOR (EAP over RADIUS) packets or be terminated at authenticator system and the authenticator system then communicate with RADIUS servers through PAP (Password Authentication Protocol) or CHAP (Challenge Handshake Authentication Protocol) protocol packets. 3. When a supplicant system passes the authentication, the authentication server passes the information about the supplicant system to the authenticator system. The authenticator system in turn determines the state (authorized or unauthorized) of the controlled port according to the instructions (accept or reject) received from the RADIUS server.  802.1X Authentication Procedure An 802.1X authentication can be initiated by supplicant system or authenticator system. When the authenticator system detects an unauthenticated supplicant in LAN, it will initiate the 802.1X authentication by sending EAP-Request/Identity packets to the supplicant. The supplicant system can also launch an 802.1X client program to initiate an 802.1X authentication through the sending of an EAPOL-Start packet to the switch, This TP-Link switch can authenticate supplicant systems in EAP relay mode or EAP terminating mode. The following illustration of these two modes will take the 802.1X authentication procedure initiated by the supplicant system for example. 1. EAP Relay Mode This mode is defined in 802.1X. In this mode, EAP-packets are encapsulated in higher level protocol (such as EAPOR) packets to allow them successfully reach the authentication server. This mode normally requires the RADIUS server to support the two fields of EAP: the EAP-message field and the Message-authenticator field. This switch supports EAP-MD5, EAP-TLS, EAP-TTLS and EAP-PEAP authentication way for the EAP relay mode. The following figure describes the basic EAP-MD5 authentication procedure. 169

Section	Page
Package Contents	11
Chapter 1 About this Guide	12
1.1 Intended Readers	12
1.2 Conventions	12
1.3 Overview of This Guide	12
Chapter 2 Introduction	17
2.1 Overview of the Switch	17
2.2 Appearance Description	17
2.2.1 Front Panel	17
2.2.2 Rear Panel	21
Chapter 3 Login to the Switch	24
3.1 Login	24
3.2 Configuration	24
Chapter 4 System	26
4.1 System Info	26
4.1.1 System Summary	26
4.1.2 Device Description	27
4.1.3 System Time	28
4.1.4 Daylight Saving Time	29
4.1.5 System IP	30
4.2 User Management	32
4.2.1 User Table	32
4.2.2 User Config	32
4.3 System Tools	34
4.3.1 Boot Config	34
4.3.2 Config Restore	34
4.3.3 Config Backup	35
4.3.4 Firmware Upgrade	36
4.3.5 System Reboot	36
4.3.6 System Reset	37
4.4 Access Security	37
4.4.1 Access Control	37
4.4.2 HTTP Config	38
4.4.3 HTTPS Config	39
4.4.4 SSH Config	43
4.4.5 Telnet Config	49
Chapter 5 Switching	50
5.1 Port	50
5.1.1 Port Config	50
5.1.2 Port Mirror	51
5.1.3 Port Security	53
5.1.4 Port Isolation	55
5.1.5 Loopback Detection	56
5.2 LAG	58
5.2.1 LAG Table	58
5.2.2 Static LAG	60
5.2.3 LACP Config	61
5.3 Traffic Monitor	62
5.3.1 Traffic Summary	62
5.3.2 Traffic Statistics	63
5.4 MAC Address	65
5.4.1 Address Table	66
5.4.2 Static Address	68
5.4.3 Dynamic Address	69
5.4.4 Filtering Address	71
Chapter 6 VLAN	73
6.1 802.1Q VLAN	74
6.1.1 VLAN Config	75
6.1.2 Port Config	77
6.2 Application Example for 802.1Q VLAN	78
Chapter 7 Spanning Tree	80
7.1 STP Config	85
7.1.1 STP Config	85
7.1.2 STP Summary	87
7.2 Port Config	88
7.3 MSTP Instance	90
7.3.1 Region Config	90
7.3.2 Instance Config	91
7.3.3 Instance Port Config	92
7.4 STP Security	93
7.4.1 Port Protect	93
7.5 Application Example for STP Function	96
Chapter 8 Multicast	101
8.1 IGMP Snooping	103
8.1.1 Snooping Config	105
8.1.2 Port Config	107
8.1.3 VLAN Config	108
8.1.4 Multicast VLAN	109
8.1.5 Querier Config	113
8.1.6 Profile Config	114
8.1.7 Profile Binding	116
8.1.8 Packet Statistics	117
8.2 Multicast Table	118
8.2.1 IPv4 Multicast Table	119
8.2.2 Static IPv4 Multicast Table	119
Chapter 9 QoS	122
9.1 DiffServ	125
9.1.1 Port Priority	125
9.1.2 Schedule Mode	126
9.1.3 802.1P Priority	127
9.1.4 DSCP Priority	128
9.2 Bandwidth Control	129
9.2.1 Rate Limit	129
9.2.2 Storm Control	130
9.3 Voice VLAN	131
9.3.1 Global Config	134
9.3.2 Port Config	134
9.3.3 OUI Config	136
Chapter 10 PoE	138
10.1 PoE Config	139
10.1.1 PoE Config	139
10.1.2 PoE Profile	140
10.2 Time-Range	141
10.2.1 Time-Range Summary	141
10.2.2 Time-Range Create	142
10.2.3 Holiday Config	144
Chapter 11 ACL	145
11.1 ACL Config	145
11.1.1 ACL Summary	145
11.1.2 ACL Create	145
11.1.3 MAC ACL	146
11.1.4 Standard-IP ACL	147
11.1.5 Extend-IP ACL	147
11.2 Policy Config	148
11.2.1 Policy Summary	149
11.2.2 Policy Create	149
11.2.3 Action Create	149
11.3 ACL Binding	150
11.3.1 Binding Table	150
11.3.2 Port Binding	151
11.3.3 VLAN Binding	152
11.4 Policy Binding	153
11.4.1 Binding Table	153
11.4.2 Port Binding	154
11.4.3 VLAN Binding	155
11.5 Application Example for ACL	156
Chapter 12 Network Security	158
12.1 IP-MAC Binding	158
12.1.1 Binding Table	158
12.1.2 Manual Binding	160
12.1.3 ARP Scanning	161
12.2 DHCP Snooping	163
12.2.1 Global Config	166
12.2.2 Port Config	167
12.2.3 Option 82 Config	168
12.3 ARP Inspection	169
12.3.1 ARP Detect	172
12.3.2 ARP Defend	174
12.3.3 ARP Statistics	175
12.4 DoS Defend	175
12.4.1 DoS Defend	177
12.5 802.1X	178
12.5.1 Global Config	182
12.5.2 Port Config	184
12.6 AAA	186
12.6.1 Global Config	187
12.6.2 Privilege Elevation	187
12.6.3 RADIUS Server Config	187
12.6.4 TACACS+ Server Config	188
12.6.5 Authentication Server Group Config	189
12.6.6 Authentication Method List Config	191
12.6.7 Application Authentication List Config	192
12.6.8 802.1X Authentication Server Config	193
12.6.9 Default Settings	193
Chapter 13 SNMP	195
13.1 SNMP Config	197
13.1.1 Global Config	197
13.1.2 SNMP View	198
13.1.3 SNMP Group	199
13.1.4 SNMP User	201
13.1.5 SNMP Community	202
13.2 Notification	205
13.3 RMON	206
13.3.1 Statistics	207
13.3.2 History	208
13.3.3 Event	209
13.3.4 Alarm	210
Chapter 14 LLDP	212
14.1 Basic Config	217
14.1.1 Global Config	217
14.1.2 Port Config	218
14.2 Device Info	219
14.2.1 Local Info	219
14.2.2 Neighbor Info	221
14.3 Device Statistics	222
14.4 LLDP-MED	223
14.4.1 Global Config	224
14.4.2 Port Config	225
14.4.3 Local Info	226
14.4.4 Neighbor Info	227
Chapter 15 Maintenance	229
15.1 System Monitor	229
15.1.1 CPU Monitor	229
15.1.2 Memory Monitor	230
15.2 Log	231
15.2.1 Log Table	232
15.2.2 Local Log	233
15.2.3 Remote Log	233
15.2.4 Backup Log	234
15.3 Device Diagnostics	235
15.3.1 Cable Test	235
15.4 Network Diagnostics	236
15.4.1 Ping	236
15.4.2 Tracert	237
Appendix A: Specifications	238

Match case Limit results 1 per page

IEEE 802.1X authentication system uses EAP (Extensible Authentication Protocol) to exchange

information between the supplicant system and the authentication server.

EAP

protocol

packets

transmitted

between

the

supplicant

system

and

the

authenticator system are encapsulated as EAPOL packets.

EAP protocol packets transmitted between the authenticator system and the RADIUS

server can either be encapsulated as EAPOR (EAP over RADIUS) packets or be

terminated at authenticator system and the authenticator system then communicate

with RADIUS servers through PAP (Password Authentication Protocol) or CHAP

(Challenge Handshake Authentication Protocol) protocol packets.

When a supplicant system passes the authentication, the authentication server passes

the information about the supplicant system to the authenticator system. The

authenticator system in turn determines the state (authorized or unauthorized) of the

controlled port according to the instructions (accept or reject) received from the

RADIUS server.



802.1X Authentication Procedure

An 802.1X authentication can be initiated by supplicant system or authenticator system. When

the authenticator system detects an unauthenticated supplicant in LAN, it will initiate the

802.1X authentication by sending EAP-Request/Identity packets to the supplicant. The

supplicant system can also launch an 802.1X client program to initiate an 802.1X

authentication through the sending of an EAPOL-Start packet to the switch,

This TP-Link switch can authenticate supplicant systems in EAP relay mode or EAP terminating

mode. The following illustration of these two modes will take the 802.1X authentication

procedure initiated by the supplicant system for example.

EAP Relay Mode

This mode is defined in 802.1X. In this mode, EAP-packets are encapsulated in higher level

protocol (such as EAPOR) packets to allow them successfully reach the authentication server.

This mode normally requires the RADIUS server to support the two fields of EAP: the

EAP-message field and the Message-authenticator field. This switch supports EAP-MD5,

EAP-TLS, EAP-TTLS and EAP-PEAP authentication way for the EAP relay mode. The following

figure describes the basic EAP-MD5 authentication procedure.

169