Home » TP-Link Manuals » Hubs & Switches » TP-Link T2500-28TCTL-SL5428E » Manual Viewer

TP-Link T2500-28TCTL-SL5428E T2500-28TCUN V1 User Guide - Page 239

AAA, MAC Based, Port Based, Operation, Description, Network Security, Global, Config, Conifg

View all TP-Link T2500-28TCTL-SL5428E manuals

Add to My Manuals
Save this manual to your list of manuals

Page 239 highlights

Control Type: Authorized: LAG: Specify the Control Type for the port. • MAC Based: Any client connected to the port should pass the 802.1X Authentication for access. • Port Based: All the clients connected to the port can access the network on the condition that any one of the clients has passed the 802.1X Authentication. Displays the authentication status of the port. Displays the LAG to which the port belongs to. Configuration Procedure: Step Operation Description 1 Install the 802.1X client Required. For the client computers, you are required to software. install the TP-LINK 802.1X Client provided on the CD. Please refer to the software guide in the same directory with the software for more information. 2 Configure the 802.1X globally. Required. By default, the global 802.1X function is disabled. On the Network Security→802.1X→Global Config page, configure the 802.1X function globally. 3 Configure the 802.1X for the Required. On the Network Security→802.1X→Port port. Config page, configure the 802.1X feature for the port of the switch basing on the actual network. 4 Connect an authentication Required. Record the information of the client in the LAN server to the switch and do to the authentication server and configure the some configuration. corresponding authentication username and password for the client. 5 Enable the AAA function Required. On the Network Security→AAA→Global globally. Conifg page, enable the AAA function globally. 6 Configure the parameters of Required. On the Network Security→AAA→RADIUS the authentication server. Conifg page, configure the parameters of the RADIUS server. Note: 1. The 802.1X function takes effect only when it is enabled globally on the switch and for the port. 2. The 802.1X function cannot be enabled for LAG member ports. That is, the port with 802.1X function enabled cannot be added to the LAG. 3. The 802.1X function should not be enabled for the port connected to the authentication server. 13.7 AAA  Overview AAA stands for authentication, authorization and accounting. This feature is used to authenticate users trying to log in to the switch or trying to access the administrative level privilege. 229

Section	Page
Package Contents	11
Chapter 1 About This Guide	12
1.1 Intended Readers	12
1.2 Conventions	12
1.3 Overview of This Guide	13
Chapter 2 Introduction	17
2.1 Overview of the Switch	17
2.2 Appearance Description	17
2.2.1 Front Panel	17
2.2.2 Rear Panel	18
Chapter 3 Login to the Switch	19
3.1 Login	19
3.2 Configuration	19
Chapter 4 System	21
4.1 System Info	21
4.1.1 System Summary	21
4.1.2 Device Description	23
4.1.3 System Time	23
4.1.4 Daylight Saving Time	24
4.1.5 System IP	26
4.1.6 System IPv6	27
4.2 User Management	35
4.2.1 User Table	35
4.2.2 User Config	35
4.3 System Tools	36
4.3.1 Config Restore	37
4.3.2 Config Backup	37
4.3.3 Firmware Upgrade	38
4.3.4 System Reboot	38
4.3.5 System Reset	39
4.4 Access Security	39
4.4.1 Access Control	39
4.4.2 SSL Config	41
4.4.3 SSH Config	42
Chapter 5 Switching	49
5.1 Port	49
5.1.1 Port Config	49
5.1.2 Port Mirror	50
5.1.3 Port Security	51
5.1.4 Port Isolation	53
5.1.5 Loopback detection	54
5.2 DDM	55
5.2.1 DDM Config	55
5.2.2 Temperature Threshold	56
5.2.3 Voltage Threshold	57
5.2.4 Bias Current Threshold	58
5.2.5 Tx Power Threshold	58
5.2.6 Rx Power Threshold	59
5.2.7 DDM Status	60
5.3 LAG	61
5.3.1 LAG Table	61
5.3.2 Static LAG	63
5.3.3 LACP Config	64
5.4 Traffic Monitor	66
5.4.1 Traffic Summary	66
5.4.2 Traffic Statistics	67
5.5 MAC Address	68
5.5.1 Address Table	69
5.5.2 Static Address	70
5.5.3 Dynamic Address	71
5.5.4 Filtering Address	73
Chapter 6 VLAN	75
6.1 802.1Q VLAN	76
6.1.1 VLAN Config	77
6.1.2 Port Config	79
6.2 MAC VLAN	81
6.2.1 MAC VLAN	82
6.2.2 Port Enable	83
6.3 Protocol VLAN	83
6.3.1 Protocol VLAN	84
6.3.2 Protocol Template	85
6.3.3 Port Enable	86
6.4 Application Example for 802.1Q VLAN	86
6.5 Application Example for MAC VLAN	88
6.6 Application Example for Protocol VLAN	89
6.7 VLAN VPN	91
6.7.1 VPN Config	92
6.7.2 VLAN Mapping	92
6.7.3 Port Enable	93
6.8 Private VLAN	95
6.8.1 PVLAN Config	98
6.8.2 Port Config	99
6.9 GVRP	101
6.10 Application Example for Private VLAN	104
Chapter 7 Spanning Tree	107
7.1 STP Config	111
7.1.1 STP Config	111
7.1.2 STP Summary	113
7.2 Port Config	114
7.3 MSTP Instance	115
7.3.1 Region Config	115
7.3.2 Instance Config	116
7.3.3 Instance Port Config	117
7.4 STP Security	119
7.4.1 Port Protect	119
7.4.2 TC Protect	121
7.5 Application Example for STP Function	122
Chapter 8 Ethernet OAM	126
8.1 Basic Config	129
8.1.1 Basic Config	129
8.1.2 Discovery Info	131
8.2 Link Monitoring	133
8.3 RFI	134
8.4 Remote Loopback	135
8.5 Statistics	136
8.5.1 Statistics	136
8.5.2 Event Log	137
8.6 DLDP	138
8.7 Application Example for DLDP	141
Chapter 9 DHCP	144
9.1 DHCP Relay	148
Chapter 10 Multicast	152
10.1 IGMP Snooping	156
10.1.1 Snooping Config	157
10.1.2 VLAN Config	158
10.1.3 Port Config	159
10.1.4 IP-Range	161
10.1.5 Multicast VLAN	162
10.1.6 Static Multicast IP	165
10.1.7 Packet Statistics	166
10.1.8 Querier Config	167
10.1.9 IGMP Authentication	168
10.2 MLD Snooping	169
10.2.1 Global Config	171
10.2.2 VLAN Config	172
10.2.3 Filter Config	174
10.2.4 Port Config	174
10.2.5 Static Multicast	175
10.2.6 Querier Config	176
10.2.7 Packet Statistics	177
10.3 Multicast Table	178
10.3.1 IPv4 Multicast Table	179
10.3.2 IPv6 Multicast Table	179
Chapter 11 QoS	181
11.1 DiffServ	184
11.1.1 Port Priority	184
11.1.2 DSCP Priority	185
11.1.3 802.1P/CoS Mapping	186
11.1.4 Schedule Mode	187
11.2 Bandwidth Control	188
11.2.1 Rate Limit	188
11.2.2 Storm Control	189
11.3 Voice VLAN	191
11.3.1 Global Config	193
11.3.2 Port Config	193
11.3.3 OUI Config	195
Chapter 12 ACL	197
12.1 Time-Range	197
12.1.1 Time-Range Summary	197
12.1.2 Time-Range Create	198
12.1.3 Holiday Config	199
12.2 ACL Config	199
12.2.1 ACL Summary	199
12.2.2 ACL Create	200
12.2.3 MAC ACL	201
12.2.4 Standard-IP ACL	201
12.2.5 Extend-IP ACL	202
12.2.6 Combined ACL	204
12.3 Policy Config	205
12.3.1 Policy Summary	205
12.3.2 Policy Create	206
12.3.3 Action Create	206
12.4 Policy Binding	208
12.4.1 Binding Table	208
12.4.2 Port Binding	208
12.4.3 VLAN Binding	209
12.5 Application Example for ACL	210
Chapter 13 Network Security	212
13.1 IP-MAC Binding	212
13.1.1 Binding Table	212
13.1.2 Manual Binding	213
13.1.3 ARP Scanning	215
13.2 DHCP Snooping	216
13.2.1 DHCP Snooping	220
13.2.2 Option 82	221
13.3 ARP Inspection	222
13.3.1 ARP Detect	225
13.3.2 ARP Defend	227
13.3.3 ARP Statistics	228
13.4 IP Source Guard	228
13.5 DoS Defend	229
13.5.1 DoS Defend	231
13.5.2 DoS Detect	232
13.6 802.1X	232
13.6.1 Global Config	236
13.6.2 Port Config	238
13.7 AAA	239
13.7.1 Global Config	240
13.7.2 Privilege Elevation	241
13.7.3 RADIUS Server Config	241
13.7.4 TACACS+ Server Config	242
13.7.5 Authentication Server Group Config	243
13.7.6 Authentication Method List Config	244
13.7.7 Application Authentication List Config	245
13.7.8 802.1X Authentication Server Config	246
13.7.9 Default Settings	246
13.8 PPPoE Config	247
Chapter 14 SNMP	250
14.1 SNMP Config	252
14.1.1 Global Config	252
14.1.2 SNMP View	253
14.1.3 SNMP Group	253
14.1.4 SNMP User	255
14.1.5 SNMP Community	257
14.2 Notification	259
14.2.1 Notification Config	259
14.2.2 Traps Config	260
14.3 RMON	263
14.3.1 History Control	264
14.3.2 Event Config	265
14.3.3 Alarm Config	266
Chapter 15 LLDP	268
15.1 Basic Config	271
15.1.1 Global Config	272
15.1.2 Port Config	273
15.2 Device Info	273
15.2.1 Local Info	273
15.2.2 Neighbor Info	274
15.3 Device Statistics	276
15.4 LLDP-MED	277
15.4.1 Global Config	278
15.4.2 Port Config	278
15.4.3 Local Info	281
15.4.4 Neighbor Info	282
Chapter 16 Cluster	284
16.1 NDP	285
16.1.1 Neighbor Info	285
16.1.2 NDP Summary	286
16.1.3 NDP Config	288
16.2 NTDP	289
16.2.1 Device Table	289
16.2.2 NTDP Summary	291
16.2.3 NTDP Config	292
16.3 Cluster	293
16.3.1 Cluster Summary	293
16.3.2 Cluster Config	296
16.3.3 Member Config	298
16.3.4 Cluster Topology	299
Chapter 17 Maintenance	302
17.1 System Monitor	302
17.1.1 CPU Monitor	302
17.1.2 Memory Monitor	303
17.2 Log	303
17.2.1 Log Table	304
17.2.2 Local Log	305
17.2.3 Remote Log	305
17.2.4 Backup Log	306
17.3 Device Diagnostics	307
17.4 Network Diagnostics	308
17.4.1 Ping	308
17.4.2 Tracert	309
Chapter 18 System Maintenance via FTP	310

Match case Limit results 1 per page

229

Control Type:

Specify the Control Type for the port.

•

MAC Based:

Any client connected to the port should pass the

802.1X Authentication for access.

•

Port Based:

All the clients connected to the port can access

the network on the condition that any one of the clients has

passed the 802.1X Authentication.

Authorized:

Displays the authentication status of the port.

LAG:

Displays the LAG to which the port belongs to.

Configuration Procedure:

Step

Operation

Description

Install

the

802.1X

client

software.

Required. For the client computers, you are required to

install the

TP-LINK 802.1X Client provided on the CD. Please

refer to the software guide in the same directory with the

software for more information

Configure the 802.1X globally.

Required. By default, the global 802.1X function is

disabled. On the

Network Security

→

802.1X

→

Global

Config

page, configure the 802.1X function globally.

Configure the 802.1X for the

port.

Required. On the

Network Security

→

802.1X

→

Port

Config

page, configure the 802.1X feature for the port of

the switch basing on the actual network.

Connect

authentication

server to the switch and do

some configuration.

Required. Record the information of the client in the LAN

the

authentication

server

and

configure

the

corresponding authentication username and password for

the client.

Enable

the

AAA

function

globally.

Required. On the

Network Security

→

AAA

→

Global

Conifg

page, enable the AAA function globally.

Configure the parameters of

the authentication server.

Required. On the

Network Security

→

AAA

→

RADIUS

Conifg

page, configure the parameters of the RADIUS

server.

Note:

1. The 802.1X function takes effect only when it is enabled globally on the switch and for the port.

2. The 802.1X function cannot be enabled for LAG member ports. That is, the port with 802.1X

function enabled cannot be added to the LAG.

3. The 802.1X function should not be enabled for the port connected to the authentication server.

13.7 AAA



Overview

AAA stands for authentication, authorization and accounting. This feature is used to authenticate

users trying to log in to the switch or trying to access the administrative level privilege.