Home » TP-Link Manuals » Hubs & Switches » TP-Link T2500-28TCTL-SL5428E » Manual Viewer

TP-Link T2500-28TCTL-SL5428E T2500-28TCUN V1 User Guide - Page 240

Global Config, Authentication Method List

View all TP-Link T2500-28TCTL-SL5428E manuals

Add to My Manuals
Save this manual to your list of manuals

Page 240 highlights

Username and password pairs are used for login and privilege authentication. The authentication can be processed locally in the switch or centrally in the RADIUS/TACACS+ server(s). The local authentication username and password pairs can be configured in 4.2 User Management.  Applicable Access Application The authentication can be applied on the following access applications: Console, Telnet, SSH and HTTP.  Authentication Method List A method list describes the authentication methods and their sequence to authenticate a user. The switch supports Login List for users to gain access to the switch, and Enable List for normal users to gain administrative privileges. The administrator can set the authentication methods in a preferable order in the list. The switch uses the first listed method to authenticate users, if that method fails to respond, the switch selects the next authentication method in the method list. This process continues until there is a successful communication with a listed authentication method or until all defined methods are exhausted. If authentication fails at any point in this circle, which means the secure server or the local switch denies the user's access, the authentication process stops and no other authentication methods are attempted.  802.1X Authentication 802.1X protocol uses the RADIUS to provide detailed accounting information and flexible administrative control over authentication process. The Dot1x List feature defines the RADIUS server groups in the 802.1X authentication.  RADIUS/TACACS+ Server Users can configure the RADIUS/TACACS+ servers for the connection between the switch and the server.  Server Group Users can define the authentication server group with up to several servers running the same secure protocols, either RADIUS or TACACS+. Users can set these servers in a preferable order, which is called the server group list. When a user tries to access the switch, the switch will ask the first server in the server group list for authentication. If no response is received, the second server will be queried, and so on. The switch has two built-in authentication server group, one for RADIUS and the other for TACACS+. These two server groups cannot be deleted, and the user-defined RADIUS/TACACS+ server will join these two server groups automatically. 13.7.1 Global Config This page is used to enable/disable the AAA function globally. Choose the menu Network Security→AAA→Global Config to load the following page. Figure 13-1 AAA Global Config  Configuration Procedure: 230

Section	Page
Package Contents	11
Chapter 1 About This Guide	12
1.1 Intended Readers	12
1.2 Conventions	12
1.3 Overview of This Guide	13
Chapter 2 Introduction	17
2.1 Overview of the Switch	17
2.2 Appearance Description	17
2.2.1 Front Panel	17
2.2.2 Rear Panel	18
Chapter 3 Login to the Switch	19
3.1 Login	19
3.2 Configuration	19
Chapter 4 System	21
4.1 System Info	21
4.1.1 System Summary	21
4.1.2 Device Description	23
4.1.3 System Time	23
4.1.4 Daylight Saving Time	24
4.1.5 System IP	26
4.1.6 System IPv6	27
4.2 User Management	35
4.2.1 User Table	35
4.2.2 User Config	35
4.3 System Tools	36
4.3.1 Config Restore	37
4.3.2 Config Backup	37
4.3.3 Firmware Upgrade	38
4.3.4 System Reboot	38
4.3.5 System Reset	39
4.4 Access Security	39
4.4.1 Access Control	39
4.4.2 SSL Config	41
4.4.3 SSH Config	42
Chapter 5 Switching	49
5.1 Port	49
5.1.1 Port Config	49
5.1.2 Port Mirror	50
5.1.3 Port Security	51
5.1.4 Port Isolation	53
5.1.5 Loopback detection	54
5.2 DDM	55
5.2.1 DDM Config	55
5.2.2 Temperature Threshold	56
5.2.3 Voltage Threshold	57
5.2.4 Bias Current Threshold	58
5.2.5 Tx Power Threshold	58
5.2.6 Rx Power Threshold	59
5.2.7 DDM Status	60
5.3 LAG	61
5.3.1 LAG Table	61
5.3.2 Static LAG	63
5.3.3 LACP Config	64
5.4 Traffic Monitor	66
5.4.1 Traffic Summary	66
5.4.2 Traffic Statistics	67
5.5 MAC Address	68
5.5.1 Address Table	69
5.5.2 Static Address	70
5.5.3 Dynamic Address	71
5.5.4 Filtering Address	73
Chapter 6 VLAN	75
6.1 802.1Q VLAN	76
6.1.1 VLAN Config	77
6.1.2 Port Config	79
6.2 MAC VLAN	81
6.2.1 MAC VLAN	82
6.2.2 Port Enable	83
6.3 Protocol VLAN	83
6.3.1 Protocol VLAN	84
6.3.2 Protocol Template	85
6.3.3 Port Enable	86
6.4 Application Example for 802.1Q VLAN	86
6.5 Application Example for MAC VLAN	88
6.6 Application Example for Protocol VLAN	89
6.7 VLAN VPN	91
6.7.1 VPN Config	92
6.7.2 VLAN Mapping	92
6.7.3 Port Enable	93
6.8 Private VLAN	95
6.8.1 PVLAN Config	98
6.8.2 Port Config	99
6.9 GVRP	101
6.10 Application Example for Private VLAN	104
Chapter 7 Spanning Tree	107
7.1 STP Config	111
7.1.1 STP Config	111
7.1.2 STP Summary	113
7.2 Port Config	114
7.3 MSTP Instance	115
7.3.1 Region Config	115
7.3.2 Instance Config	116
7.3.3 Instance Port Config	117
7.4 STP Security	119
7.4.1 Port Protect	119
7.4.2 TC Protect	121
7.5 Application Example for STP Function	122
Chapter 8 Ethernet OAM	126
8.1 Basic Config	129
8.1.1 Basic Config	129
8.1.2 Discovery Info	131
8.2 Link Monitoring	133
8.3 RFI	134
8.4 Remote Loopback	135
8.5 Statistics	136
8.5.1 Statistics	136
8.5.2 Event Log	137
8.6 DLDP	138
8.7 Application Example for DLDP	141
Chapter 9 DHCP	144
9.1 DHCP Relay	148
Chapter 10 Multicast	152
10.1 IGMP Snooping	156
10.1.1 Snooping Config	157
10.1.2 VLAN Config	158
10.1.3 Port Config	159
10.1.4 IP-Range	161
10.1.5 Multicast VLAN	162
10.1.6 Static Multicast IP	165
10.1.7 Packet Statistics	166
10.1.8 Querier Config	167
10.1.9 IGMP Authentication	168
10.2 MLD Snooping	169
10.2.1 Global Config	171
10.2.2 VLAN Config	172
10.2.3 Filter Config	174
10.2.4 Port Config	174
10.2.5 Static Multicast	175
10.2.6 Querier Config	176
10.2.7 Packet Statistics	177
10.3 Multicast Table	178
10.3.1 IPv4 Multicast Table	179
10.3.2 IPv6 Multicast Table	179
Chapter 11 QoS	181
11.1 DiffServ	184
11.1.1 Port Priority	184
11.1.2 DSCP Priority	185
11.1.3 802.1P/CoS Mapping	186
11.1.4 Schedule Mode	187
11.2 Bandwidth Control	188
11.2.1 Rate Limit	188
11.2.2 Storm Control	189
11.3 Voice VLAN	191
11.3.1 Global Config	193
11.3.2 Port Config	193
11.3.3 OUI Config	195
Chapter 12 ACL	197
12.1 Time-Range	197
12.1.1 Time-Range Summary	197
12.1.2 Time-Range Create	198
12.1.3 Holiday Config	199
12.2 ACL Config	199
12.2.1 ACL Summary	199
12.2.2 ACL Create	200
12.2.3 MAC ACL	201
12.2.4 Standard-IP ACL	201
12.2.5 Extend-IP ACL	202
12.2.6 Combined ACL	204
12.3 Policy Config	205
12.3.1 Policy Summary	205
12.3.2 Policy Create	206
12.3.3 Action Create	206
12.4 Policy Binding	208
12.4.1 Binding Table	208
12.4.2 Port Binding	208
12.4.3 VLAN Binding	209
12.5 Application Example for ACL	210
Chapter 13 Network Security	212
13.1 IP-MAC Binding	212
13.1.1 Binding Table	212
13.1.2 Manual Binding	213
13.1.3 ARP Scanning	215
13.2 DHCP Snooping	216
13.2.1 DHCP Snooping	220
13.2.2 Option 82	221
13.3 ARP Inspection	222
13.3.1 ARP Detect	225
13.3.2 ARP Defend	227
13.3.3 ARP Statistics	228
13.4 IP Source Guard	228
13.5 DoS Defend	229
13.5.1 DoS Defend	231
13.5.2 DoS Detect	232
13.6 802.1X	232
13.6.1 Global Config	236
13.6.2 Port Config	238
13.7 AAA	239
13.7.1 Global Config	240
13.7.2 Privilege Elevation	241
13.7.3 RADIUS Server Config	241
13.7.4 TACACS+ Server Config	242
13.7.5 Authentication Server Group Config	243
13.7.6 Authentication Method List Config	244
13.7.7 Application Authentication List Config	245
13.7.8 802.1X Authentication Server Config	246
13.7.9 Default Settings	246
13.8 PPPoE Config	247
Chapter 14 SNMP	250
14.1 SNMP Config	252
14.1.1 Global Config	252
14.1.2 SNMP View	253
14.1.3 SNMP Group	253
14.1.4 SNMP User	255
14.1.5 SNMP Community	257
14.2 Notification	259
14.2.1 Notification Config	259
14.2.2 Traps Config	260
14.3 RMON	263
14.3.1 History Control	264
14.3.2 Event Config	265
14.3.3 Alarm Config	266
Chapter 15 LLDP	268
15.1 Basic Config	271
15.1.1 Global Config	272
15.1.2 Port Config	273
15.2 Device Info	273
15.2.1 Local Info	273
15.2.2 Neighbor Info	274
15.3 Device Statistics	276
15.4 LLDP-MED	277
15.4.1 Global Config	278
15.4.2 Port Config	278
15.4.3 Local Info	281
15.4.4 Neighbor Info	282
Chapter 16 Cluster	284
16.1 NDP	285
16.1.1 Neighbor Info	285
16.1.2 NDP Summary	286
16.1.3 NDP Config	288
16.2 NTDP	289
16.2.1 Device Table	289
16.2.2 NTDP Summary	291
16.2.3 NTDP Config	292
16.3 Cluster	293
16.3.1 Cluster Summary	293
16.3.2 Cluster Config	296
16.3.3 Member Config	298
16.3.4 Cluster Topology	299
Chapter 17 Maintenance	302
17.1 System Monitor	302
17.1.1 CPU Monitor	302
17.1.2 Memory Monitor	303
17.2 Log	303
17.2.1 Log Table	304
17.2.2 Local Log	305
17.2.3 Remote Log	305
17.2.4 Backup Log	306
17.3 Device Diagnostics	307
17.4 Network Diagnostics	308
17.4.1 Ping	308
17.4.2 Tracert	309
Chapter 18 System Maintenance via FTP	310

Match case Limit results 1 per page

230

Username and password pairs are used for login and privilege authentication. The authentication

can be processed locally in the switch or centrally in the RADIUS/TACACS+ server(s). The local

authentication username and password pairs can be configured in

4.2 User Management



Applicable Access Application

The authentication can be applied on the following access applications: Console, Telnet, SSH and

HTTP.



Authentication Method List

A method list describes the authentication methods and their sequence to authenticate a user. The

switch supports Login List for users to gain access to the switch, and Enable List for normal users

to gain administrative privileges.

The administrator can set the authentication methods in a preferable order in the list. The switch

uses the first listed method to authenticate users, if that method fails to respond, the switch selects

the next authentication method in the method list. This process continues until there is a

successful communication with a listed authentication method or until all defined methods are

exhausted. If authentication fails at any point in this circle, which means the secure server or the

local switch denies the user’s access, the authentication process stops and no other

authentication methods are attempted.



802.1X Authentication

802.1X protocol uses the RADIUS to provide detailed accounting information and flexible

administrative control over authentication process. The Dot1x List feature defines the RADIUS

server groups in the 802.1X authentication.



RADIUS/TACACS+ Server

Users can configure the RADIUS/TACACS+ servers for the connection between the switch and

the server.



Server Group

Users can define the authentication server group with up to several servers running the same

secure protocols, either RADIUS or TACACS+. Users can set these servers in a preferable order,

which is called the server group list. When a user tries to access the switch, the switch will ask the

first server in the server group list for authentication. If no response is received, the second server

will be queried, and so on.

The switch has two built-in authentication server group, one for RADIUS and the other for

TACACS+. These two server groups cannot be deleted, and the user-defined RADIUS/TACACS+

server will join these two server groups automatically.

13.7.1 Global Config

This page is used to enable/disable the AAA function globally.

Choose the menu

Network Security

→

AAA

→

Global Config

to load the following page.

Figure 13-1 AAA Global Config



Configuration Procedure: