Home » TP-Link Manuals » Hubs & Switches » TP-Link T2600G-28MPS » Manual Viewer

TP-Link T2600G-28MPS T2600G-28MPSUN V1 User Guide - Page 307

AAA

View all TP-Link T2600G-28MPS manuals

Add to My Manuals
Save this manual to your list of manuals

Page 307 highlights

Remote-ID: Remote-ID Value: Enable or Disable the PPPoE Remote-ID Insertion feature for the port. A user specified string with the maximum length of 40 characters to encode the Remote-id option 14.11 AAA  Overview AAA stands for authentication, authorization and accounting. This feature is used to authenticate users trying to log in to the switch or trying to access the administrative level privilege. Username and password pairs are used for login and privilege authentication. The authentication can be processed locally in the switch or centrally in the RADIUS/TACACS+ server(s). The local authentication username and password pairs can be configured in 4.2 User Management.  Applicable Access Application The authentication can be applied on the following access applications: Console, Telnet, SSH and HTTP.  Authentication Method List A method list describes the authentication methods and their sequence to authenticate a user. The switch supports Login List for users to gain access to the switch, and Enable List for normal users to gain administrative privileges. The administrator can set the authentication methods in a preferable order in the list. The switch uses the first listed method to authenticate users, if that method fails to respond, the switch selects the next authentication method in the method list. This process continues until there is a successful communication with a listed authentication method or until all defined methods are exhausted. If authentication fails at any point in this circle, which means the secure server or the local switch denies the user's access, the authentication process stops and no other authentication methods are attempted.  802.1X Authentication 802.1X protocol uses the RADIUS to provide detailed accounting information and flexible administrative control over authentication process. The Dot1x List feature defines the RADIUS server groups in the 802.1X authentication.  RADIUS/TACACS+ Server Users can configure the RADIUS/TACACS+ servers for the connection between the switch and the server.  Server Group Users can define the authentication server group with up to several servers running the same secure protocols, either RADIUS or TACACS+. Users can set these servers in a preferable order, which is called the server group list. When a user tries to access the switch, the switch will ask the first server in the server group list for authentication. If no response is received, the second server will be queried, and so on. The switch has two built-in authentication server group, one for RADIUS and the other for TACACS+. These two server groups cannot be deleted, and the user-defined RADIUS/TACACS+ server will join these two server groups automatically. 296

Section	Page
Package Contents	12
Chapter 1 About this Guide	13
1.1 Intended Readers	13
1.2 Conventions	13
1.3 Overview of This Guide	14
Chapter 2 Introduction	19
2.1 Overview of the Switch	19
2.2 Appearance Description	19
2.2.1 Front Panel	19
2.2.2 Rear Panel	24
Chapter 3 Login to the Switch	25
3.1 Login	25
3.2 Configuration	26
Chapter 4 System	27
4.1 System Info	27
4.1.1 System Summary	27
4.1.2 Device Description	28
4.1.3 System Time	29
4.1.4 Daylight Saving Time	30
4.1.5 Serial Port Setting	31
4.2 User Management	32
4.2.1 User Table	32
4.2.2 User Config	32
4.3 System Tools	34
4.3.1 Boot Config	34
4.3.2 Config Restore	35
4.3.3 Config Backup	35
4.3.4 Firmware Upgrade	36
4.3.5 System Reboot	37
4.3.6 Reboot Schedule	37
4.3.7 System Reset	38
4.4 Access Security	38
4.4.1 Access Control	38
4.4.2 HTTP Config	40
4.4.3 HTTPS Config	40
4.4.4 SSH Config	43
4.4.5 Telnet Config	50
4.5 SDM Template	50
4.5.1 SDM Template Config	50
Chapter 5 Switching	52
5.1 Port	52
5.1.1 Port Config	52
5.1.2 Port Mirror	53
5.1.3 Port Security	55
5.1.4 Port Isolation	57
5.1.5 Loopback Detection	58
5.2 LAG	60
5.2.1 LAG Table	61
5.2.2 Static LAG	62
5.2.3 LACP Config	63
5.3 Traffic Monitor	65
5.3.1 Traffic Summary	65
5.3.2 Traffic Statistics	66
5.4 MAC Address	67
5.4.1 Address Table	69
5.4.2 Static Address	70
5.4.3 Dynamic Address	71
5.4.4 Filtering Address	73
5.4.5 MAC Notification	74
5.4.6 MAC VLAN Security	75
5.5 L2PT	76
5.5.1 L2PT Config	77
Chapter 6 VLAN	79
6.1 802.1Q VLAN	80
6.1.1 VLAN Config	81
6.1.2 Port Config	82
6.2 Application Example for 802.1Q VLAN	84
6.3 MAC VLAN	85
6.3.1 MAC VLAN	86
6.3.2 Port Enable	87
6.4 Application Example for MAC VLAN	87
6.5 Protocol VLAN	89
6.5.1 Protocol Group Table	90
6.5.2 Protocol Group	91
6.5.3 Protocol Template	91
6.6 Application Example for Protocol VLAN	93
6.7 VLAN VPN	95
6.7.1 VPN Config	96
6.7.2 Port Enable	97
6.7.3 VLAN Mapping	97
6.8 GVRP	100
6.9 Private VLAN	103
6.9.1 PVLAN Config	105
6.9.2 Port Config	106
6.10 Application Example for Private VLAN	107
Chapter 7 Spanning Tree	110
7.1 STP Config	115
7.1.1 STP Config	115
7.1.2 STP Summary	117
7.2 Port Config	118
7.3 MSTP Instance	119
7.3.1 Region Config	120
7.3.2 Instance Config	120
7.3.3 Instance Port Config	121
7.4 STP Security	123
7.4.1 Port Protect	123
7.4.2 TC Protect	126
7.5 Application Example for STP Function	126
Chapter 8 Ethernet OAM	131
8.1 Basic Config	134
8.1.1 Basic Config	135
8.1.2 Discovery Info	136
8.2 Link Monitoring	138
8.3 RFI	139
8.4 Remote Loopback	140
8.5 Statistics	141
8.5.1 Statistics	141
8.5.2 Event Log	142
8.6 DLDP	143
8.7 Application Example for DLDP	147
Chapter 9 Multicast	150
9.1 IGMP Snooping	154
9.1.1 Snooping Config	156
9.1.2 Port Config	158
9.1.3 VLAN Config	159
9.1.4 Multicast VLAN	160
9.1.5 Querier Config	164
9.1.6 Profile Config	165
9.1.7 Profile Binding	167
9.1.8 Packet Statistics	168
9.1.9 IGMP Authentication	170
9.2 MLD Snooping	171
9.2.1 Snooping Config	172
9.2.2 Port Config	175
9.2.3 VLAN Config	176
9.2.4 Multicast VLAN	177
9.2.5 Querier Config	179
9.2.6 Profile Config	180
9.2.7 Profile Binding	182
9.2.8 Packet Statistics	183
9.3 Multicast Table	185
9.3.1 IPv4 Multicast Table	185
9.3.2 Static IPv4 Multicast Table	185
9.3.3 IPv6 Multicast Table	187
9.3.4 Static IPv6 Multicast Table	187
Chapter 10 Routing	190
10.1 Interface	190
10.2 Routing Table	202
10.2.1 IPv4 Routing Table	202
10.2.2 IPv6 Routing Table	202
10.3 Static Routing	203
10.3.1 IPv4 Static Routing Config	203
10.3.2 IPv6 Static Routing Config	204
10.4 DHCP Server	205
10.4.1 DHCP Server	211
10.4.2 Pool Setting	212
10.4.3 Manual Binding	213
10.4.4 Binding Table	214
10.4.5 Packet Statistics	215
10.4.6 Application Example for DHCP Server and Relay	216
10.5 DHCP Relay	218
10.5.1 Global Config	220
10.5.2 DHCP Server	221
10.6 ARP	222
10.6.1 ARP Table	222
10.6.2 Static ARP	222
Chapter 11 QoS	224
11.1 DiffServ	227
11.1.1 Port Priority	227
11.1.2 Schedule Mode	228
11.1.3 802.1P Priority	229
11.1.4 DSCP Priority	230
11.2 Bandwidth Control	232
11.2.1 Rate Limit	232
11.2.2 Storm Control	233
11.3 Voice VLAN	234
11.3.1 Global Config	236
11.3.2 Port Config	237
11.3.3 OUI Config	238
Chapter 12 PoE	240
12.1 PoE Config	240
12.1.1 PoE Config	241
12.1.2 PoE Profile	242
12.2 Time-Range	243
12.2.1 Time-Range Summary	244
12.2.2 Time-Range Create	244
12.2.3 Holiday Config	246
Chapter 13 ACL	248
13.1 Time-Range	248
13.1.1 Time-Range Summary	248
13.1.2 Time-Range Create	249
13.1.3 Holiday Config	250
13.2 ACL Config	250
13.2.1 ACL Summary	250
13.2.2 ACL Create	251
13.2.3 MAC ACL	251
13.2.4 Standard-IP ACL	253
13.2.5 Extend-IP ACL	254
13.2.6 Combined ACL	255
13.2.7 IPv6 ACL	256
13.3 Policy Config	258
13.3.1 Policy Summary	258
13.3.2 Policy Create	259
13.3.3 Action Create	259
13.4 ACL Binding	260
13.4.1 Binding Table	261
13.4.2 Port Binding	262
13.4.3 VLAN Binding	263
13.5 Policy Binding	263
13.5.1 Binding Table	264
13.5.2 Port Binding	265
13.5.3 VLAN Binding	266
13.6 Application Example for ACL	266
Chapter 14 Network Security	269
14.1 IP-MAC Binding	269
14.1.1 Binding Table	269
14.1.2 Manual Binding	270
14.1.3 ARP Scanning	272
14.2 IPv6-MAC Binding	273
14.2.1 Binding Table	274
14.2.2 Manual Binding	275
14.2.3 ND Snooping	277
14.3 DHCP Snooping	279
14.3.1 Global Config	282
14.3.2 Port Config	283
14.3.3 Option 82 Config	284
14.4 DHCPv6 Snooping	285
14.5 ARP Inspection	286
14.5.1 ARP Detect	289
14.5.2 ARP Defend	290
14.5.3 ARP Statistics	291
14.6 ND Detection	292
14.7 IP Source Guard	294
14.8 DoS Defend	296
14.8.1 DoS Defend	297
14.9 802.1X	297
14.9.1 Global Config	301
14.9.2 Port Config	302
14.10 PPPoE	304
14.11 AAA	307
14.11.1 Global Config	308
14.11.2 Privilege Elevation	308
14.11.3 RADIUS Server Config	308
14.11.4 TACACS+ Server Config	309
14.11.5 Authentication Server Group Config	310
14.11.6 Authentication Method List Config	312
14.11.7 Application Authentication List Config	313
14.11.8 802.1X Authentication Server Config	314
14.11.9 Default Settings	314
Chapter 15 SNMP	316
15.1 SNMP Config	318
15.1.1 Global Config	318
15.1.2 SNMP View	319
15.1.3 SNMP Group	320
15.1.4 SNMP User	321
15.1.5 SNMP Community	323
15.2 Notification	325
15.3 RMON	327
15.3.1 Statistics	328
15.3.2 History	329
15.3.3 Event	330
15.3.4 Alarm Config	331
Chapter 16 LLDP	333
16.1 Basic Config	337
16.1.1 Global Config	337
16.1.2 Port Config	338
16.2 Device Info	339
16.2.1 Local Info	339
16.2.2 Neighbor Info	340
16.3 Device Statistics	341
16.4 LLDP-MED	342
16.4.1 Global Config	343
16.4.2 Port Config	343
16.4.3 Local Info	346
16.4.4 Neighbor Info	347
Chapter 17 Maintenance	348
17.1 System Monitor	348
17.1.1 CPU Monitor	348
17.1.2 Memory Monitor	349
17.2 sFlow	350
17.2.1 sFlow Collector	351
17.2.2 sFlow Sampler	352
17.2.3 Default Settings	353
17.3 Log	353
17.3.1 Log Table	353
17.3.2 Local Log	354
17.3.3 Remote Log	355
17.3.4 Backup Log	356
17.4 Device Diagnostics	357
17.4.1 Cable Test	357
17.5 Network Diagnostics	358
17.5.1 Ping	358
17.5.2 Tracert	359
Appendix A. Password Recovery	360
Appendix B. Specifications	361

Match case Limit results 1 per page

Remote-ID:

Enable or Disable the PPPoE Remote-ID Insertion feature for the

port.

Remote-ID Value:

A user specified string with the maximum length of 40 characters

to encode the Remote-id option

14.11 AAA



Overview

AAA stands for authentication, authorization and accounting. This feature is used to authenticate

users trying to log in to the switch or trying to access the administrative level privilege.

Username and password pairs are used for login and privilege authentication. The authentication

can be processed locally in the switch or centrally in the RADIUS/TACACS+ server(s). The local

authentication username and password pairs can be configured in

4.2 User Management



Applicable Access Application

The authentication can be applied on the following access applications: Console, Telnet, SSH and

HTTP.



Authentication Method List

A method list describes the authentication methods and their sequence to authenticate a user. The

switch supports Login List for users to gain access to the switch, and Enable List for normal users

to gain administrative privileges.

The administrator can set the authentication methods in a preferable order in the list. The switch

uses the first listed method to authenticate users, if that method fails to respond, the switch selects

the next authentication method in the method list. This process continues until there is a

successful communication with a listed authentication method or until all defined methods are

exhausted. If authentication fails at any point in this circle, which means the secure server or the

local switch denies the user’s access, the authentication process stops and no other

authentication methods are attempted.



802.1X Authentication

802.1X protocol uses the RADIUS to provide detailed accounting information and flexible

administrative control over authentication process. The Dot1x List feature defines the RADIUS

server groups in the 802.1X authentication.



RADIUS/TACACS+ Server

Users can configure the RADIUS/TACACS+ servers for the connection between the switch and

the server.



Server Group

Users can define the authentication server group with up to several servers running the same

secure protocols, either RADIUS or TACACS+. Users can set these servers in a preferable order,

which is called the server group list. When a user tries to access the switch, the switch will ask the

first server in the server group list for authentication. If no response is received, the second server

will be queried, and so on.

The switch has two built-in authentication server group, one for RADIUS and the other for

TACACS+. These two server groups cannot be deleted, and the user-defined RADIUS/TACACS+

server will join these two server groups automatically.

296