Home » TP-Link Manuals » Hubs & Switches » TP-Link TL-SG3210 » Manual Viewer

TP-Link TL-SG3210 TL-SG3210 V1 User Guide - Page 164

X Authentication Procedure

Add to My Manuals
Save this manual to your list of manuals

Page 164 highlights

system are encapsulated as EAPOL packets. （2） EAP protocol packets transmitted between the authenticator system and the RADIUS server can either be encapsulated as EAPOR (EAP over RADIUS) packets or be terminated at authenticator system and the authenticator system then communicate with RADIUS servers through PAP (Password Authentication Protocol) or CHAP (Challenge Handshake Authentication Protocol) protocol packets. （3） When a supplicant system passes the authentication, the authentication server passes the information about the supplicant system to the authenticator system. The authenticator system in turn determines the state (authorized or unauthorized) of the controlled port according to the instructions (accept or reject) received from the RADIUS server. ¾ 802.1X Authentication Procedure An 802.1X authentication can be initiated by supplicant system or authenticator system. When the authenticator system detects an unauthenticated supplicant in LAN, it will initiate the 802.1X authentication by sending EAP-Request/Identity packets to the supplicant. The supplicant system can also launch an 802.1X client program to initiate an 802.1X authentication through the sending of an EAPOL-Start packet to the switch, This TP-LINK switch can authenticate supplicant systems in EAP relay mode or EAP terminating mode. The following illustration of these two modes will take the 802.1X authentication procedure initiated by the supplicant system for example. （1） EAP Relay Mode This mode is defined in 802.1X. In this mode, EAP-packets are encapsulated in higher level protocol (such as EAPOR) packets to allow them successfully reach the authentication server. This mode normally requires the RADIUS server to support the two fields of EAP: the EAP-message field and the Message-authenticator field. This switch supports EAP-MD5 authentication way for the EAP relay mode. The following figure describes the basic EAP-MD5 authentication procedure. Supplicant System EAP Switch EAP Authentication Server EAPOL-Start EAP-Request/Identity EAP-Response/Identity RADIUS-Access-Request EAP-Request RADIUS-Access-Challenge EAP-Response RADIUS-Access-Request EAP-Success RADIUS-Access-Accept Figure 11-18 EAP-MD5 Authentication Procedure 1. A supplicant system launches an 802.1X client program via its registered user name and password to initiate an access request through the sending of an EAPOL-Start packet to the switch. The 802.1X client program then forwards the packet to the switch to start the authentication process. 157

Section	Page
Package Contents	8
Chapter 1 About this Guide	9
1.1 Intended Readers	9
1.2 Conventions	9
1.3 Overview of This Guide	9
Chapter 2 Introduction	13
2.1 Overview of the Switch	13
2.2 Main Features	13
2.3 Appearance Description	14
2.3.1 Front Panel	14
2.3.2 Rear Panel	15
Chapter 3 Login to the Switch	16
3.1 Login	16
3.2 Configuration	16
Chapter 4 System	18
4.1 System Info	18
4.1.1 System Summary	18
4.1.2 Device Description	20
4.1.3 System Time	20
4.1.4 System IP	22
4.2 User Manage	23
4.2.1 User Table	23
4.2.2 User Config	23
4.3 System Tools	25
4.3.1 Config Restore	25
4.3.2 Config Backup	25
4.3.3 Firmware Upgrade	26
4.3.4 System Reboot	27
4.3.5 System Reset	27
4.4 Access Security	27
4.4.1 Access Control	27
4.4.2 SSL Config	29
4.4.3 SSH Config	30
Chapter 5 Switching	36
5.1 Port	36
5.1.1 Port Config	36
5.1.2 Port Mirror	37
5.1.3 Port Security	38
5.1.4 Port Isolation	40
5.2 LAG	41
5.2.1 LAG Table	41
5.2.2 Static LAG	43
5.2.3 LACP Config	44
5.3 Traffic Monitor	46
5.3.1 Traffic Summary	46
5.3.2 Traffic Statistics	47
5.4 MAC Address	48
5.4.1 Address Table	49
5.4.2 Static Address	51
5.4.3 Dynamic Address	52
5.4.4 Filtering Address	54
Chapter 6 VLAN	56
6.1 802.1Q VLAN	57
6.1.1 VLAN Config	59
6.1.2 Port Config	61
6.2 MAC VLAN	62
6.3 Protocol VLAN	64
6.3.1 Protocol Group Table	67
6.3.2 Protocol Group	67
6.3.3 Protocol Template	68
6.4 Application Example for 802.1Q VLAN	69
6.5 Application Example for MAC VLAN	71
6.6 Application Example for Protocol VLAN	72
6.7 GVRP	74
Chapter 7 Spanning Tree	78
7.1 STP Config	83
7.1.1 STP Config	83
7.1.2 STP Summary	85
7.2 Port Config	85
7.3 MSTP Instance	87
7.3.1 Region Config	87
7.3.2 Instance Config	88
7.3.3 Instance Port Config	89
7.4 STP Security	91
7.4.1 Port Protect	91
7.4.2 TC Protect	93
7.5 Application Example for STP Function	94
Chapter 8 Multicast	98
8.1 IGMP Snooping	100
8.1.1 Snooping Config	101
8.1.2 Port Config	102
8.1.3 VLAN Config	103
8.1.4 Multicast VLAN	105
8.2 Multicast IP	108
8.2.1 Multicast IP Table	109
8.2.2 Static Multicast IP	109
8.3 Multicast Filter	110
8.3.1 IP-Range	111
8.3.2 Port Filter	112
8.4 Packet Statistics	113
Chapter 9 QoS	115
9.1 DiffServ	118
9.1.1 Port Priority	118
9.1.2 Schedule Mode	119
9.1.3 802.1P Priority	120
9.1.4 DSCP Priority	120
9.2 Bandwidth Control	122
9.2.1 Rate Limit	122
9.2.2 Storm Control	123
9.3 Voice VLAN	124
9.3.1 Global Config	126
9.3.2 Port Config	127
9.3.3 OUI Config	128
Chapter 10 ACL	130
10.1 Time-Range	130
10.1.1 Time-Range Summary	130
10.1.2 Time-Range Create	131
10.1.3 Holiday Config	132
10.2 ACL Config	132
10.2.1 ACL Summary	133
10.2.2 ACL Create	133
10.2.3 MAC ACL	134
10.2.4 Standard-IP ACL	135
10.2.5 Extend-IP ACL	135
10.3 Policy Config	137
10.3.1 Policy Summary	137
10.3.2 Policy Create	138
10.3.3 Action Create	138
10.4 Policy Binding	139
10.4.1 Binding Table	139
10.4.2 Port Binding	140
10.4.3 VLAN Binding	140
10.5 Application Example for ACL	141
Chapter 11 Network Security	144
11.1 IP-MAC Binding	144
11.1.1 Binding Table	144
11.1.2 Manual Binding	145
11.1.3 ARP Scanning	147
11.1.4 DHCP Snooping	148
11.2 ARP Inspection	154
11.2.1 ARP Detect	158
11.2.2 ARP Defend	159
11.2.3 ARP Statistics	160
11.3 DoS Defend	161
11.4 802.1X	163
11.4.1 Global Config	166
11.4.2 Port Config	168
11.4.3 Radius Server	169
Chapter 12 SNMP	171
12.1 SNMP Config	173
12.1.1 Global Config	173
12.1.2 SNMP View	174
12.1.3 SNMP Group	175
12.1.4 SNMP User	176
12.1.5 SNMP Community	178
12.2 Notification	180
12.3 RMON	182
12.3.1 History Control	183
12.3.2 Event Config	183
12.3.3 Alarm Config	184
Chapter 13 Cluster	187
13.1 NDP	188
13.1.1 Neighbor Info	188
13.1.2 NDP Summary	189
13.1.3 NDP Config	191
13.2 NTDP	191
13.2.1 Device Table	192
13.2.2 NTDP Summary	193
13.2.3 NTDP Config	194
13.3 Cluster	195
13.3.1 Cluster Summary	195
13.3.2 Cluster Config	197
13.4 Application Example for Cluster Function	198
Chapter 14 Maintenance	201
14.1 System Monitor	201
14.1.1 CPU Monitor	201
14.1.2 Memory Monitor	202
14.2 Log	203
14.2.1 Log Table	204
14.2.2 Local Log	205
14.2.3 Remote Log	205
14.2.4 Backup Log	206
14.3 Device Diagnose	207
14.3.1 Cable Test	207
14.3.2 Loopback	208
14.4 Network Diagnose	208
14.4.1 Ping	208
14.4.2 Tracert	209
Appendix A: Specifications	211
Appendix B: Configuring the PCs	212
Appendix C: Load Software Using FTP	215
Appendix D: 802.1X Client Software	220

Match case Limit results 1 per page

system are encapsulated as EAPOL packets.

（

）

EAP protocol packets transmitted between the authenticator system and the RADIUS

server can either be encapsulated as EAPOR (EAP over RADIUS) packets or be

terminated at authenticator system and the authenticator system then communicate with

RADIUS servers through PAP (Password Authentication Protocol) or CHAP (Challenge

Handshake Authentication Protocol) protocol packets.

（

）

When a supplicant system passes the authentication, the authentication server passes the

information about the supplicant system to the authenticator system. The authenticator

system in turn determines the state (authorized or unauthorized) of the controlled port

according to the instructions (accept or reject) received from the RADIUS server.

802.1X Authentication Procedure

An 802.1X authentication can be initiated by supplicant system or authenticator system. When the

authenticator system detects an unauthenticated supplicant in LAN, it will initiate the 802.1X

authentication by sending EAP-Request/Identity packets to the supplicant. The supplicant system

can also launch an 802.1X client program to initiate an 802.1X authentication through the sending

of an EAPOL-Start packet to the switch,

This TP-LINK switch can authenticate supplicant systems in EAP relay mode or EAP terminating

mode. The following illustration of these two modes will take the 802.1X authentication procedure

initiated by the supplicant system for example.

（

）

EAP Relay Mode

This mode is defined in 802.1X. In this mode, EAP-packets are encapsulated in higher level

protocol (such as EAPOR) packets to allow them successfully reach the authentication server.

This mode normally requires the RADIUS server to support the two fields of EAP: the

EAP-message field and the Message-authenticator field. This switch supports EAP-MD5

authentication way for the EAP relay mode. The following figure describes the basic EAP-MD5

authentication procedure.

Figure 11-18 EAP-MD5 Authentication Procedure

A supplicant system launches an 802.1X client program via its registered user name and

password to initiate an access request through the sending of an EAPOL-Start packet to the

switch. The 802.1X client program then forwards the packet to the switch to start the

authentication process.

Switch

Supplicant System

EAP

Authentication Server

EAPOL

Start

EAP-Request/Identity

RADIUS-Access-Request

EAP-Request

RADIUS-Access-Request

EAP-Response/Identity

RADIUS-Access-Challenge

EAP-Response

RADIUS-Access-Accept

EAP-Success

157