Home » TP-Link Manuals » Hubs & Switches » TP-Link TL-SG3216 » Manual Viewer

TP-Link TL-SG3216 TL-SG3216 V1 User Guide - Page 165

X Timer, Supplicant system timer Supplicant Timeout

Add to My Manuals
Save this manual to your list of manuals

Page 165 highlights

5. Upon receiving the key (encapsulated in an EAP-Request/MD5 Challenge packet) from the switch, the client program encrypts the password of the supplicant system with the key and sends the encrypted password (contained in an EAP-Response/MD5 Challenge packet) to the RADIUS server through the switch. (The encryption is irreversible.) 6. The RADIUS server compares the received encrypted password (contained in a RADIUS Access-Request packet) with the locally-encrypted password. If the two match, it will then send feedbacks (through a RADIUS Access-Accept packet and an EAP-Success packet) to the switch to indicate that the supplicant system is authorized. 7. The switch changes the state of the corresponding port to accepted state to allow the supplicant system access the network. And then the switch will monitor the status of supplicant by sending hand-shake packets periodically. By default, the switch will force the supplicant to log off if it can not get the response from the supplicant for two times. 8. The supplicant system can also terminate the authenticated state by sending EAPOL-Logoff packets to the switch. The switch then changes the port state from accepted to rejected. （2） EAP Terminating Mode In this mode, packet transmission is terminated at authenticator systems and the EAP packets are mapped into RADIUS packets. Authentication and accounting are accomplished through RADIUS protocol. In this mode, PAP or CHAP is employed between the switch and the RADIUS server. This switch supports the PAP terminating mode. The authentication procedure of PAP is illustrated in the following figure. Supplicant System EAP Switch RADIUS Authentication Server EAPOL-Start EAP-Request/Identity EAP-Response/Identity EAP-Request EAP-Response RADIUS-Access-Request EAP-Success RADIUS-Access-Accept Figure 11-19 PAP Authentication Procedure In PAP mode, the switch encrypts the password and sends the user name, the randomly-generated key, and the supplicant system-encrypted password to the RADIUS server for further authentication. Whereas the randomly-generated key in EAP-MD5 relay mode is generated by the authentication server, and the switch is responsible to encapsulate the authentication packet and forward it to the RADIUS server. ¾ 802.1X Timer In 802.1 x authentication, the following timers are used to ensure that the supplicant system, the switch, and the RADIUS server interact in an orderly way: （1） Supplicant system timer (Supplicant Timeout): This timer is triggered by the switch 158

Section	Page
Package Contents	8
Chapter 1 About this Guide	9
1.1 Intended Readers	9
1.2 Conventions	9
1.3 Overview of This Guide	9
Chapter 2 Introduction	13
2.1 Overview of the Switch	13
2.2 Main Features	13
2.3 Appearance Description	14
2.3.1 Front Panel	14
2.3.2 Rear Panel	15
Chapter 3 Login to the Switch	16
3.1 Login	16
3.2 Configuration	16
Chapter 4 System	18
4.1 System Info	18
4.1.1 System Summary	18
4.1.2 Device Description	20
4.1.3 System Time	20
4.1.4 System IP	22
4.2 User Manage	23
4.2.1 User Table	23
4.2.2 User Config	23
4.3 System Tools	25
4.3.1 Config Restore	25
4.3.2 Config Backup	25
4.3.3 Firmware Upgrade	26
4.3.4 System Reboot	27
4.3.5 System Reset	27
4.4 Access Security	27
4.4.1 Access Control	27
4.4.2 SSL Config	29
4.4.3 SSH Config	30
Chapter 5 Switching	36
5.1 Port	36
5.1.1 Port Config	36
5.1.2 Port Mirror	37
5.1.3 Port Security	39
5.2 LAG	40
5.2.1 LAG Table	41
5.2.2 Static LAG	42
5.2.3 LACP Config	43
5.3 Traffic Monitor	45
5.3.1 Traffic Summary	45
5.3.2 Traffic Statistics	46
5.4 MAC Address	47
5.4.1 Address Table	48
5.4.2 Static Address	50
5.4.3 Dynamic Address	51
5.4.4 Filtering Address	53
Chapter 6 VLAN	55
6.1 802.1Q VLAN	56
6.1.1 VLAN Config	58
6.1.2 Port Config	60
6.2 MAC VLAN	62
6.3 Protocol VLAN	63
6.3.1 Protocol Group Table	66
6.3.2 Protocol Group	66
6.3.3 Protocol Template	67
6.4 Application Example for 802.1Q VLAN	68
6.5 Application Example for MAC VLAN	70
6.6 Application Example for Protocol VLAN	71
6.7 GVRP	73
Chapter 7 Spanning Tree	77
7.1 STP Config	82
7.1.1 STP Config	82
7.1.2 STP Summary	84
7.2 Port Config	84
7.3 MSTP Instance	86
7.3.1 Region Config	86
7.3.2 Instance Config	87
7.3.3 Instance Port Config	88
7.4 STP Security	90
7.4.1 Port Protect	90
7.4.2 TC Protect	93
7.5 Application Example for STP Function	93
Chapter 8 Multicast	97
8.1 IGMP Snooping	99
8.1.1 Snooping Config	100
8.1.2 Port Config	101
8.1.3 VLAN Config	102
8.1.4 Multicast VLAN	104
8.2 Multicast IP	107
8.2.1 Multicast IP Table	108
8.2.2 Static Multicast IP	108
8.3 Multicast Filter	109
8.3.1 IP-Range	110
8.3.2 Port Filter	111
8.4 Packet Statistics	112
Chapter 9 QoS	114
9.1 DiffServ	117
9.1.1 Port Priority	117
9.1.2 Schedule Mode	118
9.1.3 802.1P Priority	119
9.1.4 DSCP Priority	119
9.2 Bandwidth Control	121
9.2.1 Rate Limit	121
9.2.2 Storm Control	122
9.3 Voice VLAN	123
9.3.1 Global Config	125
9.3.2 Port Config	126
9.3.3 OUI Config	127
Chapter 10 ACL	129
10.1 Time-Range	129
10.1.1 Time-Range Summary	129
10.1.2 Time-Range Create	130
10.1.3 Holiday Config	131
10.2 ACL Config	131
10.2.1 ACL Summary	132
10.2.2 ACL Create	132
10.2.3 MAC ACL	133
10.2.4 Standard-IP ACL	134
10.2.5 Extend-IP ACL	134
10.3 Policy Config	136
10.3.1 Policy Summary	136
10.3.2 Policy Create	137
10.3.3 Action Create	137
10.4 Policy Binding	138
10.4.1 Binding Table	138
10.4.2 Port Binding	139
10.4.3 VLAN Binding	139
10.5 Application Example for ACL	140
Chapter 11 Network Security	143
11.1 IP-MAC Binding	143
11.1.1 Binding Table	143
11.1.2 Manual Binding	144
11.1.3 ARP Scanning	146
11.1.4 DHCP Snooping	147
11.2 ARP Inspection	153
11.2.1 ARP Detect	157
11.2.2 ARP Defend	158
11.2.3 ARP Statistics	159
11.3 DoS Defend	160
11.4 802.1X	162
11.4.1 Global Config	166
11.4.2 Port Config	168
11.4.3 Radius Server	169
Chapter 12 SNMP	171
12.1 SNMP Config	173
12.1.1 Global Config	173
12.1.2 SNMP View	174
12.1.3 SNMP Group	175
12.1.4 SNMP User	176
12.1.5 SNMP Community	178
12.2 Notification	180
12.3 RMON	182
12.3.1 History Control	183
12.3.2 Event Config	183
12.3.3 Alarm Config	184
Chapter 13 Cluster	187
13.1 NDP	188
13.1.1 Neighbor Info	188
13.1.2 NDP Summary	189
13.1.3 NDP Config	191
13.2 NTDP	192
13.2.1 Device Table	192
13.2.2 NTDP Summary	193
13.2.3 NTDP Config	194
13.3 Cluster	196
13.3.1 Cluster Summary	196
13.3.2 Cluster Config	197
13.4 Application Example for Cluster Function	199
Chapter 14 Maintenance	202
14.1 System Monitor	202
14.1.1 CPU Monitor	202
14.1.2 Memory Monitor	203
14.2 Log	204
14.2.1 Log Table	205
14.2.2 Local Log	205
14.2.3 Remote Log	206
14.2.4 Backup Log	207
14.3 Device Diagnose	208
14.3.1 Cable Test	208
14.3.2 Loopback	209
14.4 Network Diagnose	209
14.4.1 Ping	209
14.4.2 Tracert	210
Appendix A: Specifications	212
Appendix B: Configuring the PCs	213
Appendix C: Load Software using FTP	216
Appendix D: 802.1X Client Software	221

Match case Limit results 1 per page

Upon receiving the key (encapsulated in an EAP-Request/MD5 Challenge packet) from the

switch, the client program encrypts the password of the supplicant system with the key and

sends the encrypted password (contained in an EAP-Response/MD5 Challenge packet) to

the RADIUS server through the switch. (The encryption is irreversible.)

The RADIUS server compares the received encrypted password (contained in a RADIUS

Access-Request packet) with the locally-encrypted password. If the two match, it will then

send feedbacks (through a RADIUS Access-Accept packet and an EAP-Success packet) to

the switch to indicate that the supplicant system is authorized.

The switch changes the state of the corresponding port to accepted state to allow the

supplicant system access the network. And then the switch will monitor the status of

supplicant by sending hand-shake packets periodically. By default, the switch will force the

supplicant to log off if it can not get the response from the supplicant for two times.

The supplicant system can also terminate the authenticated state by sending EAPOL-Logoff

packets to the switch. The switch then changes the port state from accepted to rejected.

（

）

EAP Terminating Mode

In this mode, packet transmission is terminated at authenticator systems and the EAP packets are

mapped into RADIUS packets. Authentication and accounting are accomplished through RADIUS

protocol.

In this mode, PAP or CHAP is employed between the switch and the RADIUS server. This switch

supports the PAP terminating mode. The authentication procedure of PAP is illustrated in the

following figure.

Figure 11-19 PAP Authentication Procedure

In PAP mode, the switch encrypts the password and sends the user name, the

randomly-generated key, and the supplicant system-encrypted password to the RADIUS server for

further authentication. Whereas the randomly-generated key in EAP-MD5 relay mode is generated

by the authentication server, and the switch is responsible to encapsulate the authentication

packet and forward it to the RADIUS server.

802.1X Timer

In 802.1 x authentication, the following timers are used to ensure that the supplicant system, the

switch, and the RADIUS server interact in an orderly way:

（

）

Supplicant system timer (Supplicant Timeout):

This timer is triggered by the switch

Switch

EAP

RADIUS

Authentication Server

Supplicant System

EAPOL

Start

EAP-Request/Identity

EAP-Request

RADIUS-Access-Request

EAP-Response/Identity

EAP-Response

RADIUS-Access-Accept

EAP-Success

158