Home » TP-Link Manuals » Hubs & Switches » TP-Link TL-SG3424P » Manual Viewer

TP-Link TL-SG3424P TL-SG3424P V1 User Guide - Page 178

Global Config

Add to My Manuals
Save this manual to your list of manuals

Page 178 highlights

by the authentication server, and the switch is responsible to encapsulate the authentication packet and forward it to the RADIUS server. ¾ 802.1X Timer In 802.1 x authentication, the following timers are used to ensure that the supplicant system, the switch, and the RADIUS server interact in an orderly way: （1） Supplicant system timer (Supplicant Timeout): This timer is triggered by the switch after the switch sends a request packet to a supplicant system. The switch will resend the request packet to the supplicant system if the supplicant system fails to respond in the specified timeout period. （2） RADIUS server timer (Server Timeout): This timer is triggered by the switch after the switch sends an authentication request packet to RADIUS server. The switch will resend the authentication request packet if the RADIUS server fails to respond in the specified timeout period. （3） Quiet-period timer (Quiet Period): This timer sets the quiet-period. When a supplicant system fails to pass the authentication, the switch quiets for the specified period before it processes another authentication request re-initiated by the supplicant system. ¾ Guest VLAN Guest VLAN function enables the supplicants that do not pass the authentication to access the specific network resource. By default, all the ports connected to the supplicants belong to a VLAN, i.e. Guest VLAN. Users belonging to the Guest VLAN can access the resources of the Guest VLAN without being authenticated. But they need to be authenticated before accessing external resources. After passing the authentication, the ports will be removed from the Guest VLAN and be allowed to access the other resources. With the Guest VLAN function enabled, users can access the Guest VLAN to install 802.1X client program or upgrade their 802.1x clients without being authenticated. If there is no supplicant past the authentication on the port in a certain time, the switch will add the port to the Guest VLAN. With 802.1X function enabled and Guest VLAN configured, after the maximum number retries have been made to send the EAP-Request/Identity packets and there are still ports that have not sent any response back, the switch will then add these ports into the Guest VLAN according to their link types. Only when the corresponding user passes the 802.1X authentication, the port will be removed from the Guest VLAN and added to the specified VLAN. In addition, the port will back to the Guest VLAN when its connected user logs off. The 802.1X function is implemented on the Global Config, Port Config and Radius Server pages. 12.4.1 Global Config On this page, you can enable the 802.1X authentication function globally and control the authentication process by specifying the Authentication Method, Guest VLAN and various Timers. Choose the menu Network Security→802.1X→Global Config to load the following page. 170

Section	Page
Package Contents	9
Chapter 1 About this Guide	10
1.1 Intended Readers	10
1.2 Conventions	10
1.3 Overview of This Guide	10
Chapter 2 Introduction	14
2.1 Overview of the Switch	14
2.2 Main Features	14
2.3 Appearance Description	15
2.3.1 Front Panel	15
2.3.2 Rear Panel	17
Chapter 3 Login to the Switch	18
3.1 Login	18
3.2 Configuration	18
Chapter 4 System	20
4.1 System Info	20
4.1.1 System Summary	20
4.1.2 Device Description	22
4.1.3 System Time	22
4.1.4 System IP	24
4.2 User Manage	25
4.2.1 User Table	25
4.2.2 User Config	25
4.3 System Tools	27
4.3.1 Config Restore	27
4.3.2 Config Backup	27
4.3.3 Firmware Upgrade	28
4.3.4 System Reboot	29
4.3.5 System Reset	29
4.4 Access Security	29
4.4.1 Access Control	29
4.4.2 SSL Config	31
4.4.3 SSH Config	32
Chapter 5 Switching	38
5.1 Port	38
5.1.1 Port Config	38
5.1.2 Port Mirror	39
5.1.3 Port Security	41
5.1.4 Port Isolation	43
5.2 LAG	44
5.2.1 LAG Table	44
5.2.2 Static LAG	46
5.2.3 LACP Config	47
5.3 Traffic Monitor	49
5.3.1 Traffic Summary	49
5.3.2 Traffic Statistics	50
5.4 MAC Address	51
5.4.1 Address Table	52
5.4.2 Static Address	54
5.4.3 Dynamic Address	55
5.4.4 Filtering Address	57
Chapter 6 VLAN	59
6.1 802.1Q VLAN	60
6.1.1 VLAN Config	62
6.1.2 Port Config	64
6.2 MAC VLAN	66
6.3 Protocol VLAN	67
6.3.1 Protocol Group Table	70
6.3.2 Protocol Group	70
6.3.3 Protocol Template	71
6.4 Application Example for 802.1Q VLAN	73
6.5 Application Example for MAC VLAN	74
6.6 Application Example for Protocol VLAN	76
6.7 GVRP	77
Chapter 7 Spanning Tree	81
7.1 STP Config	86
7.1.1 STP Config	86
7.1.2 STP Summary	88
7.2 Port Config	88
7.3 MSTP Instance	90
7.3.1 Region Config	90
7.3.2 Instance Config	91
7.3.3 Instance Port Config	92
7.4 STP Security	94
7.4.1 Port Protect	94
7.4.2 TC Protect	97
7.5 Application Example for STP Function	97
Chapter 8 Multicast	101
8.1 IGMP Snooping	103
8.1.1 Snooping Config	104
8.1.2 Port Config	105
8.1.3 VLAN Config	106
8.1.4 Multicast VLAN	108
8.2 Multicast IP	111
8.2.1 Multicast IP Table	112
8.2.2 Static Multicast IP	112
8.3 Multicast Filter	113
8.3.1 IP-Range	114
8.3.2 Port Filter	115
8.4 Packet Statistics	116
Chapter 9 QoS	118
9.1 DiffServ	121
9.1.1 Port Priority	121
9.1.2 Schedule Mode	122
9.1.3 802.1P Priority	123
9.1.4 DSCP Priority	123
9.2 Bandwidth Control	125
9.2.1 Rate Limit	125
9.2.2 Storm Control	126
9.3 Voice VLAN	128
9.3.1 Global Config	130
9.3.2 Port Config	130
9.3.3 OUI Config	132
Chapter 10 PoE	134
10.1 PoE Config	134
10.1.1 PoE Config	135
10.1.2 Profile Config	136
10.2 PoE Time-Range	137
10.2.1 Time-Range Summary	137
10.2.2 PoE Time-Range Create	138
10.2.3 PoE Holiday Config	139
Chapter 11 ACL	141
11.1 Time-Range	141
11.1.1 Time-Range Summary	141
11.1.2 Time-Range Create	142
11.1.3 Holiday Config	143
11.2 ACL Config	143
11.2.1 ACL Summary	144
11.2.2 ACL Create	144
11.2.3 MAC ACL	145
11.2.4 Standard-IP ACL	146
11.2.5 Extend-IP ACL	146
11.3 Policy Config	148
11.3.1 Policy Summary	148
11.3.2 Policy Create	148
11.3.3 Action Create	149
11.4 Policy Binding	150
11.4.1 Binding Table	150
11.4.2 Port Binding	151
11.4.3 VLAN Binding	151
11.5 Application Example for ACL	152
Chapter 12 Network Security	155
12.1 IP-MAC Binding	155
12.1.1 Binding Table	155
12.1.2 Manual Binding	156
12.1.3 ARP Scanning	158
12.1.4 DHCP Snooping	159
12.2 ARP Inspection	165
12.2.1 ARP Detect	169
12.2.2 ARP Defend	170
12.2.3 ARP Statistics	172
12.3 DoS Defend	172
12.4 802.1X	174
12.4.1 Global Config	178
12.4.2 Port Config	180
12.4.3 Radius Server	181
Chapter 13 SNMP	183
13.1 SNMP Config	185
13.1.1 Global Config	185
13.1.2 SNMP View	186
13.1.3 SNMP Group	187
13.1.4 SNMP User	188
13.1.5 SNMP Community	190
13.2 Notification	192
13.3 RMON	194
13.3.1 History Control	195
13.3.2 Event Config	195
13.3.3 Alarm Config	196
Chapter 14 LLDP	199
14.1 Basic Config	203
14.1.1 Global Config	203
14.1.2 Port Config	204
14.2 Device Info	205
14.2.1 Local Info	205
14.2.2 Neighbor Info	206
14.3 Device Statistics	207
14.4 LLDP-MED	208
14.4.1 Global Config	209
14.4.2 Port Config	209
14.4.3 Local Info	211
14.4.4 Neighbor Info	212
Chapter 15 Cluster	214
15.1 NDP	215
15.1.1 Neighbor Info	215
15.1.2 NDP Summary	216
15.1.3 NDP Config	218
15.2 NTDP	219
15.2.1 Device Table	219
15.2.2 NTDP Summary	220
15.2.3 NTDP Config	222
15.3 Cluster	223
15.3.1 Cluster Summary	223
15.3.2 Cluster Config	224
15.4 Application Example for Cluster Function	226
Chapter 16 Maintenance	229
16.1 System Monitor	229
16.1.1 CPU Monitor	229
16.1.2 Memory Monitor	230
16.2 Log	231
16.2.1 Log Table	232
16.2.2 Local Log	233
16.2.3 Remote Log	233
16.2.4 Backup Log	234
16.3 Device Diagnose	235
16.3.1 Cable Test	235
16.3.2 Loopback	236
16.4 Network Diagnose	236
16.4.1 Ping	236
16.4.2 Tracert	237
Appendix A: Specifications	239
Appendix B: Configuring the PCs	240
Appendix C: Load Software Using FTP	243
Appendix D: 802.1X Client Software	248

Match case Limit results 1 per page

by the authentication server, and the switch is responsible to encapsulate the authentication

it to the RADIUS server.

ensure that the supplicant system, the

plicant system if the supplicant system fails to respond in the

n request packet if the RADIUS server fails to respond in the specified

before it

nother authentication request re-initiated by the supplicant system.

s the supplicants that do not pass the authentication to access the

e ports will be removed from the Guest VLAN and be allowed to

pecified VLAN. In addition, the port will back

.1X

function is implemented on the

Global Config

Port Config

and

Radius Server

mers.

Choose the menu

Network Security

→

802.1X

→

Global Config

to load the following page.

packet and forward

802.1X Timer

In 802.1 x authentication, the following timers are used to

switch, and the RADIUS server interact in an orderly way:

（

）

Supplicant system timer (Supplicant Timeout):

This timer is triggered by the switch

after the switch sends a request packet to a supplicant system. The switch will resend the

request packet to the sup

specified timeout period.

（

）

RADIUS server timer

(

Server Timeout

): This timer is triggered by the switch after the

switch sends an authentication request packet to RADIUS server. The switch will resend

the authenticatio

timeout period.

（

）

Quiet-period timer (Quiet Period):

This timer sets the quiet-period. When a supplicant

system fails to pass the authentication, the switch quiets for the specified period

processes a

Guest VLAN

Guest VLAN function enable

specific network resource.

By default, all the ports connected to the supplicants belong to a VLAN, i.e. Guest VLAN. Users

belonging to the Guest VLAN can access the resources of the Guest VLAN without being

authenticated. But they need to be authenticated before accessing external resources. After

passing the authentication, th

access the other resources.

With the Guest VLAN function enabled, users can access the Guest VLAN to install 802.1X client

program or upgrade their 802.1x clients without being authenticated. If there is no supplicant pa

the authentication on the port in a certain time, the switch will add the port to the Guest VLAN.

With 802.1X function enabled and Guest VLAN configured, after the maximum number retries

have been made to send the EAP-Request/Identity packets and there are still ports that have not

sent any response back, the switch will then add these ports into the Guest VLAN according to

their link types. Only when the corresponding user passes the 802.1X authentication, the port will

be removed from the Guest VLAN and added to the s

to the Guest VLAN when its connected user logs off.

The

802

pages.

12.4.1 Global Config

On this page, you can enable the 802.1X authentication function globally and control the

authentication process by specifying the Authentication Method, Guest VLAN and various Ti

170