Home » ZyXEL Manuals » Networking » ZyXEL ES-2108PWR » Manual Viewer

ZyXEL ES-2108PWR User Guide - Page 127

Port Authentication

Add to My Manuals
Save this manual to your list of manuals

Page 127 highlights

CHAPTER 16 Port Authentication This chapter describes the IEEE 802.1x authentication method setup. 16.1 Port Authentication Overview Port authentication is a way to validate access to ports on the Switch to clients based on an external server (authentication server). The Switch supports IEEE 802.1x for port authentication. With IEEE 802.1x2, an authentication server validates access to a port based on a username and password provided by the user. IEEE 802.1x uses the RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) protocol to validate users. See Section 20.2.1 on page 152 for more information on configuring your RADIUS server settings. 16.1.1 IEEE 802.1x Authentication The following figure illustrates how a client connecting to a IEEE 802.1x authentication enabled port goes through a validation process. The Switch prompts the client for login information in the form of a user name and password. When the client provides the login credentials, the Switch sends an authentication request to a RADIUS server. The RADIUS server validates whether this client is allowed access to the port. 2. At the time of writing, IEEE 802.1x is not supported by all operating systems. See your operating system documentation. If your operating system does not support 802.1x, then you may need to install 802.1x client software. ES-2108 Series User's Guide 127

Section	Page
User’s Guide	1
About This User's Guide	3
Document Conventions	4
Safety Warnings	6
Contents Overview	9
Table of Contents	11
List of Figures	21
List of Tables	25
Introduction	29
Getting to Know Your Switch	31
1.1 Introduction	31
1.1.1 Backbone Application	31
1.1.2 Bridging Example	32
1.1.3 High Performance Switched Example	33
1.1.4 IEEE 802.1Q VLAN Application Examples	33
1.2 Ways to Manage the Switch	34
1.3 Good Habits for Managing the Switch	35
Hardware Installation and Connection	37
2.1 Freestanding Installation	37
2.2 Mounting the Switch on a Rack	38
2.2.1 Rack-mounted Installation Requirements	38
2.2.2 Attaching the Mounting Brackets to the Switch	38
2.2.3 Mounting the Switch on a Rack	39
2.3 Wall-mounting Installation	39
Hardware Overview	41
3.1 Front Panel Connection	41
3.1.1 Console Port	43
3.1.2 Ethernet Ports	43
3.1.3 Fast Ethernet SFP Slot	44
3.1.4 Mini-GBIC Slot	44
3.1.5 100 Base-FX Fiber-Optic Port	45
3.2 Rear Panel	46
3.2.1 Power Connections	46
3.3 LEDs	47
Basic Configuration	49
The Web Configurator	51
4.1 Introduction	51
4.2 System Login	51
4.3 The Status Screen	52
4.3.1 Change Your Password	56
4.4 Saving Your Configuration	57
4.5 Switch Lockout	57
4.6 Resetting the Switch	58
4.6.1 Reload the Factory-default Configuration File	58
4.7 Logging Out of the Web Configurator	59
4.8 Help	59
Initial Setup Example	61
5.1 Overview	61
5.1.1 Creating a VLAN	61
5.1.2 Setting Port VID	63
5.1.3 Configuring the Management IP Address	63
System Status and Port Statistics	65
6.1 Port Status Overview	65
6.1.1 Status: Port Details	66
Basic Setting	71
7.1 Overview	71
7.2 System Information	71
7.3 General Setup	73
7.4 Introduction to VLANs	75
7.5 Switch Setup Screen	76
7.6 IP Setup	78
7.6.1 Management IP Addresses	78
7.7 Port Setup	80
Advanced Setup	85
VLAN	87
8.1 Introduction to IEEE 802.1Q Tagged VLAN	87
8.1.1 Forwarding Tagged and Untagged Frames	87
8.2 Automatic VLAN Registration	88
8.2.1 GARP	88
8.2.2 GVRP	88
8.3 Port VLAN Trunking	89
8.4 Select the VLAN Type	89
8.5 Static VLAN	89
8.5.1 Static VLAN Status	90
8.5.2 Static VLAN Details	90
8.5.3 Configure a Static VLAN	91
8.5.4 Configure VLAN Port Settings	92
8.6 Port Based VLAN Setup	94
8.6.1 Configure a Port-based VLAN	94
Static MAC Forwarding	97
9.1 Overview	97
9.2 Configuring Static MAC Forwarding	97
Filtering	99
10.1 Configure a Filtering Rule	99
Spanning Tree Protocol	101
11.1 STP/RSTP Overview	101
11.1.1 STP Terminology	101
11.1.2 How STP Works	102
11.1.3 STP Port States	103
11.1.4 Multiple STP	103
11.2 Spanning Tree Protocol Status Screen	106
11.3 Spanning Tree Configuration	106
11.4 Configure Rapid Spanning Tree Protocol	107
11.5 Rapid Spanning Tree Protocol Status	108
11.6 Configure Multiple Spanning Tree Protocol	109
11.7 Multiple Spanning Tree Protocol Status	112
Bandwidth Control	115
12.1 Bandwidth Control Setup	115
Broadcast Storm Control	117
13.1 Broadcast Storm Control Setup	117
Mirroring	119
14.1 Port Mirroring Setup	119
Link Aggregation	121
15.1 Link Aggregation Overview	121
15.2 Dynamic Link Aggregation	121
15.2.1 Link Aggregation ID	122
15.3 Link Aggregation Control Protocol Status	122
15.4 Link Aggregation Setup	123
15.5 Link Aggregation Control Protocol	124
15.6 Static Trunking Example	125
Port Authentication	127
16.1 Port Authentication Overview	127
16.1.1 IEEE 802.1x Authentication	127
16.2 Port Authentication Configuration	128
16.2.1 Activate IEEE 802.1x Security	128
Port Security	131
17.1 Port Security Overview	131
17.2 Port Security Setup	131
17.3 Port Security Example	133
Queuing Method	135
18.1 Queuing Method Overview	135
18.1.1 Strict Priority Queuing (SPQ)	135
18.1.2 Weighted Round Robin Scheduling (WRR)	135
18.2 Configuring Queuing Method	136
Multicast	137
19.1 Multicast Overview	137
19.1.1 IP Multicast Addresses	137
19.1.2 IGMP Filtering	137
19.1.3 IGMP Snooping	137
19.1.4 IGMP Snooping and VLANs	138
19.2 Multicast Status	138
19.3 Multicast Setting	138
19.4 IGMP Snooping VLAN	140
19.5 IGMP Filtering Profile	142
19.6 MVR Overview	143
19.6.1 Types of MVR Ports	144
19.6.2 MVR Modes	144
19.6.3 How MVR Works	144
19.7 General MVR Configuration	145
19.8 MVR Group Configuration	146
19.8.1 MVR Configuration Example	148
Authentication & Accounting	151
20.1 Authentication, Authorization and Accounting	151
20.1.1 Local User Accounts	151
20.1.2 RADIUS and TACACS+	152
20.2 Authentication and Accounting Screens	152
20.2.1 RADIUS Server Setup	152
20.2.2 TACACS+ Server Setup	154
20.2.3 Authentication and Accounting Setup	156
20.2.4 Vendor Specific Attribute	159
20.3 Supported RADIUS Attributes	160
20.3.1 Attributes Used for Authentication	161
20.3.2 Attributes Used for Accounting	161
IP Source Guard	165
21.1 IP Source Guard Overview	165
21.1.1 ARP Inspection Overview	165
21.2 IP Source Guard	167
21.3 IP Source Guard Static Binding	167
21.4 ARP Inspection Status	169
21.4.1 ARP Inspection Log Status	169
21.5 ARP Inspection Configure	170
21.5.1 ARP Inspection Port Configure	172
21.5.2 ARP Inspection VLAN Configure	173
Loop Guard	175
22.1 Loop Guard Overview	175
22.2 Loop Guard Setup	177
IP Application	179
Static Route	181
23.1 Static Routing Overview	181
23.2 Configuring Static Routing	181
Differentiated Services	185
24.1 DiffServ Overview	185
24.1.1 DSCP and Per-Hop Behavior	185
24.1.2 DiffServ Network Example	185
24.2 Activating DiffServ	186
24.3 DSCP-to-IEEE802.1p Priority Mapping Settings	187
24.3.1 Configuring DSCP Settings	187
DHCP	189
25.1 DHCP Overview	189
25.1.1 DHCP Modes	189
25.1.2 DHCP Configuration Options	189
25.2 DHCP Status	189
25.3 DHCP Relay	190
25.3.1 DHCP Relay Agent Information	190
25.3.2 Configuring DHCP Global Relay	191
25.3.3 Global DHCP Relay Configuration Example	192
25.4 Configuring DHCP VLAN Settings	192
25.4.1 Example: DHCP Relay for Two VLANs	194
Management	195
Maintenance	197
26.1 The Maintenance Screen	197
26.2 Load Factory Default	198
26.3 Save Configuration	198
26.4 Reboot System	199
26.5 Firmware Upgrade	199
26.6 Restore a Configuration File	199
26.7 Backup Configuration File	200
26.8 FTP Command Line	200
26.8.1 Filename Conventions	201
26.8.2 FTP Command Line Procedure	201
26.8.3 GUI-based FTP Clients	202
26.8.4 FTP Restrictions	202
Access Control	203
27.1 Access Control Overview	203
27.2 The Access Control Main Screen	203
27.3 About SNMP	204
27.3.1 SNMP v3 and Security	205
27.3.2 Supported MIBs	205
27.3.3 SNMP Traps	205
27.3.4 Configuring SNMP	208
27.3.5 Configuring SNMP Trap Group	210
27.4 Setting Up Login Accounts	211
27.5 SSH Overview	213
27.6 How SSH works	213
27.7 SSH Implementation on the Switch	214
27.7.1 Requirements for Using SSH	214
27.7.2 SSH Login Example	215
27.8 Introduction to HTTPS	215
27.9 HTTPS Example	216
27.9.1 Internet Explorer Warning Messages	216
27.9.2 Netscape Navigator Warning Messages	217
27.9.3 The Main Screen	218
27.10 Service Port Access Control	218
27.11 Remote Management	219
Diagnostic	221
28.1 Diagnostic	221
Syslog	223
29.1 Syslog Overview	223
29.2 Syslog Setup	223
29.3 Syslog Server Setup	224
Cluster Management	227
30.1 Clustering Management Status Overview	227
30.2 Clustering Management Status	228
30.2.1 Cluster Member Switch Management	229
30.3 Clustering Management Configuration	230
MAC Table	233
31.1 MAC Table Overview	233
31.2 Viewing the MAC Table	234
ARP Table	235
32.1 ARP Table Overview	235
32.1.1 How ARP Works	235
32.2 Viewing the ARP Table	235
Configure Clone	237
33.1 Configure Clone Settings	237
Troubleshooting and Appendices	239
Troubleshooting	241
34.1 Problems Starting Up the Switch	241
34.2 Problems Accessing the Switch	241
34.2.1 Pop-up Windows, JavaScripts and Java Permissions	242
34.3 Problems with the Password	247
Product Specifications	249
IP Addresses and Subnetting	257
Legal Information	267
Customer Support	271

Match case Limit results 1 per page

ES-2108 Series User’s Guide

127

HAPTER

Port Authentication

This chapter describes the IEEE 802.1x authentication method setup.

16.1

Port Authentication Overview

Port authentication is a way to validate access to ports on the Switch to clients based on an

external server (authentication server). The Switch supports IEEE 802.1x for port

authentication. With IEEE 802.1x

, an authentication server validates access to a port based on

a username and password provided by the user. IEEE 802.1x uses the RADIUS (Remote

Authentication Dial In User Service, RFC 2138, 2139) protocol to validate users. See

Section

20.2.1 on page 152

for more information on configuring your RADIUS server settings.

16.1.1

IEEE 802.1x Authentication

The following figure illustrates how a client connecting to a IEEE 802.1x authentication

enabled port goes through a validation process. The Switch prompts the client for login

information in the form of a user name and password. When the client provides the login

credentials, the Switch sends an authentication request to a RADIUS server. The RADIUS

server validates whether this client is allowed access to the port.

At the time of writing, IEEE 802.1x is not supported by all operating systems. See your operating system

documentation. If your operating system does not support 802.1x, then you may need to install 802.1x client

software.