Home » ZyXEL Manuals » Hubs & Switches » ZyXEL GS1920 Series » Manual Viewer

ZyXEL GS1920 Series User Guide - Page 196

Vendor Specific Attribute

View all ZyXEL GS1920 Series manuals

Add to My Manuals
Save this manual to your list of manuals

Page 196 highlights

Chapter 24 AAA Table 86 Advanced Application > AAA > AAA Setup (continued) LABEL Method DESCRIPTION Select whether you want to use RADIUS or TACACS+ for authorization of specific types of events. Accounting Update Period Type RADIUS is the only method for IEEE 802.1x authorization. Use this section to configure accounting settings on the Switch. This is the amount of time in minutes before the Switch sends an update to the accounting server. This is only valid if you select the start-stop option for the Dot1x entry. The Switch supports the following types of events to be sent to the accounting server(s): • System - Configure the Switch to send information when the following system events occur: system boots up, system shuts down, system accounting is enabled, system accounting is disabled Active Broadcast • Dot1x - Configure the Switch to send information when an IEEE 802.1x client begins a session (authenticates via the Switch), ends a session as well as interim updates of a session. Select this to activate accounting for a specified event types. Select this to have the Switch send accounting information to all configured accounting servers at the same time. Mode If you don't select this and you have two accounting servers set up, then the Switch sends information to the first accounting server and if it doesn't get a response from the accounting server then it tries the second accounting server. The Switch supports two modes of recording login events. Select: • start-stop - to have the Switch send information to the accounting server when a user begins a session, during a user's session (if it lasts past the Update Period), and when a user ends a session. Method • stop-only - to have the Switch send information to the accounting server only when a user ends a session. Select whether you want to use RADIUS or TACACS+ for accounting of specific types of events. Apply Cancel TACACS+ is the only method for recording s type of event. Click Apply to save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 24.6 Technical Reference This section provides technical background information on the topics discussed in this chapter. 24.6.1 Vendor Specific Attribute RFC 2865 standard specifies a method for sending vendor-specific information between a RADIUS server and a network access device (for example, the Switch). A company can create Vendor Specific Attributes (VSAs) to expand the functionality of a RADIUS server. The Switch supports VSAs that allow you to perform the following actions based on user authentication: GS1920 Series User's Guide 196

Section	Page
GS1920 Series	1
Contents Overview	3
Table of Contents	5
User’s Guide	17
Getting to Know Your Switch	18
1.1 Introduction	18
1.1.1 Backbone Application	19
1.1.2 Bridging Example	19
1.1.3 High Performance Switching Example	20
1.1.4 IEEE 802.1Q VLAN Application Examples	20
1.2 Ways to Manage the Switch	21
1.3 Good Habits for Managing the Switch	21
Hardware Installation and Connection	23
2.1 Installation Scenarios	23
2.2 Desktop Installation Procedure	23
2.3 Mounting the Switch on a Rack	23
2.3.1 Rack-mounted Installation Requirements	23
2.3.2 Attaching the Mounting Brackets to the Switch	24
2.3.3 Mounting the Switch on a Rack	24
Hardware Panels	26
3.1 Front Panel	26
3.1.1 Gigabit Ethernet Ports	26
3.1.2 Mini-GBIC Slots	27
3.1.3 LED Mode (only available for GS1920-48HP)	29
3.2 Rear Panel	29
3.2.1 Power Connector	29
3.3 LEDs	30
3.4 Reset to Factory Defaults	30
3.4.1 Side Panels	31
Technical Reference	32
The Web Configurator	33
4.1 Overview	33
4.2 System Login	33
4.3 The Status Screen	34
4.3.1 Change Your Password	37
4.4 Saving Your Configuration	38
4.5 Switch Lockout	38
4.6 Resetting the Switch	39
4.7 Logging Out of the Web Configurator	39
4.8 Help	39
Initial Setup Example	40
5.1 Overview	40
5.1.1 Creating a VLAN	40
5.1.2 Setting Port VID	41
5.2 Configuring Switch Management IP Address	42
Tutorials	44
6.1 Overview	44
6.2 How to Use DHCP Snooping on the Switch	44
6.3 How to Use DHCP Relay on the Switch	48
6.3.1 DHCP Relay Tutorial Introduction	48
6.3.2 Creating a VLAN	48
6.3.3 Configuring DHCP Relay	50
6.3.4 Troubleshooting	51
ZON Utility, ZON Neighbor Management and Port Status	52
7.1 Overview	52
7.1.1 What You Can Do	52
7.2 ZyXEL One Network (ZON) Utility Screen	52
7.3 Neighbor screen	53
7.4 Port Status Summary	54
7.4.1 Status: Port Details	56
Basic Setting	59
8.1 Overview	59
8.1.1 What You Can Do	59
8.2 System Information	59
8.3 General Setup	61
8.4 Introduction to VLANs	63
8.5 Switch Setup Screen	64
8.6 IP Setup	65
8.6.1 Management IP Addresses	65
8.7 Port Setup	67
8.8 PoE Status	69
8.8.1 PoE Setup	71
8.9 Interface Setup	72
8.10 IPv6	73
8.10.1 IPv6 Interface Status	74
8.10.2 IPv6 Configuration	77
8.10.3 IPv6 Global Setup	77
8.10.4 IPv6 Interface Setup	78
8.10.5 IPv6 Link-Local Address Setup	79
8.10.6 IPv6 Global Address Setup	80
8.10.7 IPv6 Neighbor Discovery Setup	81
8.10.8 IPv6 Neighbor Setup	82
8.10.9 DHCPv6 Client Setup	83
VLAN	85
9.1 Overview	85
9.1.1 What You Can Do	85
9.1.2 What You Need to Know	85
9.2 VLAN Status	88
9.2.1 VLAN Details	89
9.3 VLAN Configuration	90
9.4 Configure a Static VLAN	90
9.5 Configure VLAN Port Settings	92
9.6 Subnet Based VLANs	93
9.6.1 Configuring Subnet Based VLAN	94
9.7 Protocol Based VLANs	95
9.7.1 Configuring Protocol Based VLAN	96
9.8 Port-based VLAN Setup	97
9.8.1 Configure a Port-based VLAN	98
9.9 Voice VLAN	100
9.10 MAC-based VLAN	102
9.11 Technical Reference	103
9.11.1 Create an IP-based VLAN Example	103
Static MAC Forward Setup	105
10.1 Overview	105
10.1.1 What You Can Do	105
10.2 Configuring Static MAC Forwarding	105
Static Multicast Forward Setup	107
11.1 Static Multicast Forward Setup Overview	107
11.1.1 What You Can Do	107
11.1.2 What You Need To Know	107
11.2 Configuring Static Multicast Forwarding	108
Filtering	110
12.1 Filtering Overview	110
12.1.1 What You Can Do	110
12.2 Configure a Filtering Rule	110
Spanning Tree Protocol	112
13.1 Spanning Tree Protocol Overview	112
13.1.1 What You Can Do	112
13.1.2 What You Need to Know	112
13.2 Spanning Tree Protocol Status Screen	115
13.3 Spanning Tree Configuration	115
13.4 Configure Rapid Spanning Tree Protocol	116
13.5 Rapid Spanning Tree Protocol Status	118
13.6 Configure Multiple Rapid Spanning Tree Protocol	119
13.7 Multiple Rapid Spanning Tree Protocol Status	121
13.8 Configure Multiple Spanning Tree Protocol	122
13.9 Multiple Spanning Tree Port Configuration	125
13.10 Multiple Spanning Tree Protocol Status	126
13.11 Technical Reference	128
13.11.1 MSTP Network Example	128
13.11.2 MST Region	129
13.11.3 MST Instance	130
13.11.4 Common and Internal Spanning Tree (CIST)	130
Bandwidth Control	131
14.1 Overview	131
14.1.1 What You Can Do	131
14.2 Bandwidth Control Setup	131
Broadcast Storm Control	133
15.1 Broadcast Storm Control Overview	133
15.1.1 What You Can Do	133
15.2 Broadcast Storm Control Setup	133
Mirroring	135
16.1 Mirroring Overview	135
16.1.1 What You Can Do	135
16.2 Port Mirroring Setup	135
Link Aggregation	137
17.1 Overview	137
17.1.1 What You Can Do	137
17.1.2 What You Need to Know	137
17.2 Link Aggregation Status	138
17.3 Link Aggregation Setting	139
17.4 Link Aggregation Control Protocol	141
17.5 Technical Reference	142
17.5.1 Static Trunking Example	142
Port Authentication	144
18.1 Port Authentication Overview	144
18.1.1 What You Can Do	144
18.1.2 What You Need to Know	144
18.2 Port Authentication Configuration	145
18.3 Activate IEEE 802.1x Security	145
18.3.1 Guest VLAN	147
Port Security	150
19.1 Port Security Overview	150
19.1.1 What You Can Do	150
19.2 Port Security Setup	150
Classifier	153
20.1 Overview	153
20.1.1 What You Can Do	153
20.1.2 What You Need to Know	153
20.2 Configuring the Classifier	153
20.2.1 Viewing and Editing Classifier Configuration	155
20.3 Classifier Example	157
Policy Rule	158
21.1 Policy Rules Overview	158
21.1.1 What You Can Do	158
21.2 Configuring Policy Rules	158
21.2.1 Viewing and Editing Policy Configuration	161
21.3 Policy Example	161
Queuing Method	162
22.1 Queuing Method Overview	162
22.1.1 What You Can Do	162
22.1.2 What You Need to Know	162
22.2 Configuring Queuing	163
Multicast	165
23.1 Multicast Overview	165
23.1.1 What You Can Do	165
23.1.2 What You Need to Know	165
23.2 Multicast Setup	169
23.3 IPv4 Multicast Status	169
23.3.1 IGMP Snooping	170
23.4 IGMP Snooping VLAN	172
23.4.1 IGMP Filtering Profile	174
23.5 IPv6 Multicast Status	175
23.5.1 MLD Snooping-proxy	176
23.5.2 MLD Snooping-proxy VLAN	176
23.5.3 MLD Snooping-proxy VLAN Port Role Setting	178
23.5.4 MLD Snooping-proxy VLAN Filtering	180
23.5.5 MLD Snooping-proxy VLAN Filtering Profile	182
23.6 General MVR Configuration	183
23.6.1 MVR Group Configuration	185
23.6.2 MVR Configuration Example	187
AAA	189
24.1 AAA Overview	189
24.1.1 What You Can Do	189
24.1.2 What You Need to Know	189
24.2 AAA Screens	190
24.3 RADIUS Server Setup	190
24.4 TACACS+ Server Setup	192
24.5 AAA Setup	194
24.6 Technical Reference	196
24.6.1 Vendor Specific Attribute	196
24.6.2 Supported RADIUS Attributes	198
24.6.3 Attributes Used for Authentication	198
IP Source Guard	200
25.1 Overview	200
25.1.1 What You Can Do	200
25.1.2 What You Need to Know	201
25.2 IP Source Guard	201
25.3 IP Source Guard Static Binding	202
25.4 DHCP Snooping	203
25.5 DHCP Snooping Configure	206
25.5.1 DHCP Snooping Port Configure	208
25.5.2 DHCP Snooping VLAN Configure	209
25.5.3 DHCP Snooping VLAN Port Configure	210
25.6 ARP Inspection Status	211
25.7 ARP Inspection VLAN Status	212
25.8 ARP Inspection Log Status	213
25.9 ARP Inspection Configure	215
25.9.1 ARP Inspection Port Configure	216
25.9.2 ARP Inspection VLAN Configure	218
25.10 Technical Reference	219
25.10.1 DHCP Snooping Overview	219
25.10.2 ARP Inspection Overview	221
Loop Guard	223
26.1 Loop Guard Overview	223
26.1.1 What You Can Do	223
26.1.2 What You Need to Know	223
26.2 Loop Guard Setup	225
Layer 2 Protocol Tunneling	227
27.1 Layer 2 Protocol Tunneling Overview	227
27.1.1 What You Can Do	227
27.1.2 What You Need to Know	227
27.2 Configuring Layer 2 Protocol Tunneling	228
PPPoE	231
28.1 PPPoE Intermediate Agent Overview	231
28.1.1 What You Can Do	231
28.1.2 What You Need to Know	231
28.2 The PPPoE Screen	234
28.3 PPPoE Intermediate Agent	234
28.3.1 PPPoE IA Per-Port	235
28.3.2 PPPoE IA Per-Port Per-VLAN	237
28.3.3 PPPoE IA for VLAN	238
Error Disable	240
29.1 Error Disable Overview	240
29.2 The Error Disable Screens Overview	240
29.3 Error-Disable Status	240
29.4 CPU Protection Configuration	242
29.5 Error-Disable Detect Configuration	243
29.6 Error-Disable Recovery Configuration	244
Private VLAN	246
30.1 Private VLAN Overview	246
30.2 Configuring Private VLAN	246
Green Ethernet	248
31.1 Green Ethernet Overview	248
31.2 Configuring Green Ethernet	248
Link Layer Discovery Protocol (LLDP)	250
32.1 LLDP Overview	250
32.2 LLDP-MED Overview	251
32.3 LLDP Screens	252
32.4 LLDP Local Status	253
32.4.1 LLDP Local Port Status Detail	254
32.5 LLDP Remote Status	258
32.5.1 LLDP Remote Port Status Detail	259
32.6 LLDP Configuration	265
32.6.1 LLDP Configuration Basic TLV Setting	267
32.6.2 LLDP Configuraion Basic Org-specific TLV Setting	268
32.7 LLDP-MED Configuration	269
32.8 LLDP-MED Network Policy	270
32.9 LLDP-MED Location	271
Static Route	274
33.1 Static Route Overview	274
33.1.1 What You Can Do	274
33.2 Static Routing	274
33.3 Configuring Static Routing	274
Differentiated Services	277
34.1 Differentiated Services Overview	277
34.1.1 What You Can Do	277
34.1.2 What You Need to Know	277
34.2 Activating DiffServ	278
34.3 DSCP-to-IEEE 802.1p Priority Settings	279
34.3.1 Configuring DSCP Settings	280
DHCP	281
35.1 DHCP Overview	281
35.1.1 What You Can Do	281
35.1.2 What You Need to Know	281
35.2 DHCP Configuration	282
35.3 DHCPv4 Status	283
35.4 DHCPv4 Relay	283
35.4.1 DHCPv4 Relay Agent Information	283
35.4.2 DHCPv4 Option 82 Profile	284
35.4.3 Configuring DHCPv4 Global Relay	286
35.4.4 DHCPv4 Global Relay Port Configure	287
35.4.5 Global DHCP Relay Configuration Example	288
35.5 Configuring DHCPv4 VLAN Settings	289
35.5.1 DHCPv4 VLAN Port Configure	291
35.5.2 Example: DHCP Relay for Two VLANs	292
35.6 DHCPv6 Relay	293
ARP Setup	295
36.1 ARP Overview	295
36.1.1 What You Can Do	295
36.1.2 What You Need to Know	295
36.2 ARP Setup	297
36.2.1 ARP Learning	297
Maintenance	299
37.1 Overview	299
37.1.1 What You Can Do	299
37.2 The Maintenance Screen	299
37.2.1 Load Factory Default	300
37.2.2 Save Configuration	300
37.2.3 Reboot System	301
37.3 Firmware Upgrade	301
37.4 Restore a Configuration File	302
37.5 Backup a Configuration File	303
37.6 Tech-Support	303
37.7 Technical Reference	305
37.7.1 FTP Command Line	305
37.7.2 Filename Conventions	305
37.7.3 FTP Command Line Procedure	306
37.7.4 GUI-based FTP Clients	306
37.7.5 FTP Restrictions	307
Access Control	308
38.1 Access Control Overview	308
38.1.1 What You Can Do	308
38.2 The Access Control Main Screen	308
38.3 Configuring SNMP	309
38.3.1 Configuring SNMP Trap Group	310
38.3.2 Enabling/Disabling Sending of SNMP Traps on a Port	311
38.3.3 Configuring SNMP User	312
38.4 Setting Up Login Accounts	314
38.5 Service Port Access Control	315
38.6 Remote Management	316
38.7 Technical Reference	318
38.7.1 About SNMP	318
38.7.2 Introduction to HTTPS	320
Diagnostic	326
39.1 Overview	326
39.2 Diagnostic	326
Syslog	328
40.1 Syslog Overview	328
40.1.1 What You Can Do	328
40.2 Syslog Setup	328
40.3 Syslog Server Setup	329
Cluster Management	331
41.1 Cluster Management Overview	331
41.1.1 What You Can Do	332
41.2 Cluster Management Status	332
41.3 Clustering Management Configuration	333
41.4 Technical Reference	335
41.4.1 Cluster Member Switch Management	335
MAC Table	337
42.1 MAC Table Overview	337
42.1.1 What You Can Do	337
42.1.2 What You Need to Know	337
42.2 Viewing the MAC Table	338
ARP Table	340
43.1 Overview	340
43.1.1 What You Can Do	340
43.1.2 What You Need to Know	340
43.2 Viewing the ARP Table	340
Path MTU Table	342
44.1 Path MTU Overview	342
44.2 Viewing the Path MTU Table	342
Configure Clone	343
45.1 Overview	343
45.2 Configure Clone	343
Neighbor Table	346
46.1 IPv6 Neighbor Table Overview	346
46.2 Viewing the IPv6 Neighbor Table	346
Troubleshooting	348
47.1 Power, Hardware Connections, and LEDs	348
47.2 Switch Access and Login	349
47.3 Switch Configuration	351
Customer Support	353
Common Services	359
IPv6	362
Legal Information	370

Match case Limit results 1 per page

Chapter 24 AAA

GS1920 Series User’s Guide

196

24.6

Technical Reference

This section provides technical background information on the topics discussed in this chapter.

24.6.1

Vendor Specific Attribute

RFC 2865 standard specifies a method for sending vendor-specific information between a RADIUS

server and a network access device (for example, the Switch). A company can create Vendor

Specific Attributes (VSAs) to expand the functionality of a RADIUS server.

The Switch supports VSAs that allow you to perform the following actions based on user

authentication:

Method

Select whether you want to use RADIUS or TACACS+ for authorization of specific types of

events.

RADIUS is the only method for IEEE 802.1x authorization.

Accounting

Use this section to configure accounting settings on the Switch.

Update Period

This is the amount of time in minutes before the Switch sends an update to the accounting

server. This is only valid if you select the

start-stop

option for the

Dot1x

entry.

Type

The Switch supports the following types of events to be sent to the accounting server(s):

•

System

- Configure the Switch to send information when the following system events

occur: system boots up, system shuts down, system accounting is enabled, system

accounting is disabled

•

Dot1x

- Configure the Switch to send information when an IEEE 802.1x client begins a

session (authenticates via the Switch), ends a session as well as interim updates of a

session.

Active

Select this to activate accounting for a specified event types.

Broadcast

Select this to have the Switch send accounting information to all configured accounting

servers at the same time.

If you don’t select this and you have two accounting servers set up, then the Switch sends

information to the first accounting server and if it doesn’t get a response from the

accounting server then it tries the second accounting server.

Mode

The Switch supports two modes of recording login events. Select:

•

start-stop

- to have the Switch send information to the accounting server when a user

begins a session, during a user’s session (if it lasts past the

Update Period

), and when a

user ends a session.

•

stop-only

- to have the Switch send information to the accounting server only when a

user ends a session.

Method

Select whether you want to use RADIUS or TACACS+ for accounting of specific types of

events.

TACACS+ is the only method for recording

type of event.

Apply

Click

Apply

to save your changes to the Switch’s run-time memory. The Switch loses these

changes if it is turned off or loses power, so use the

Save

link on the top navigation panel

to save your changes to the non-volatile memory when you are done configuring.

Cancel

Click

Cancel

to begin configuring this screen afresh.

Table 86

Advanced Application > AAA > AAA Setup

(continued)

LABEL

DESCRIPTION