Home » ZyXEL Manuals » Networking » ZyXEL GS2200-8 » Manual Viewer

ZyXEL GS2200-8 User Guide - Page 148

Guest VLAN, Internet

Get ZyXEL GS2200-8 PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 148 highlights

Chapter 18 Port Authentication Table 45 Advanced Application > Port Authentication > 802.1x (continued) LABEL DESCRIPTION Reauth Specify if a subscriber has to periodically re-enter his or her username and password to stay connected to the port. Reauth-period Specify the length of time required to pass before a client has to re-enter his or her username and password to stay connected to the port. Quiet-period Specify the number of seconds the port remains in the HELD state and rejects further authentication requests from the connected client after a failed authentication exchange. Tx-period Specify the number of seconds the Switch waits for client's response before re-sending an identity request to the client. Supp-Timeout Specify the number of seconds the Switch waits for client's response to a challenge request before sending another request. Apply Click Apply to save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. 18.3.1 Guest VLAN When 802.1x port authentication is enabled on the Switch and its ports, clients that do not have the correct credentials are blocked from using the port(s). You can configure your Switch to have one VLAN that acts as a guest VLAN. If you enable the guest VLAN (102 in the example) on a port (2 in the example), the user (A in the example) that is not IEEE 802.1x capable or fails to enter the correct username and password can still access the port, but traffic from the user is forwarded to the guest VLAN. That is, unauthenticated users can have access to limited network resources in the same guest VLAN, such as the Internet. The rights granted to the Guest VLAN depends on how the network administrator configures switches or routers with the guest network feature. Figure 93 Guest VLAN Example VLAN 100 2 A VLAN 102 Internet Use this screen to enable and assign a guest VLAN to a port. In the Port Authentication > 802.1x screen click Guest Vlan to display the configuration screen as shown. Note: You can not enable the Guest VLAN feature on a port when a subnet-based VLAN or protocol-based VLAN is activated on the Switch. 148 GS2200-8/24 User's Guide

Section	Page
GS2200-8/24 Series	1
About This User's Guide	3
Document Conventions	6
Safety Warnings	8
Contents Overview	9
Table of Contents	11
User’s Guide	21
Getting to Know Your Switch	23
1.1 Introduction	23
1.1.1 Backbone Application	23
1.1.2 Bridging Example	24
1.1.3 High Performance Switching Example	24
1.1.4 IEEE 802.1Q VLAN Application Examples	25
1.2 Ways to Manage the Switch	26
1.3 Good Habits for Managing the Switch	26
Hardware Installation and Connection	27
2.1 Installation Scenarios	27
2.2 Desktop Installation Procedure	27
2.3 Mounting the Switch on a Rack	27
2.3.1 Rack-mounted Installation Requirements	27
2.3.2 Attaching the Mounting Brackets to the Switch	28
2.3.3 Mounting the Switch on a Rack	29
2.4 Wall Mounting (for GS2200-8 only)	29
Hardware Panels	31
3.1 Overview	31
3.2 Front Panels	31
3.2.1 Console Port	33
3.2.2 Gigabit Ethernet Ports	33
3.2.3 Mini-GBIC Slots	34
3.2.4 Power Connector	35
3.3 LEDs	36
Technical Reference	37
The Web Configurator	39
4.1 Overview	39
4.2 System Login	39
4.3 The Status Screen	40
4.3.1 Change Your Password	44
4.4 Saving Your Configuration	44
4.5 Switch Lockout	44
4.6 Resetting the Switch	45
4.6.1 Reload the Configuration File	45
4.7 Logging Out of the Web Configurator	46
4.8 Help	46
Initial Setup Example	47
5.1 Overview	47
5.1.1 Creating a VLAN	47
5.1.2 Setting Port VID	48
5.2 Configuring Switch Management IP Address	49
Tutorials	51
6.1 Overview	51
6.2 How to Use DHCP Snooping on the Switch	51
6.3 How to Use DHCP Relay on the Switch	54
6.3.1 DHCP Relay Tutorial Introduction	55
6.3.2 Creating a VLAN	55
6.3.3 Configuring DHCP Relay	58
6.3.4 Troubleshooting	59
System Status and Port Statistics	60
7.1 Overview	60
7.1.1 What You Can Do	60
7.2 Port Status Summary	61
7.2.1 Status: Port Details	63
Basic Setting	66
8.1 Overview	66
8.1.1 What You Can Do	66
8.2 System Information	67
8.3 General Setup	69
8.4 Introduction to VLANs	70
8.5 Switch Setup Screen	71
8.6 IP Setup	72
8.6.1 Management IP Addresses	73
8.7 Port Setup	75
8.8 PoE Status	76
8.8.1 PoE Setup	79
VLAN	83
9.1 Overview	83
9.1.1 What You Can Do	83
9.1.2 What You Need to Know	83
9.2 VLAN Status	86
9.2.1 VLAN Details	87
9.3 Configure a Static VLAN	88
9.4 Configure VLAN Port Settings	90
9.5 Subnet Based VLANs	91
9.5.1 Configuring Subnet Based VLAN	92
9.6 Protocol Based VLANs	94
9.6.1 Configuring Protocol Based VLAN	94
9.7 Port-based VLAN Setup	96
9.7.1 Configure a Port-based VLAN	97
9.8 Technical Reference	99
9.8.1 Create an IP-based VLAN Example	99
Static MAC Forward Setup	101
10.1 Overview	101
10.1.1 What You Can Do	101
10.2 Configuring Static MAC Forwarding	101
Static Multicast Forward Setup	103
11.1 Overview	103
11.1.1 What You Can Do	103
11.1.2 What You Need To Know	103
11.2 Configuring Static Multicast Forwarding	104
Filtering	107
12.1 Overview	107
12.1.1 What You Can Do	107
12.2 Configure a Filtering Rule	107
Spanning Tree Protocol	109
13.1 Overview	109
13.1.1 What You Can Do	109
13.1.2 What You Need to Know	109
13.2 Spanning Tree Protocol Status Screen	112
13.3 Spanning Tree Configuration	113
13.4 Configure Rapid Spanning Tree Protocol	114
13.5 Rapid Spanning Tree Protocol Status	115
13.6 Configure Multiple Rapid Spanning Tree Protocol	117
13.7 Multiple Rapid Spanning Tree Protocol Status	118
13.8 Configure Multiple Spanning Tree Protocol	120
13.8.1 Multiple Spanning Tree Protocol Port Configuration	123
13.9 Multiple Spanning Tree Protocol Status	123
13.10 Technical Reference	125
13.10.1 MSTP Network Example	126
13.10.2 MST Region	126
13.10.3 MST Instance	127
13.10.4 Common and Internal Spanning Tree (CIST)	127
Bandwidth Control	129
14.1 Overview	129
14.1.1 What You Can Do	129
14.2 Bandwidth Control Setup	130
Broadcast Storm Control	132
15.1 Overview	132
15.1.1 What You Can Do	132
15.2 Broadcast Storm Control Setup	133
Mirroring	134
16.1 Overview	134
16.1.1 What You Can Do	134
16.2 Port Mirroring Setup	135
Link Aggregation	137
17.1 Overview	137
17.1.1 What You Can Do	137
17.1.2 What You Need to Know	137
17.2 Link Aggregation Status	138
17.3 Link Aggregation Setting	140
17.4 Link Aggregation Control Protocol	142
17.5 Technical Reference	143
17.5.1 Static Trunking Example	143
Port Authentication	145
18.1 Overview	145
18.1.1 What You Can Do	145
18.1.2 What You Need to Know	145
18.2 Port Authentication Configuration	146
18.3 Activate IEEE 802.1x Security	147
18.3.1 Guest VLAN	148
Port Security	151
19.1 Overview	151
19.1.1 What You Can Do	151
19.2 Port Security Setup	152
Classifier	154
20.1 Overview	154
20.1.1 What You Can Do	154
20.1.2 What You Need to Know	154
20.2 Configuring the Classifier	154
20.2.1 Viewing and Editing Classifier Configuration	156
20.3 Classifier Example	158
Policy Rule	160
21.1 Policy Rules Overview	160
21.1.1 What You Can Do	160
21.2 Configuring Policy Rules	160
21.2.1 Viewing and Editing Policy Configuration	163
21.3 Policy Example	164
Queuing Method	165
22.1 Overview	165
22.1.1 What You Can Do	165
22.1.2 What You Need to Know	165
22.2 Configuring Queuing	166
Multicast	168
23.1 Overview	168
23.1.1 What You Can Do	168
23.1.2 What You Need to Know	168
23.2 Multicast Status	170
23.3 Multicast Setting	171
23.4 IGMP Snooping VLAN	174
23.5 IGMP Filtering Profile	175
23.6 The MVR Screen	176
23.6.1 MVR Group Configuration	178
23.6.2 MVR Configuration Example	179
AAA	182
24.1 Overview	182
24.1.1 What You Can Do	182
24.1.2 What You Need to Know	182
24.2 AAA Screens	183
24.3 RADIUS Server Setup	183
24.4 TACACS+ Server Setup	186
24.5 AAA Setup	188
24.6 Technical Reference	190
24.6.1 Vendor Specific Attribute	190
24.6.2 Supported RADIUS Attributes	191
24.6.3 Attributes Used for Authentication	192
IP Source Guard	193
25.1 Overview	193
25.1.1 What You Can Do	193
25.1.2 What You Need to Know	194
25.2 IP Source Guard	194
25.3 IP Source Guard Static Binding	195
25.4 DHCP Snooping	196
25.5 DHCP Snooping Configure	199
25.5.1 DHCP Snooping Port Configure	201
25.5.2 DHCP Snooping VLAN Configure	203
25.6 ARP Inspection Status	204
25.7 ARP Inspection VLAN Status	205
25.8 ARP Inspection Log Status	206
25.9 ARP Inspection Configure	207
25.9.1 ARP Inspection Port Configure	208
25.9.2 ARP Inspection VLAN Configure	210
25.10 Technical Reference	211
25.10.1 DHCP Snooping Overview	211
25.10.2 ARP Inspection Overview	213
Loop Guard	215
26.1 Overview	215
26.1.1 What You Can Do	215
26.1.2 What You Need to Know	215
26.2 Loop Guard Setup	217
Layer 2 Protocol Tunneling	219
27.1 Overview	219
27.1.1 What You Can Do	219
27.1.2 What You Need to Know	219
27.2 Configuring Layer 2 Protocol Tunneling	221
PPPoE	223
28.1 PPPoE Intermediate Agent Overview	223
28.1.1 What You Can Do	223
28.1.2 What You Need to Know	223
28.2 The PPPoE Screen	225
28.3 PPPoE Intermediate Agent	226
28.3.1 PPPoE IA Per-Port	227
28.3.2 PPPoE IA Per-Port Per-VLAN	228
28.3.3 PPPoE IA for VLAN	230
Error Disable	231
29.1 Overview	231
29.1.1 What You Can Do	231
29.1.2 What You Need to Know	231
29.2 The Error Disable Screen	232
29.3 CPU Protection Configuration	232
29.4 Error-Disable Detect Configuration	233
29.5 Error-Disable Recovery Configuration	234
Static Route	237
30.1 Overview	237
30.1.1 What You Can Do	237
30.2 Configuring Static Routing	238
Differentiated Services	240
31.1 Overview	240
31.1.1 What You Can Do	240
31.1.2 What You Need to Know	240
31.2 Activating DiffServ	241
31.3 DSCP-to-IEEE 802.1p Priority Settings	242
31.3.1 Configuring DSCP Settings	242
DHCP	244
32.1 DHCP Overview	244
32.1.1 What You Can Do	244
32.1.2 What You Need to Know	244
32.2 DHCP Status	245
32.3 Configuring DHCP Global Relay	246
32.3.1 Global DHCP Relay Configuration Example	247
32.4 Configuring DHCP VLAN Settings	247
32.4.1 Example: DHCP Relay for Two VLANs	248
ARP Learning	250
33.1 ARP Overview	250
33.1.1 What You Can Do	250
33.1.2 What You Need to Know	250
33.2 Configuring ARP Learning	252
Maintenance	255
34.1 Overview	255
34.1.1 What You Can Do	255
34.2 The Maintenance Screen	255
34.2.1 Load Factory Default	256
34.2.2 Save Configuration	256
34.2.3 Reboot System	257
34.3 Firmware Upgrade	257
34.4 Restore a Configuration File	258
34.5 Backup a Configuration File	258
34.6 Technical Reference	259
34.6.1 FTP Command Line	259
34.6.2 Filename Conventions	259
34.6.3 FTP Command Line Procedure	259
34.6.4 GUI-based FTP Clients	260
34.6.5 FTP Restrictions	260
Access Control	261
35.1 Overview	261
35.1.1 What You Can Do	261
35.2 The Access Control Main Screen	261
35.3 Configuring SNMP	262
35.3.1 Configuring SNMP Trap Group	264
35.3.2 Configuring SNMP User	265
35.4 Setting Up Login Accounts	266
35.5 Service Port Access Control	268
35.6 Remote Management	268
35.7 Technical Reference	270
35.7.1 About SNMP	270
35.7.2 SSH Overview	277
35.7.3 Introduction to HTTPS	278
Diagnostic	285
36.1 Overview	285
36.2 Diagnostic	285
Syslog	287
37.1 Overview	287
37.1.1 What You Can Do	287
37.2 Syslog Setup	287
37.3 Syslog Server Setup	289
Cluster Management	290
38.1 Overview	290
38.1.1 What You Can Do	291
38.2 Cluster Management Status	291
38.3 Clustering Management Configuration	292
38.4 Technical Reference	294
38.4.1 Cluster Member Switch Management	294
MAC Table	296
39.1 Overview	296
39.1.1 What You Can Do	296
39.1.2 What You Need to Know	296
39.2 Viewing the MAC Table	297
ARP Table	299
40.1 Overview	299
40.1.1 What You Can Do	299
40.1.2 What You Need to Know	299
40.2 Viewing the ARP Table	299
Configure Clone	301
41.1 Overview	301
41.2 Configure Clone	301
Troubleshooting	303
42.1 Power, Hardware Connections, and LEDs	303
42.2 Switch Access and Login	304
42.3 Switch Configuration	306
Product Specifications	307
Changing a Fuse	315
Common Services	317
Legal Information	321

Match case Limit results 1 per page

Chapter 18 Port Authentication

GS2200-8/24 User’s Guide

148

18.3.1

Guest VLAN

When 802.1x port authentication is enabled on the Switch and its ports, clients that do not have the

correct credentials are blocked from using the port(s). You can configure your Switch to have one

VLAN that acts as a guest VLAN. If you enable the guest VLAN (

102

in the example) on a port (

the example), the user (

in the example) that is not IEEE 802.1x capable or fails to enter the

correct username and password can still access the port, but traffic from the user is forwarded to

the guest VLAN. That is, unauthenticated users can have access to limited network resources in the

same guest VLAN, such as the Internet. The rights granted to the Guest VLAN depends on how the

network administrator configures switches or routers with the guest network feature.

Figure 93

Guest VLAN Example

Use this screen to enable and assign a guest VLAN to a port. In the

Port Authentication >

802.1x

screen click

Guest Vlan

to display the configuration screen as shown.

Note: You can not enable the Guest VLAN feature on a port when a subnet-based VLAN or

protocol-based VLAN is activated on the Switch.

Reauth

Specify if a subscriber has to periodically re-enter his or her username and password to

stay connected to the port.

Reauth-period

Specify the length of time required to pass before a client has to re-enter his or her

username and password to stay connected to the port.

Quiet-period

Specify the number of seconds the port remains in the HELD state and rejects further

authentication requests from the connected client after a failed authentication exchange.

Tx-period

Specify the number of seconds the Switch waits for client’s response before re-sending an

identity request to the client.

Supp-Timeout

Specify the number of seconds the Switch waits for client’s response to a challenge request

before sending another request.

Apply

Click

Apply

to save your changes to the Switch’s run-time memory. The Switch loses these

changes if it is turned off or loses power, so use the

Save

link on the top navigation panel

to save your changes to the non-volatile memory when you are done configuring.

Cancel

Click

Cancel

to begin configuring this screen afresh.

Table 45

Advanced Application > Port Authentication > 802.1x

(continued)

LABEL

DESCRIPTION

Internet

VLAN 100

VLAN 102