Security; Configure Port Access Control - TRENDnet TEG-160WS User Manual

TRENDnet User's Guide

Security

This chapter contains information about the Port-based security features and the
procedures for setting this feature.

Configure Port Access Control

Security > Port Access Control
This section contains information and configuration procedures for the
Port-based Access Control. Port-based Network Access Control (IEEE 802.1x) is used to
control who can send traffic through and receive traffic from a switch port. With this
feature, the switch does not allow an end node to send or receive traffic through a port
until the user of the node logs on by entering a user name and password.
This feature can prevent an unauthorized individual from connecting a computer to a
port or using an unattended workstation to access your network resources. Only those
users to whom you have assigned a user name and password are able to use the switch
to access the network.
This feature can be used with one of two authentication methods:
•
The RADIUS authentication protocol requires that a remote RADIUS server is
present on your network. The RADIUS server performs the authentication of
the user name and password combinations.
•
The Dial-in User (local) authentication method allows you to set up the
authentication parameters internally in the switch without an external server.
In this case, the user name and password combinations are entered in the
associated with an optional VLAN when they are defined. Based on these
entries, the authentication process is done locally by the Web Management
Utility using a standard EAPOL transaction.
Note: RADIUS with Extensible Authentication Protocol (EAP) extensions is the only
supported authentication server for this feature.
1. Log into your switch management page (see
on page 7).
2. Click on Security and click on Port Access Control.
© Copyright 2014 TRENDnet. All Rights Reserved.
"Access your switch management page"
3. Review the settings. Click Apply to save the settings.
Configure the following parameters as required:
•
NAS ID - This parameter assigns an 802.1x identifier to the switch that applies
to all ports. The NAS ID can be up to sixteen characters. Valid characters are 0
to 9, a to z, and A to Z. Spaces are allowed. Specifying an NAS ID is optional.
•
Port Access Control - This parameter enables or disables Port Access Control.
Select one of the following choices from the pulldown menu:
Enable: The Port Access Control feature is activated.
o
Disable: The Port Access Control feature is de-activated.
o
• Authentication Method - This parameter indicates the authentication method
used by the switch. Select one of the following choices:
RADIUS: This parameter configures port security for remote
o
authentication. After completing steps, you must configure the
"RADIUS Client" section.
Local: This parameter configures port security for local authentication.
o
After completing steps, you must configure the parameters for "Dial-in
User— Local Authentication" section.
TACACS+: This parameter configures port security for terminal
o
authentication. After completing steps, you must configure the
"TACACS+ Settings" section.
4. Click Save Settings to Flash (menu).
5. Click Save Settings to Flash (button), then click OK.
Note: This step saves all configuration changes to the NV-RAM to ensure that if the
switch is rebooted or power cycled, the configuration changes will still be applied.
TEG-160WS
66