TRENDnet TI-PG1284i User Manual page 151

12-port hardened industrial gigabit poe+ layer 2+ managed din-rail switch

Hide thumbs Also See for TI-PG1284i:

Quick installation manual (14 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

Table of Contents

TRENDnet User's Guide

Upon detection of the new client (supplicant), the port on the switch (authenticator) is

enabled and set to the "unauthorized" state. In this state, only 802.1X traffic is allowed;

other traffic, such as DHCP and HTTP, is blocked at the network layer (Layer 3). The

authenticator sends out the EAP-Request identity to the supplicant, the supplicant

responds with the EAP-response packet that the authenticator forwards to the

authenticating server. If the authenticating server accepts the request, the authenticator

sets the port to the "authorized" mode and normal traffic is allowed. When the supplicant

logs off, it sends an EAP-logoff message to the authenticator. The authenticator then sets

the port to the "unauthorized" state, once again blocking all non-EAP traffic.

The following figure illustrates how a client connecting to an IEEE 802.1x authentication

enabled port goes through a validation process. The Switch prompts the client for login

information in the form of a user name and password.

When the client provides the login credentials, the Switch sends an authentication

request to a RADIUS server. The RADIUS server validates whether this client is allowed

access to the port.

Local User Accounts

By storing user profiles locally on the Switch, your Switch is able to authenticate users

without interacting with a network authentication server. However, there is a limit on the

number of users you may authenticate in this way.

Guest VLAN:

The Guest VLAN in IEEE 802.1x port authentication on the switch to

provide limited services to clients, such as downloading the IEEE 802.1x

client. These clients might be upgrading their system for IEEE 802.1x

authentication.

When you enable a guest VLAN on an IEEE 802.1x port, the switch assigns

clients to a guest VLAN when the switch does not receive a response to its

EAP request/identity frame or when EAPOL packets are not sent by the

client.

Port Parameters:



Admin Control Direction:

both

- drop incoming and outgoing packets on the port when a user has not

passed 802.1x port authentication.

- drop only incoming packets on the port when a user has not passed

802.1x port authentication.



Re-authentication:

Specify if a subscriber has to periodically re-enter his or her username and password

to stay connected to the port.



Reauth-period:

Specify how often a client has to re-enter his or her username and password to stay

connected to the port. The acceptable range for this field is 0 to 65535 seconds.



Port Control Mode:

auto

: Users can access network after authenticating.

force-authorized

: Users can access network without authentication.

force-unauthorized : Users cannot access network.



Quiet Period:

TI-PG1284i

148

Table of Contents

Show Quick Links

Quick Links:
Basic Ip Configuration
Access Your Switch Command Line Interface
Cli Command Modes

Hide quick links:

Table of Contents

TRENDnet TI-PG1284i User Manual page 151

Hide quick links:

Related Manuals for TRENDnet TI-PG1284i

Related Products for TRENDnet TI-PG1284i

Table of Contents