Black Box LPB2910A User Manual page 79

secure M AC a ddresses:
• S ingle 8 02.1X
• M ulti 8 02.1X
• M AC-­‐Based A uth.
If a client is denied access— either because the RADIUS server denies the client access or because
the RADIUS server request times out (according to the timeout specified on the
"Configuration→Security→AAA" page)— the client is put on hold in the Unauthorized state. The
hold t imer d oes n ot c ount d uring a n o ngoing a uthentication.
In MAC-­‐based Auth. mode, the switch will ignore new frames coming from the client during the
hold t ime.
The H old T ime c an b e s et t o a n umber b etween 1 0 a nd 1 000000 s econds.
RADIUS-­‐Assigned Q oS E nabled:

RADIUS-­‐assigned Q oS p rovides a m eans t o c entrally c ontrol t he t raffic c lass t o w hich t raffic c oming
from a s uccessfully a uthenticated s upplicant i s a ssigned o n t he s witch. T he R ADIUS s erver m ust b e
configured to transmit special RADIUS attributes to take advantage of this feature (see
RADIUS-­‐Assigned Q oS E nabled b elow f or a d etailed d escription).
The "RADIUS-­‐Assigned QoS Enabled" checkbox provides a quick way to globally enable/disable
RADIUS-­‐server assigned QoS Class functionality. When checked, the individual ports' ditto setting
determines whether RADIUS-­‐assigned QoS Class is enabled on that port. When unchecked,
RADIUS-­‐server a ssigned Q oS C lass i s d isabled o n a ll p orts.
RADIUS-­‐Assigned V LAN E nabled:

RADIUS-­‐assigned VLAN provides a means to centrally control the VLAN on which a successfully
authenticated s upplicant i s p laced o n t he s witch. I ncoming t raffic w ill b e c lassified t o a nd s witched
on the RADIUS-­‐assigned VLAN. The RADIUS server must be configured to transmit special RADIUS
attributes to take advantage of this feature (see RADIUS-­‐Assigned VLAN Enabled below for a
detailed d escription).
The "RADIUS-­‐Assigned VLAN Enabled" checkbox provides a quick way to globally enable/disable
RADIUS-­‐server assigned VLAN functionality. When checked, the individual ports' ditto setting
determines whether RADIUS-­‐assigned VLAN is enabled on that port. When unchecked,
RADIUS-­‐server a ssigned V LAN i s d isabled o n a ll p orts.
 Guest V LAN E nabled:
A G uest V LAN i s a s pecial V LAN— t ypically w ith l imited n etwork a ccess—on w hich 8 02.1X-­‐unaware
clients are placed after a network administrator-­‐defined timeout. The switch follows a set of rules
for e ntering a nd l eaving t he G uest V LAN a s l isted b elow.
The "Guest VLAN Enabled" checkbox provides a quick way to globally enable/disable Guest VLAN
functionality. When checked, the individual port's ditto setting determines whether the port can
be m oved i nto G uest V LAN. W hen u nchecked, t he a bility t o m ove t o t he G uest V LAN i s d isabled o n
all p orts.
Guest V LAN I D:

This i s t he v alue t hat a p ort's P ort V LAN I D i s s et t o i f a p ort i s m oved i nto t he G uest V LAN. I t i s o nly
changeable i f t he G uest V LAN o ption i s g lobally e nabled.
Valid v alues a re i n t he r ange 1 –4095.
Max. R eauth. C ount:

The number of times the switch transmits an EAPOL Request Identity frame without response
before considering entering the Guest VLAN is adjusted with this setting. The value can only be
changed i f t he G uest V LAN o ption i s g lobally e nabled.
Valid v alues a re i n t he r ange 1 – 2 55.
Allow G uest V LAN i f E APOL S een:

The s witch r emembers i f a n E APOL f rame h as b een r eceived o n t he p ort f or t he l ifetime o f t he p ort.
67
Publication date: Sept, 2015
Revision A1