Comtrol RocketLinx MP1204-XT User Manual page 80

Security | Network | NAS
Item
Hold Time
RADIUS-Assigned
QoS Enabled
RADIUS-Assigned
VLAN Enabled
Guest VLAN
Enabled
Guest VLAN ID
Max. Reauth. Count
80 - Configuration Pages
Configuration | Security | Network | NAS (Continued)
This setting applies to the following modes, that is, modes using the Port Security
functionality to secure MAC addresses:
• Single 802.1X
• Multi 802.1X
• MAC-Based Auth
If a client is denied access - either because the RADIUS server denies the client
access or because the RADIUS server request times out (according to the timeout
specified on the Configuration | Security | AAA page) - the client is put on hold in the
Unauthorized state. The hold timer does not count during an on-going
authentication.
In MAC-based Auth mode, the MP1204-XT ignores new frames coming from the
client during the hold time.
The Hold Time can be set to a number between 10 and 1000000 seconds.
RADIUS-assigned QoS provides a means to centrally control the traffic class to
which traffic coming from a successfully authenticated supplicant is assigned on
the switch. The RADIUS server must be configured to transmit special RADIUS
attributes to take advantage of this feature (see RADIUS-Assigned QoS Enabled
below for a detailed description).
The RADIUS-Assigned QoS Enabled check box provides a quick way to globally
enable/disable RADIUS-server assigned QoS Class functionality. When checked,
the individual ports copy settings determined whether RADIUS-assigned QoS Class
is enabled on that port. When unchecked, RADIUS-server assigned QoS Class is
disabled on all ports.
RADIUS-assigned VLAN provides a means to centrally control the VLAN on
which a successfully authenticated supplicant is placed on the switch. Incoming
traffic is classified to and switched on the RADIUS-assigned VLAN. The RADIUS
server must be configured to transmit special RADIUS attributes to take
advantage of this feature (see RADIUS-Assigned VLAN Enabled below for a detailed
description).
The RADIUS-Assigned VLAN Enabled check box provides a quick way to globally
enable/disable RADIUS-server assigned VLAN functionality. When checked, the
individual ports copy settings determined whether RADIUS-assigned VLAN is
enabled on that port. When unchecked, RADIUS-server assigned VLAN is disabled
on all ports.
A Guest VLAN is a special VLAN - typically with limited network access - on which
802.1X-unaware clients are placed after a network administrator-defined timeout.
The MP1204-XT follows a set of rules for entering and leaving the Guest VLAN as
listed below.
The Guest VLAN Enabled check box provides a quick way to globally enable/disable
Guest VLAN functionality. When checked, the individual ports copy settings
determined whether the port can be moved into Guest VLAN. When unchecked,
the ability to move to the Guest VLAN is disabled on all ports.
This is the value that a ports Port VLAN ID is set to if a port is moved into the
Guest VLAN. It is only changeable if the Guest VLAN option is globally enabled.
Valid values are in the range [1; 4095].
The number of times the MP1204-XT transmits an EAPOL Request Identity frame
without response before considering entering the Guest VLAN is adjusted with
this setting. The value can only be changed if the Guest VLAN option is globally
enabled.
Valid values are in the range [1; 255].
RocketLinx MP1204-XT User Guide: 2000644 Rev. A