TRENDnet TI-RP262i User Manual page 117

TRENDnet User's Guide
If the Destination IP field has been configured and this field is
empty, it means the profile will filter the one IP configured in
Destination IP field.
Configures the IP protocol type. The setting will be used for
Source Application and Destination Application.
IP Protocol
TCP:0x06. UDP:0x11.
Source
Configures the source UDP/TCP ports of the packets that you
want to filter.
Application
Destination Configures the destination UDP/TCP ports of the packets that
Application you want to filter.
Source
Configures one or a rage of the source interfaces of the packets
that you want to filter.
Interface(s)
Apply Click Apply to add/modify the settings.
Refresh Click Refresh to begin configuring this screen afresh.
802.1x
IEEE 802.1X is an IEEE Standard for port-based Network Access Control ("port" meaning
a single point of attachment to the LAN infrastructure). It is part of the IEEE 802.1 group
of networking protocols. It provides an authentication mechanism to devices wishing to
attach to a LAN, either establishing a point-to-point connection or preventing it if
authentication fails. It is used for most wireless 802.11 access points and is based on the
Extensible Authentication Protocol (EAP).
802.1X provides port-based authentication, which involves communications between a
supplicant, authenticator, and authentication server. The supplicant is often software on
a client device, such as a laptop, the authenticator is a wired Ethernet switch or wireless
access point, and an authentication server is generally a RADIUS database. The
authenticator acts like a security guard to a protected network. The supplicant (i.e.,
client device) is not allowed access through the authenticator to the protected side of
the network until the supplicant's identity is authorized. An analogy to this is providing a
© Copyright 2018 TRENDnet. All Rights Reserved.
valid passport at an airport before being allowed to pass through security to the
terminal. With 802.1X port-based authentication, the supplicant provides credentials,
such as user name/password or digital certificate, to the authenticator, and the
authenticator forwards the credentials to the authentication server for verification. If
the credentials are valid (in the authentication server database), the supplicant (client
device) is allowed to access resources located on the protected side of the network.
Upon detection of the new client (supplicant), the port on the switch (authenticator) is
enabled and set to the "unauthorized" state. In this state, only 802.1X traffic is allowed;
other traffic, such as DHCP and HTTP, is blocked at the network layer (Layer 3). The
authenticator sends out the EAP-Request identity to the supplicant, the supplicant
responds with the EAP-response packet that the authenticator forwards to the
authenticating server. If the authenticating server accepts the request, the
authenticator sets the port to the "authorized" mode and normal traffic is allowed.
When the supplicant logs off, it sends an EAP-logoff message to the authenticator. The
authenticator then sets the port to the "unauthorized" state, once again blocking all
non-EAP traffic.
The following figure illustrates how a client connecting to an IEEE 802.1x authentication
enabled port goes through a validation process. The Switch prompts the client for login
information in the form of a user name and password.
When the client provides the login credentials, the Switch sends an authentication
request to a RADIUS server. The RADIUS server validates whether this client is allowed
access to the port.
Managed Industrial L2 Switch
114