Aaa > 802.1X > 802.1X Global Settings; Aaa > 802.1X > 802.1X Port Settings - D-Link DGS-1210 Series Manual

4 Web-based Switch Configuration
D-Link Smart Managed Switch User Manual
Index: Choose the desired RADIUS server to configure: 1, 2 or 3. The user can create maximum 5 RADIUS
servers.
IP Address: Select IPv4 or IPv6 and enter the IP address.
Authentication Port (1 - 65535): Set the RADIUS authentic server(s) UDP port. The default port is 1812.
Accounting Port (1 - 65535): Set the RADIUS account server(s) UDP port. The default port is 1813.
Timeout (1 – 255 sec): This field will set the time the Switch will wait for a response of authentication from
the user. The user may set a time between 1 and 255 seconds. The default setting is 5 seconds.
Retransmit (1 – 255 times): This command will configure the maximum number of times the Switch will
accept authentication attempts. Users failing to be authenticated after the set amount of attempts will be
denied access to the Switch and will be locked out of further authentication attempts. Command line
interface users will have to wait 60 seconds before another authentication attempt. Telnet and web users will
be disconnected from the Switch. The user may set the number of attempts from 1 to 255. The default
setting is 2.
Key: Set the key the same as that of the RADIUS server.
Confirm Key: Confirm the shared key is the same as that of the RADIUS server.
Click the Apply button to implement changes made.
AAA > 802.1X > 802.1X Global Settings
Network switches provide easy and open access to resources, by simply attaching a client PC. Unfortunately
this automatic configuration also allows unauthorized personnel to easily intrude and possibly gain access to
sensitive data.
IEEE-802.1X provides a security standard for network access control, especially in Wi-Fi wireless networks.
802.1X holds a network port disconnected until authentication is completed. The switch uses Extensible
Authentication Protocol over LANs (EAPOL) to exchange authentication protocol client identity (such as a
user name) with the client, and forward it to another remote RADIUS authentication server to verify access
rights. The EAP packet from the RADIUS server also contains the authentication method to be used. The
client can reject the authentication method and request another, depending on the configuration of the client
software and the RADIUS server. Depending on the authenticated results, the port is either made available
to the user, or the user is denied access to the network.
Figure 4.128 – AAA > 802.1x Global Settings
Authentication State: Specifies to enable or disable the 802.1X function.
Forward EAPOL PDU: This is a global setting to control the forwarding of EAPOL PDU. When 802.1X
functionality is disabled globally or for a port, and if 802.1X forward PDU is enabled both globally and for the
port, a received EAPOL packet on the port will be flooded in the same VLAN to those ports for which 802.1X
forward PDU is enabled and 802.1X is disabled (globally or just for the port). The default state is disabled.
Authentication Protocol: Indicates the 802.1X Protocol on the device. The possible field values are Local
and RADIUS.
Click the Apply button to implement changes made.
AAA > 802.1X > 802.1X Port Settings
To use EAP for security, set the 802.1X Port Settings for the Radius Server and applicable authentication
information.
100