Manualshelf

User manual

ManualsBrandsLG ManualsNetworkingES-2026
161162163164165166167168169170
C
HAPTER
14
| Security Measures
Network Access
– 168 –
ES-2000 Series
NETWORK ACCESS
The Network Access pages are used to enable aging for secure addresses
stored in the MAC address table (using 802.1X), and to assign a host to the
VLANs specified for that specific device on a RADIUS server (see
"Configuring 802.1X Port Authentication" on page 189).
COMMAND USAGE
When Dynamic VLAN is enabled on a port, the 802.1X authentication
process sends a Password Authentication Protocol (PAP) request to a
configured RADIUS server. The type of user name and password sent to
the RADIUS server depends on 802.1X Operation Mode (page 192).
Text is used for normal host-based authentication, or the host’s MAC
address is used for both the user name and password for MAC-based
authentication. When MAC-based authentication is used by 802.1X, the
PAP user name and password on the RADIUS server must be configured
in the MAC address format XX-XX-XX-XX-XX-XX (all in upper case).
If the RADIUS server finds an entry for the host, and that entry
contains a VLAN identifier list, this list will be returned to the switch and
applied to the port. The following attributes need to be configured on
the RADIUS server.
Tunnel-Type = VLAN
Tunnel-Medium-Type = 802
Tunnel-Private-Group-ID = 1u,2t [VLAN ID list]
The VLAN identifier list is carried in the RADIUS “Tunnel-Private-Group-
ID” attribute. The VLAN list can contain multiple VLAN identifiers in the
format “1u,2t,3u” where “u” indicates an untagged VLAN and “t” a
tagged VLAN.
CONFIGURING GLOBAL
SETTINGS FOR
NETWORK ACCESS
Use the Security > Network Access (Configure Global) page to enable
aging for secure addresses stored in the MAC address table (see
"Configuring 802.1X Port Authentication" on page 189).
PARAMETERS
These parameters are displayed:
Aging Status – Enables aging for dynamically learned secure
addresses stored in the MAC address table. (Default: Disabled)
This parameter applies to any secure MAC addresses authenticated by
802.1X, regardless of the 802.1X Operation Mode (Single-Host, Multi-
Host, or MAC-Based authentication as described on page 192).