Manual

ManualsBrandsLuxul ManualsRoutersXMS-1024P

211

212

213

214

215

216

217

218

219

220

214

XMS-1024P

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

In PAP mode, the Switch (instead of the Server) encrypts the Password and sends

the User Name using the Randomly-Generated key, and the Supplicant-Encrypted

Password to the RADIUS Server for further Authentication.

802.1X/RADIUS Timer

In 802.1X Authentication, the following timers are used to ensure that the Supplicant,

the Switch, and the RADIUS Server interact correctly:



Supplicant Timeout: This timer is triggered by the Switch after the Switch sends a

Request packet to a Supplicant. The Switch will resend the Request packet to the

Supplicant if the Supplicant fails to respond within the speciﬁed timeout period.



Server Timeout: This timer is triggered by the Switch after the Switch sends an

Authentication Request packet to RADIUS Server. The Switch will resend the

Authentication Request packet if the RADIUS Server fails to respond within the speci-

ﬁed timeout period.



Quiet Period: This timer sets the Quiet-Period. When a Supplicant fails to forward

an Authentication response, the Switch will ignore Authentication packets from

the Supplicant for the speciﬁed period, before it processes another Authentication

Request from the Supplicant.

Guest VLAN

The Guest VLAN function enables Supplicants that do not pass Authentication to

access speciﬁed Network resources.

By default, all of the Ports connected to the Supplicants belong to a VLAN (i.e. Guest

VLAN). Users belonging to the Guest VLAN can access the resources of the Guest VLAN

without being Authenticated. But they need to be Authenticated before accessing se-

curity sensitive resources. After passing the Authentication, the Ports will be removed

from the Guest VLAN and be allowed to access the security sensitive resources.

With the Guest VLAN function enabled, users can access the Guest VLAN to install

the 802.1X/RADIUS Client program or Upgrade the 802.1X/RADIUS Client without

being Authenticated.

With the 802.1X/RADIUS function enabled and Guest VLAN conﬁgured. After the

maximum number Retries have been made sending the EAP-Request/Identity packets,

and there are still Ports that have not sent any response back, the Switch will then add

these Ports into the Guest VLAN. Only when the corresponding Supplicant passes the

802.1X/RADIUS Authentication, will the Port be removed from the Guest VLAN and

added to the speciﬁed VLAN. The Port will be put back in the Guest VLAN when its

Supplicant logs off.