User Manual
Table Of Contents
- S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches with 2 or 4 SFP Ports
- Contents
- 1 Get Started
- Available Publications
- Switch Management and Discovery Overview
- Options to Change the Default IP Address of the Switch
- Discover or Change the Switch IP Address
- About the User Interfaces
- Access the Local Browser Interface
- Change the Language of the Local Browser Interface
- Use the Device View of the Local Browser Interface
- Interface Naming Conventions
- Configure Interface Settings
- Context-Sensitive Help and Access to the Support WebSite
- Access the User Manual Online
- Register Your Product
- 2 Configure System Information
- 3 Configure Switching
- Configure the Port Settings and Maximum Frame Size
- Configure Link Aggregation Groups
- Configure LAG Settings
- Configure LAG Membership
- Set the LACP System Priority
- Set the LACP Port Priority Settings
- Configure VLANs
- Configure VLAN Settings
- Configure VLAN Membership
- View the VLAN Status
- Configure Port PVID Settings
- Configure a MAC-Based VLAN
- Configure Protocol-Based VLAN Groups
- Configure Protocol-Based VLAN Group Membership
- Configure a Voice VLAN
- Configure Auto-VoIP
- Configure Spanning Tree Protocol
- Configure Multicast
- View, Search, or Clear the MFDB Table
- View the MFDB Statistics
- Configure the Auto-Video Multicast Settings
- About IGMP Snooping
- Configure IGMP Snooping
- Configure IGMP Snooping for Interfaces
- View, Search, or Clear the IGMP Snooping Table
- Configure IGMP Snooping for VLANs
- Modify IGMP Snooping Settings for a VLAN
- Disable IGMP Snooping on a VLAN
- Configure a Multicast Router Interface
- Configure a Multicast Router VLAN
- IGMP Snooping Querier Overview
- Configure an IGMP Snooping Querier
- Configure an IGMP Snooping Querier for VLANs
- Display IGMP Snooping Querier for VLAN Status
- View, Search, and Manage the MAC Address Table
- Configure Layer 2 Loop Protection
- 4 Configure Quality of Service
- 5 Manage Device Security
- Configure the Management Security Settings
- Configure Management Access
- Configure Port Authentication
- Set Up Traffic Control
- Configure Access Control Lists
- Use the ACL Wizard to Create a Simple ACL
- Configure a Basic MAC ACL
- Configure MAC ACL Rules
- Configure MAC Bindings
- View or Delete MAC ACL Bindings in the MAC Binding Table
- Configure a Basic or Extended IP ACL
- Configure Rules for a Basic IP ACL
- Configure Rules for an Extended IP ACL
- Configure IP ACL Interface Bindings
- View or Delete IP ACL Bindings in the IP ACL Binding Table
- 6 Monitor the System
- 7 Maintenance
- A Configuration Examples
- B Specifications and Default Settings
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches
Manage Device Security User Manual244
For example, you can use this mode if an IP phone is connected to a NAS port
and a virtual machine controller (VMC) is connected to the hub port of the IP
phone. Both the VMC and the IP phone need to be authenticated to access the
network services behind the NAS. If the VMC hosts multiple virtual machines,
after the VMC is authenticated, traffic is allowed from all virtual machines that are
hosted by the VMC.
Note: If a data client is authenticated first, a voice client can be authenticated
only through 802.1x.
Note: If the switch exceeds the limit of one hundred and four (104) 802.1x
users, each interface can authenticate one additional voice client. (The
limit of 104 clients can include MAB clients.) For example, even if the
switch already supports 104 clients, each interface can still
authenticate one additional IP phone.
• Guest VLAN ID. Specify the VLAN ID for the guest VLAN. The range is from 0 to
4093. The default value is 0. Enter 0 to reset the guest VLAN ID on the interface. The
guest VLAN allows the port to provide a distinguished service to unauthenticated
users, after three authentication failures. This feature provides a mechanism to allow
users access to hosts on the guest VLAN.
• Unauthenticated VLAN ID. Specify the VLAN ID of the unauthenticated VLAN for the
selected port. The range is from 0 to 3965. The default value is 0. Hosts that fail the
authentication might be denied access to the network or placed on a VLAN created
for unauthenticated clients. This VLAN might be configured with limited network
access.
• Periodic Reauthentication. To allow periodic reauthentication of the supplicant for
the specified port, select Enable
• Reauthentication Period Type. If you enable period authentication, select the type
of reauthentication:
- Server. The reauthentication time-out value from the server is used. This is the
default setting. The server’s session time-out and session termination settings are
used by the authenticator to reauthenticate a supplicant on the interface. An
example of a server is a RADIUS server.
- User. You must enter the time-out value in the Reauthentication Period field.
• Reauthentication Period. If you enable period authentication and you select User as
the reauthentication period type, specify the time in seconds after which
reauthentication of the supplicant occurs. The reauthentication period must be a value
in the range from 1 to 65535 seconds. The default value is 3600 seconds.
• Max ReAuth Requests. Specify the maximum number of reauthentication requests
for the port.
• Quiet Period. Specify the time in seconds that the port remains in the quiet state
following a failed authentication exchange. While in the quite state, the port does not
attempt to acquire a supplicant.