User's Manual
Table Of Contents
- 8-Port Multi-Gigabit Smart Managed Pro Switch with Two 10G Ports
- Contents
- 1 Get Started
- 2 Configure System Information
- View and Configure the Switch Management Settings
- View or Define System Information and View Software Versions
- View the System CPU Status
- View USB Device Information
- Configure the IPv4 Address for the Network Interface and Management VLAN
- Configure the IPv6 Address for the Network Interface
- View the IPv6 Network Neighbor
- Configure the Time Settings
- Configure DNS Settings
- Configure Green Ethernet Settings
- Use the Device View
- Configure Power over Ethernet
- Configure SNMP
- Configure LLDP
- Configure DHCP Snooping
- Set Up PoE Timer Schedules
- View and Configure the Switch Management Settings
- 3 Configure Switching
- Configure Port Settings and Flow Control
- Configure Link Aggregation Groups
- Configure VLANs
- Configure VLAN Settings
- Configure VLAN Membership
- View VLAN Status
- Configure Port PVID Settings
- Configure MAC-Based VLAN Groups
- Manually Add Members to or Remove Them From a MAC-Based VLAN Group
- Configure Protocol-Based VLAN Groups
- Manually Add Members to or Remove Them From a Protocol-Based VLAN Group
- Configure GARP Switch Settings
- Configure GARP Ports
- Configure a Voice VLAN
- Configure Auto-VoIP
- Configure Spanning Tree Protocol
- Configure Multicast
- View the MFDB Table
- View the MFDB Statistics
- Configure Auto-Video
- IGMP Snooping Overview
- Configure the Global IGMP Snooping Settings
- View the IGMP Snooping Table
- Configure IGMP Snooping for VLANs
- Modify IGMP Snooping Settings for a VLAN
- Disable IGMP Snooping on a VLAN and Remove It From the Table
- IGMP Snooping Querier Overview
- Configure IGMP Snooping Querier
- Configure IGMP Snooping Querier for VLANs
- Display the IGMP Snooping Querier for VLAN Status
- MLD Snooping Overview
- Configure the Global MLD Snooping Settings
- Configure MLD Snooping for a VLAN
- View, Search, and Manage the MAC Address Table
- 4 Configure Routing
- IP Routing Overview
- Configure IP Settings
- Configure VLAN Routing
- Manage IPv4 Routes
- Configure Address Resolution Protocol
- Configure IPv6
- Configure IPv6 Global Settings
- Add a Static IPv6 Route
- Change the Preference for a Static IPv6 Route
- Remove a Static IPv6 Route
- View the IPv6 Route Table
- Configure IPv6 VLAN Interface Settings
- Add an IPv6 Global Address to an IPv6 VLAN
- Change the Settings for an IPv6 Global Address on an IPv6 VLAN
- Remove an IPv6 Global Address From an IPv6 VLAN
- Add an IPv6 Prefix for Advertisement on an IPv6 VLAN
- Change the Settings for an IPv6 Prefix for Advertisement on an IPv6 VLAN
- Remove an IPv6 Prefix From an IPv6 VLAN
- View IPv6 Statistics for an Interface
- View or Clear the IPv6 Neighbor Table
- 5 Configure Quality of Service
- 6 Manage Device Security
- Management Security Settings
- Configure Management Access
- Configure Port Authentication
- Set Up Traffic Control
- Configure Access Control Lists
- Use the ACL Wizard to Create a Simple ACL
- Configure a Basic MAC ACL
- Configure MAC ACL Rules
- Configure MAC Bindings
- View or Delete MAC ACL Bindings in the MAC Binding Table
- Configure an IP ACL
- Configure Rules for a Basic IP ACL
- Configure Rules for an Extended IP ACL
- Configure an IPv6 ACL
- Configure IPv6 Rules
- Configure IP ACL Interface Bindings
- View or Delete IP ACL Bindings in the IP ACL Binding Table
- 7 Monitor the System
- 8 Maintain the Switch and Perform Troubleshooting
- A Configuration Examples
- B Hardware Specifications and Default Settings
Smart Managed Pro Switches MS510TX and MS510TXPP
Manage Device Security User Manual243
Configure Port Authentication
With port-based authentication, when 802.1X is enabled globally and on the port, successful
authentication of any one supplicant attached to the port results in all users being able to use
the port without restrictions (unless dynamic VLAN assignment is enabled on port, in which
case user authentication occurs individually). At any time, only one supplicant is allowed to
attempt authentication on a port in this mode. Ports in this mode are under bidirectional
control. This is the default authentication mode.
An 802.1X network includes three components:
• Authenticators. The port that is authenticated before system access is permitted.
• Supplicants. The host connected to the authenticated port requesting access to the
system services.
• Authentication Server. The external server, for example, the RADIUS server that
performs the authentication on behalf of the authenticator, and indicates whether the user
is authorized to access system services.
From the Security > Management Security > Port Authentication menu, you can access
the pages that are described in the following sections:
• Configure Global 802.1X Settings on page 243
• Manage Port Authentication on page 245
• View the Port Summary on page 247
• View the Client Summary on page 249
Configure Global 802.1X Settings
You can configure global 802.1X port access control settings on the switch by enabling port
access control on the switch, enabling the guest VLAN (which allows unauthenticated users
to gain temporary and limited access to network resources), and enabling the forwarding of
EAPoL frames if 802.1x is disabled on the switch.
To configure the global 802.1X settings:
1. Connect your computer to the same network as the switch.
You can use a WiFi or wired connection to connect your computer to the network, or
connect directly to a switch that is off-network using an Ethernet cable.
2. Launch a web browser.
3. In the address field of your web browser, enter the IP address of the switch.
If you do not know the IP address of the switch, see Access the Switch on page 14.
The login window opens.
4. Enter the switch’s password in the Password field.