Netgear M5300-28G-POE+ (GSM7228PSv1h2) - 12-Port Managed Gigabit Switch Ratgeber Für Administratoren
Chapter 15. Security Management
|
271
ProSafe Managed Switch
802.1x Port Security
This section describes how to configure the 802.1x port security feature on a switch port.
IEEE
IEEE
802.1x authentication prevents unauthorized clients from connecting to a VLAN unless
these clients are authorized by the server. 802.1x port security prevent unauthorized clients
from connecting to a VLAN. It can be configured on a per-port basis.
from connecting to a VLAN. It can be configured on a per-port basis.
Figure 29. Using 802.1x port security
The following example shows how to authenticate the dot1x users by a RADIUS server. The
management IP address is 10.100.5.33/24. The example is shown as CLI commands and as
a Web interface procedure.
management IP address is 10.100.5.33/24. The example is shown as CLI commands and as
a Web interface procedure.
CLI: Authenticating dot1x Users by a RADIUS Server
1.
Assign an IP address to 1/0/19, and set force authorized mode to this port, and create a
user name list dot1xList.
(Netgear Switch) #config
(Netgear Switch) (Config)#ip routing
(Netgear Switch) (Config)#interface 1/0/1
(Netgear Switch) (Interface 1/0/1)#routing
(Netgear Switch) (Interface 1/0/1)#ip address 192.168.1.1 255.255.255.0
(Netgear Switch) (Config)#dot1x system-auth-control
(Netgear Switch) (Config)#interface 1/0/19
(Netgear Switch) (Interface 1/0/19)#routing
(Netgear Switch) (Interface 1/0/19)#ip address 10.100.5.33 255.255.255.0
(Netgear Switch) (Interface 1/0/19)#dot1x port-control force-authorized
PC 1
PC 2
Layer 2
switch
RADIUS
server