Cisco Systems SRW248G4P User Manual
Chapter
Configuring the Switch
48-Port 10/100 + 4-Port Ggabt Swtch wth WebVew and Power over Ethernet
TACACS Server Setting
The Switch provides Terminal Access Controller Access
Control System (TACACS+) client support . TACACS+
provides centralized security for validation of users
accessing the device . TACACS+ provides a centralized user
management system, while still retaining consistency with
RADIUS and other authentication processes . The TACACS+
protocol ensures network integrity through encrypted
protocol exchanges between the device and TACACS+
server .
Control System (TACACS+) client support . TACACS+
provides centralized security for validation of users
accessing the device . TACACS+ provides a centralized user
management system, while still retaining consistency with
RADIUS and other authentication processes . The TACACS+
protocol ensures network integrity through encrypted
protocol exchanges between the device and TACACS+
server .
Server IP Address
Enter the TACACS+ Server IP address .
Server Port Number (1-)
Defines the port number
through which the TACACS+ session occurs . The default
port is 49 .
port is 49 .
Secret Key Strng
Defines the authentication and
encryption key for TACACS+ server . The key must match
the encryption key used on the TACACS+ server .
the encryption key used on the TACACS+ server .
Security > 802.1x Settings
Security > 802 .1x Settings
Network switches can provide open and easy access
to network resources by simply attaching a client PC .
Although this automatic configuration and access is a
desirable feature, it also allows unauthorized personnel
to easily intrude and possibly gain access to sensitive
network data .
to network resources by simply attaching a client PC .
Although this automatic configuration and access is a
desirable feature, it also allows unauthorized personnel
to easily intrude and possibly gain access to sensitive
network data .
The IEEE 802 .1X (dot1X) standard defines a port-based
access control procedure that prevents unauthorized
access to a network by requiring users to first submit
credentials for authentication . Access to all switch ports in
a network can be centrally controlled from a server, which
means that authorized users can use the same credentials
for authentication from any point within the network .
access control procedure that prevents unauthorized
access to a network by requiring users to first submit
credentials for authentication . Access to all switch ports in
a network can be centrally controlled from a server, which
means that authorized users can use the same credentials
for authentication from any point within the network .
This Switch uses the Extensible Authentication Protocol
over LANs (EAPOL) to exchange authentication protocol
messages with the client, and a remote RADIUS
authentication server to verify user identity and access
rights . When a client connects to a switch port, the Switch
responds with an EAPOL identity request . The client
provides its identity (such as a user name) in an EAPOL
response to the Switch, which it forwards to the RADIUS
server . The RADIUS server verifies the client identity and
sends an access challenge back to the client . The EAP packet
from the RADIUS server contains not only the challenge,
but the authentication method to be used . The client can
reject the authentication method and request another,
depending on the configuration of the client software
and the RADIUS server . The authentication method must
be MD5 . The client responds to the appropriate method
with its credentials, such as a password or certificate .
The RADIUS server verifies the client credentials and
responds with an accept or reject packet . If authentication
is successful, the Switch allows the client to access the
network . Otherwise, network access is denied and the
port remains blocked .
over LANs (EAPOL) to exchange authentication protocol
messages with the client, and a remote RADIUS
authentication server to verify user identity and access
rights . When a client connects to a switch port, the Switch
responds with an EAPOL identity request . The client
provides its identity (such as a user name) in an EAPOL
response to the Switch, which it forwards to the RADIUS
server . The RADIUS server verifies the client identity and
sends an access challenge back to the client . The EAP packet
from the RADIUS server contains not only the challenge,
but the authentication method to be used . The client can
reject the authentication method and request another,
depending on the configuration of the client software
and the RADIUS server . The authentication method must
be MD5 . The client responds to the appropriate method
with its credentials, such as a password or certificate .
The RADIUS server verifies the client credentials and
responds with an accept or reject packet . If authentication
is successful, the Switch allows the client to access the
network . Otherwise, network access is denied and the
port remains blocked .
The operation of 802 .1X on the Switch requires the
following:
following:
The Switch must have an IP address assigned .
RADIUS authentication must be enabled on the Switch
and the IP address of the RADIUS server specified .
and the IP address of the RADIUS server specified .
802 .1X must be enabled globally for the Switch .
Each Switch port that will be used must be set to dot1X
“Auto” mode .
“Auto” mode .
Each client that needs to be authenticated must
have dot1X client software installed and properly
configured .
have dot1X client software installed and properly
configured .
The RADIUS server and 802 .1X client support EAP . (The
Switch only supports EAPOL in order to pass the EAP
packets from the server to the client .)
Switch only supports EAPOL in order to pass the EAP
packets from the server to the client .)
The RADIUS server and client also have to support the
same EAP authentication type – MD5 . (Some clients
have native support in Windows, otherwise the dot1x
client must support it .)
same EAP authentication type – MD5 . (Some clients
have native support in Windows, otherwise the dot1x
client must support it .)
To enable 802 .1X System Authentication Control, select
the RADIUS option .
the RADIUS option .
When 802 .1X is enabled, you need to configure the
parameters for the authentication process that runs
between the client and the Switch, as well as the client
identity lookup process that runs between the Switch and
authentication server . These parameters are described in
this section .
parameters for the authentication process that runs
between the client and the Switch, as well as the client
identity lookup process that runs between the Switch and
authentication server . These parameters are described in
this section .
•
•
•
•
•
•
•