Netgear GSM7228PS - ProSAFE 28 ports Gigabit Ethernet L2 Managed Stackable Switch with PoE Guía De Administador
Chapter 14. Security Management
|
249
ProSafe 7000 Managed Switch Release 8.0.3
•
After a port is in an authorized state, if any client initiates dot1x authentication, the port
clears authenticated clients’ states, and in the process clears the VLAN assigned to the
port (if any). Then the port continues with the new client authentication and authorization
process.
port (if any). Then the port continues with the new client authentication and authorization
process.
•
When a client authenticates itself initially on the network, the switch acts as the
authenticator to the clients on the network and forwards the authentication request to the
RADIUS server in the network.
RADIUS server in the network.
For use in VLAN assignment, the following tunnel attributes are used:
•
Tunnel-Type = VLAN (13)
•
Tunnel-Medium-Type = 802
•
Tunnel-Private-Group-ID = VLANID where VLANID is 12 bits, with a value between 1 and
4094.
192.168.0.1
RADIUS
server
RADIUS
server
192.168.0.3
Host
Host
1/0/6
1/0/5
1/0/5
192.168.0.5
Switch
Switch
vlan2000
Host 1/0/12
Figure 28. VLAN assignment using RADIUS
In the previous figure, the switch has placed the host in the VLAN (vlan2000) based on the
user details of the clients.
user details of the clients.
The configureation on a RADIUS server for a user logged in as admin is:
•
Tunnel-Type = VLAN (13)
•
Tunnel-Medium-Type = 802
•
Tunnel-Private-Group-ID = 2000
CLI: Assign VLANS Using RADIUS
1.
(Netgear Switch) #network protocol none
Changing protocol mode will reset ip configuration.
Are you sure you want to continue? (y/n) y
(Netgear Switch) #network parms 192.168.0.5 255.255.255.0
(Netgear Switch) #vlan database
(Netgear Switch) (Vlan)#vlan 2000
(Netgear Switch) #exit
Create VLAN 2000.