Netgear XCM8810 - 8800 SERIES 10-SLOT CHASSIS SWITCH ユーザーズマニュアル

The RADIUS server used for authentication must be EAP-capable. Consider the following 
when choosing a RADIUS server: 

Types of authentication methods supported on RADIUS, as mentioned previously.

Need to support VSAs. Parameters such as 

Netgear-Netlogin-Vlan-Name

 (destination 

vlan for port movement after authentication) and 

Netgear-NetLogin-Only

 (authorization 

for network login only) are brought back as VSAs.

Need to support both EAP and traditional user name-password authentication. These are 

used by network login and switch console login respectively.

For information on how to use and configure your RADIUS server, 

see 

on page 475 and the 

documentation that came with your RADIUS server. 

Enabling and Disabling 802.1x Network Login

To enable 802.1x network login on the switch, use the following command:

enable netlogin

 dot1x 

Any combination of types of authentication can be enabled on the same switch. At least one 
of the authentication types must be specified on the CLI. 

To disable 802.1x network login on the switch, use the following command:

disable netlogin

 dot1x 

To enable 802.1x network login on one or more ports, use the following command:

enable netlogin ports

 <portlist> dot1x

Network Login must be disabled on a port before you can delete a VLAN that contains that 
port. To disable 802.1x network login on one or more ports, use the following command:

disable netlogin ports

 <portlist> dot1x

You can set a reauthentication maximum counter value to indicate the number number of 
reauthentication trials after which the supplicant is denied access or given limited access. To 
configure the reauthentication counter values, use the following command:

configure netlogin dot1x timers

 

To unconfigure the reauthentication counter values, use the following command:

unconfigure netlogin dot1x guest-vlan