Netgear XS728T – ProSAFE® 10 Gigabit Smart Managed Switch Guia Do Administrador
Security
124
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch
3.
Click Apply to update the switch with the new settings.
Port Authentication
In port-based authentication mode, when 802.1x is enabled globally and on the port,
successful authentication of any one supplicant attached to the port results in all users being
able to use the port without restrictions (unless Dynamic VLAN Assignment is enabled on
port, in which case is the user is authenticated individually). At any given time, only one
supplicant is allowed to attempt authentication on a port in this mode. Ports in this mode are
under bidirectional control. This mode is the default authentication mode.
successful authentication of any one supplicant attached to the port results in all users being
able to use the port without restrictions (unless Dynamic VLAN Assignment is enabled on
port, in which case is the user is authenticated individually). At any given time, only one
supplicant is allowed to attempt authentication on a port in this mode. Ports in this mode are
under bidirectional control. This mode is the default authentication mode.
The 802.1x network has three components:
•
Authenticators. Specify the port that is authenticated before permitting system access.
•
Supplicants. Specify the host connected to the authenticated port requesting access to
the system services.
the system services.
•
Authentication Server. Specify the external server, for example, the RADIUS server that
performs the authentication on behalf of the authenticator, and indicates whether the user
is authorized to access system services.
is authorized to access system services.
From the Port Authentication menu, you can access features described in the following
sections:
sections:
•
•
•
•
802.1x Configuration
Use the 802.1x Configuration screen to enable or disable port access control on the system,
to enable, or disable the Guest VLAN (which allows unauthenticated users to have limited
access to the network resources) and to enable or disable the forwarding of EAPoL frames
when 802.1x is disabled on the device.
to enable, or disable the Guest VLAN (which allows unauthenticated users to have limited
access to the network resources) and to enable or disable the forwarding of EAPoL frames
when 802.1x is disabled on the device.
To configure global 802.1x settings:
1.
Select Security > Port Authentication > Basic > 802.1x Configuration.
2.
Next to the Port Based Authentication State, select the radio button to enable or disable
802.1x administrative mode on the switch.
•
Enable. Port-based authentication is permitted on the switch.
•
Disable. The switch does not check for 802.1x authentication before allowing traffic
on any ports, even if the ports are configured to allow only authenticated users.
on any ports, even if the ports are configured to allow only authenticated users.
3.
Select the radio button in the Guest VLAN field to enable or disable Guest VLAN and
have untagged incoming frames go to the Guest VLAN.
4.
If you enable the guest VLAN, select the Guest VLAN ID.