1. Home
  2. D-Link
  3. D-Link DIS-300G-8PSW User Manual
  4. Page 78

D-Link DIS-300G-8PSW Industrial Gigabit Managed PoE Switch with SFP slots

User Manual - Page 78

For DIS-300G-8PSW.

PDF File Manual, 335 pages, Read Online | Download pdf file

DIS-300G-8PSW photo
Loading ...
Loading ...
Loading ...
78
the port for the life-time of the port. If enabled (checked), the switch will consider
entering the Guest VLAN even if an EAPOL frame has been received on the port for
the life-time of the port.
The value can only be changed if the Guest VLAN option is globally enabled.
Port Configuration
Port The port number for which the configuration below applies.
Admin State If NAS is globally enabled, this selection controls the port's authentication mode. The
following modes are available:
Force Authorized
In this mode, the switch will send one EAPOL Success frame when the port link
comes up, and any client on the port will be allowed network access without
authentication.
Force Unauthorized
In this mode, the switch will send one EAPOL Failure frame when the port link comes
up, and any client on the port will be disallowed network access.
Port-based 802.1X
In the 802.1X-world, the user is called the supplicant, the switch is the authenticator,
and the RADIUS server is the authentication server. The authenticator acts as the
man-in-the-middle, forwarding requests and responses between the supplicant and
the authentication server. Frames sent between the supplicant and the switch are
special 802.1X frames, known as EAPOL (EAP Over LANs) frames. EAPOL frames
encapsulate EAP PDUs (RFC3748). Frames sent between the switch and the
RADIUS server are RADIUS packets. RADIUS packets also encapsulate EAP PDUs
together with other attributes like the switch's IP address, name, and the supplicant's
port number on the switch. EAP is very flexible, in that it allows for different
authentication methods, like MD5-Challenge, PEAP, and TLS. The important thing is
that the authenticator (the switch) doesn't need to know which authentication method
the supplicant and the authentication server are using, or how many information
exchange frames are needed for a particular method. The switch simply
encapsulates the EAP part of the frame into the relevant type (EAPOL or RADIUS)
and forwards it.
When authentication is complete, the RADIUS server sends a special packet
containing a success or failure indication. Besides forwarding this decision to the
supplicant, the switch uses it to open up or block traffic on the switch port connected
to the supplicant.
Loading ...
Loading ...
Loading ...