1. Home
    2. /
  2. Manuals
    3. /
  3. Linksys
    4. /
  4. SRW2024P
    5. /
  5. 12
Page 56 / 110 Scroll up to view Page 51 - 55
47
Chapter 5: Using the Web-based Utility for Configuration
Security Tab - ACL Binding
24-Port 10/100/1000 Gigabit Switch with Webview and PoE
Dest. MAC Address.
Matches the destination MAC address to which packets are addressed to the ACE.
Wildcard Mask.
Defines the destination IP address wildcard mask.
VLAN ID.
Matches the packet’s VLAN ID to the ACE. The possible field values are 2 to 4094.
Ethernet Type.
Specifies the packet’s Ethernet type. This option can only be used to filter Ethernet II formatted
packets. (Range: 0-65535) A detailed listing of Ethernet protocol types can be found in RFC 1060. A few of the
more common types include 0800 (IP), 0806 (ARP), 8137 (IPX)
The
Add to List
button adds the configured MAC Based ACLs to the MAC Based ACL Table at the bottom of the
screen.
To remove an ACL rule, select an ACL rule from the table and click
Remove
. When all rules are removed from the
ACL the ACL is also removed.
Security Tab - ACL Binding
After configuring Access Control Lists (ACL), you should bind them to the ports that need to filter traffic. You can
assign one IP or MAC access list to any port.
You must configure a mask for an ACL rule before you can bind it to a port.
This Switch only supports ACLs for ingress filtering. You can only bind one IP or one MAC ACL to any port, for
ingress filtering.
Mark the Enable checkbox for the port you want to bind to an ACL. Select the required ACL from the drop-down
menu.
Port
. Fixed port or SFP module. (Range: 1-24).
IP
(Input). Specifies the IP Access List to enable for a port.
MAC
(Input). Specifies the MAC Access List to enable globally.
Click
Save Settings
to save the changes.
Figure 5-27: Security - ACL Binding
Downloaded from
www.Manualslib.com
manuals search engine
Page 57 / 110
48
Chapter 5: Using the Web-based Utility for Configuration
Security Tab - Authentication Servers
24-Port 10/100/1000 Gigabit Switch with Webview and PoE
Security Tab - Authentication Servers
Remote Authorization Dial-In User Service (RADIUS) servers provide additional security for networks. RADIUS
servers provide a centralized authentication method for web access.
This Switch uses the Extensible Authentication Protocol over LANs (EAPOL) to exchange authentication protocol
messages with the client, and a remote RADIUS authentication server to verify user identity and access rights.
When a client (i.e., Supplicant) connects to a switch port, the Switch (i.e., Authenticator) responds with an EAPOL
identity request. The client provides its identity (such as a user name) in an EAPOL response to the Switch, which
it forwards to the RADIUS server. The RADIUS server verifies the client identity and sends an access challenge
back to the client. The EAP packet from the RADIUS server contains not only the challenge, but the authentication
method to be used. The client can reject the authentication method and request another, depending on the
configuration of the client software and the RADIUS server. The authentication method must be MD5. The client
responds to the appropriate method with its credentials, such as a password or certificate. The RADIUS server
verifies the client credentials and responds with an accept or reject packet. If authentication is successful, the
Switch allows the client to access the network. Otherwise, network access is denied and the port remains
blocked.
RADIUS Server Setting
. Index, Server IP Address, Server Port Number (1-65535), Secret Key Screen, Number of
Retries (1-30), Timeout for Reply (1-65535 sec).
TACACS Server Setting
. Index, Server IP Address, Server Port Number (1-65535), Secret Key Screen.
Click
Save Settings
to save the changes.
Figure 5-28: Security - Athentication Servers
Downloaded from
www.Manualslib.com
manuals search engine
Page 58 / 110
49
Chapter 5: Using the Web-based Utility for Configuration
Security Tab - 802.1x Settings
24-Port 10/100/1000 Gigabit Switch with Webview and PoE
Security Tab - 802.1x Settings
Port based authentication enables authenticating system users on a per-port basis via an external server. Only
authenticated and approved system users can transmit and receive data. Ports are authenticated via the RADIUS
server using the Extensible Authentication Protocol (EAP).
The IEEE 802.1X (dot1X) standard defines a port-based access control procedure that prevents unauthorized
access to a network by requiring users to first submit credentials for authentication. Access to all switch ports in
a network can be centrally controlled from a server, which means that authorized users can use the same
credentials for authentication from any point within the network
The operation of 802.1X on the Switch requires the following:
The Switch must have an IP address assigned.
RADIUS authentication must be enabled on the Switch and the IP address of the RADIUS server specified.
802.1X must be enabled globally for the Switch.
Each Switch port that will be used must be set to dot1X “Auto” mode.
Each client that needs to be authenticated must have dot1X client software installed and properly configured.
The RADIUS server and 802.1X client support EAP. (The Switch only supports EAPOL in order to pass the EAP
packets from the server to the client.)
The RADIUS server and client also have to support the same EAP authentication type – MD5. (Some clients
have native support in Windows, otherwise the dot1x client must support it.)
To enable 802.1X System Authentication Control, select
Radius
.
When 802.1X is enabled, you need to configure the parameters for the authentication process that runs between
the client and the Switch (that is, authenticator), as well as the client identity lookup process that runs between
the Switch and authentication server. These parameters are described in this section.
Operation Mode. Allows single or multiple hosts (clients) to connect to an 802.1X-authorized port. (Options:
Single-Host, Multi-Host; Default: Single-Host)
Maximum Count. The maximum number of hosts that can connect to a port when the Multi-Host operation mode
is selected. (Range: 1-1024; Default: 5)
Mode. Sets the authentication mode to one of the following options:
Figure 5-29: Security - 802.1x Settings
Downloaded from
www.Manualslib.com
manuals search engine
Page 59 / 110
50
Chapter 5: Using the Web-based Utility for Configuration
Security Tab - 802.1x Settings
24-Port 10/100/1000 Gigabit Switch with Webview and PoE
Auto – Requires a dot1x-aware client to be authorized by the authentication server. Clients that are not dot1x-
aware will be denied access.
Force-Authorized – Forces the port to grant access to all clients, either dot1x-aware or otherwise. (This is the
default setting.)
Force-Unauthorized – Forces the port to deny access to all clients, either dot1x-aware or otherwise.
Authorized. Indicates the current status of the port:
Yes – A connected client is authorized.
No – No connected clients are authorized.
Blank – Displays nothing when there is no connection on a port.
Supplicant
. Indicates the MAC address of a connected client.
Modify the parameters required using the drop-down menus and fields provided for each port, then click
Detail
to configure the 802.1X settings for that port.
The 802.1x Port Settings screen allows configuration of the following parameters:
Reauthentication
. To reauthenticate a client, select Enabled.
Maximum Request
. Sets the maximum number of times the switch port will retransmit an EAP request packet to
the client before it times out the authentication session. (Range: 1-10; Default 2)
Quiet Period
. Sets the time that a switch port waits after the Max Request Count has been exceeded before
attempting to acquire a new client. (Range: 1-65535 seconds; Default: 60 seconds)
Reauthentication Period
. Sets the time period after which a connected client must be re-authenticated. (Range:
1-65535 seconds; Default: 3600 seconds)
Transmit Period
. Sets the time period during an authentication session that the Switch waits before re-
transmitting an EAP packet. (Range: 1-65535; Default: 30 seconds)
Click
Save Settings
to apply the changes.
Enable 802.1x
. Select this to enable 802.1x authentication.
Port.
Indicates the port name.
Figure 5-1: Security - 802.1x Settings - Port Settings
Downloaded from
www.Manualslib.com
manuals search engine
Page 60 / 110
51
Chapter 5: Using the Web-based Utility for Configuration
Security Tab - Ports Security
24-Port 10/100/1000 Gigabit Switch with Webview and PoE
Status Port Control.
Specifies the port authorization state. The possible field values are as follows:
Force-Authorized.
The controlled port state is set to Force-Authorized (forward traffic).
Force-Unauthorized.
The controlled port state is set to Force-Unauthorized (discard traffic).
Enable Periodic Reauthentication.
Permits immediate port reauthentication.
The
Setting Timer
button opens the Setting Timer screen to configure ports for 802.1x functionality.
Security Tab - Ports Security
Port security is a feature that allows you to configure a switch port with one or more device MAC addresses that
are authorized to access the network through that port. When port security is enabled on a port, the Switch stops
learning new MAC addresses on the specified port when it has reached a configured maximum number. Only
incoming traffic with source addresses already stored in the dynamic or static address table will be accepted as
authorized to access the network through that port. If a device with an unauthorized MAC address attempts to
use the switch port, the intrusion will be detected and the Switch can automatically take action by disabling the
port and sending a trap message.
To use port security, specify a maximum number of addresses to allow on the port and then let the Switch
dynamically learn the <source MAC address, VLAN> pair for frames received on the port. When the port has
reached the maximum number of MAC addresses the selected port will stop learning. The MAC addresses already
in the address table will be retained and will not age out. Any other device that attempts to use the port will be
prevented from accessing the Switch.
Set the action to take when an invalid address is detected on a port, select
Security Status
to enable security for
a port, set the maximum number of MAC addresses allowed on a port.
Action.
Indicates the Port Security action. Possible field values are:
Click
Save Changes
to save the changes.
Figure 5-30: Security - Ports Security
Downloaded from
www.Manualslib.com
manuals search engine

Rate

4 / 5 based on 1 vote.

Popular Linksys Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top