1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FSM7328S
    5. /
  5. 45
Page 221 / 400 Scroll up to view Page 216 - 220
User Manual for the NETGEAR 7300S Series Layer 3 Managed Switch Software
Security Commands
9-15
202-10088-01, March 2005
Reauthentication Enabled
Indicates if reauthentication is enabled on this port.
Possible values are
‘True” or “False”.
Key Transmission Enabled
Indicates if the key is transmitted to the supplicant for the specified port.
Possible values are True or False.
Control Direction
Indicates the control direction for the specified port or ports.
Possible values are
both or in.
If the optional parameter 'statistics
<
slot/port
>
' is used, the dot1x statistics for the specified port
are displayed.
Port
The interface whose statistics are displayed.
EAPOL Frames Received
The number of valid EAPOL frames of any type that have been received by
this authenticator.
EAPOL Frames Transmitted
The number of EAPOL frames of any type that have been transmitted by
this authenticator.
EAPOL Start Frames Received
The number of EAPOL start frames that have been received by this
authenticator.
EAPOL Logoff Frames Received
The number of EAPOL logoff frames that have been received by
this authenticator.
Last EAPOL Frame Version
The protocol version number carried in the most recently received
EAPOL frame.
Last EAPOL Frame Source
The source MAC address carried in the most recently received EAPOL
frame.
EAP Response/Id Frames Received
The number of EAP response/identity frames that have been
received by this authenticator.
EAP Response Frames Received
The number of valid EAP response frames (other than resp/id
frames) that have been received by this authenticator.
EAP Request/Id Frames Transmitted
The number of EAP request/identity frames that have been
transmitted by this authenticator.
EAP Request Frames Transmitted
The number of EAP request frames (other than request/identity
frames) that have been transmitted by this authenticator.
Invalid EAPOL Frames Received
The number of EAPOL frames that have been received by this
authenticator in which the frame type is not recognized.
EAP Length Error Frames Received
The number of EAPOL frames that have been received by
this authenticator in which the frame type is not recognized.
Page 222 / 400
User Manual for the NETGEAR 7300S Series Layer 3 Managed Switch Software
9-16
Security Commands
202-10088-01, March 2005
show dot1x users
This command displays 802.1x port security user information for locally configured users.
Format
show dot1x users
<
slot/port
>
Mode
Privileged EXEC
User
Users configured locally to have access to the specified port.
show users authentication
This command displays all user and all authentication login information. It also displays the
authentication login list assigned to the default user.
Format
show users authentication
Mode
Privileged EXEC
User
This field lists every user that has an authentication login list assigned.
System Login
This field displays the authentication login list assigned to the user for system
login.
802.1x Port Security
This field displays the authentication login list assigned to the user for 802.1x
port security.
users defaultlogin
This command assigns the authentication login list to use for non-configured users when
attempting to log in to the system. This setting is overridden by the authentication login list
assigned to a specific user if the user is configured locally. If this value is not configured, users will
be authenticated using local authentication only.
Format
users defaultlogin
<listname>
Mode
Global Config
users login
This command assigns the specified authentication login list to the specified user for system login.
The <
user>
must be a configured <
user>
and the <
listname>
must be a configured login list.
If the user is assigned a login list that requires remote authentication, all access to the interface
from all CLI, web, and telnet sessions will be blocked until the authentication is complete.
Page 223 / 400
User Manual for the NETGEAR 7300S Series Layer 3 Managed Switch Software
Security Commands
9-17
202-10088-01, March 2005
Note that the login list associated with the ‘admin’ user can not be changed to prevent accidental
lockout from the switch.
Format
users login
<user> <listname>
Mode
Global Config
Remote Authentication Dial In User Service (RADIUS)
Commands
This section provides a detailed explanation of the RADIUS commands. The commands are
divided into the following groups:
Configuration commands are used to configure features and options of the switch. For every
configuration command there is a show command that will display the configuration setting.
Show commands are used to display switch settings, statistics and other information.
radius accounting mode
This command is used to enable the RADIUS accounting function.
Default
disabled
Format
radius accounting mode
Mode
Global Config
no radius accounting mode
This command is used to set the RADIUS accounting function to the default value - i.e. the
RADIUS accounting function is disabled.
Format
no radius accounting mode
Mode
Global Config
radius server host
This command is used to configure the RADIUS authentication and accounting server.
Page 224 / 400
User Manual for the NETGEAR 7300S Series Layer 3 Managed Switch Software
9-18
Security Commands
202-10088-01, March 2005
If the 'auth' token is used, the command configures the IP address to use to connect to a RADIUS
authentication server. Up to 3 servers can be configured per RADIUS client. If the maximum
number of configured servers is reached, the command will fail until one of the servers is removed
by executing the no form of the command. If the optional <port> parameter is used, the command
will configure the UDP port number to use to connect to the configured RADIUS server. In order
to configure the UDP port number, the IP address must match that of a previously configured
RADIUS authentication server. The port number must lie between 1 - 65535, with 1812 being the
default value.
If the 'acct' token is used, the command configures the IP address to use for the RADIUS
accounting server. Only a single accounting server can be configured. If an accounting server is
currently configured, it must be removed from the configuration using the no form of the
command before this command succeeds. If the optional <port> parameter is used, the command
will configure the UDP port to use to connect to the RADIUS accounting server. The IP address
specified must match that of a previously configured accounting server. If a port is already
configured for the accounting server then the new port will replace the previously configured
value. The port must be a value in the range 1 - 65535, with 1813 being the default value.
Format
radius server host {auth | acct} <ipaddr> [<port>]
Mode
Global Config
no radius server host
This command is used to remove the configured RADIUS authentication server or the RADIUS
accounting server. If the 'auth' token is used, the previously configured RADIUS authentication
server is removed from the configuration. Similarly, if the 'acct' token is used, the previously
configured RADIUS accounting server is removed from the configuration. The <ipaddr>
parameter must match the IP address of the previously configured RADIUS authentication /
accounting server.
Format
no radius server host {auth | acct} <ipaddress>
Mode
Global Config
Page 225 / 400
User Manual for the NETGEAR 7300S Series Layer 3 Managed Switch Software
Security Commands
9-19
202-10088-01, March 2005
radius server key
This command is used to configure the shared secret between the RADIUS client and the RADIUS
accounting / authentication server. Depending on whether the 'auth' or 'acct' token is used, the
shared secret will be configured for the RADIUS authentication or RADIUS accounting server.
The IP address provided must match a previously configured server. When this command is
executed, the secret will be prompted. The secret must be an alphanumeric value not exceeding 20
characters.
Format
radius server key {auth | acct} <ipaddr>
Mode
Global Config
radius server msgauth
This command enables the message authenticator attribute for a specified server.
Default
radius server msgauth
<ipaddr>
Mode
Global Config
radius server primary
This command is used to configure the primary RADIUS authentication server for this RADIUS
client. The primary server is the one that is used by default for handling RADIUS requests. The
remaining configured servers are only used if the primary server cannot be reached. A maximum
of three servers can be configured on each client. Only one of these servers can be configured as
the primary. If a primary server is already configured prior to this command being executed, the
server specified by the IP address specified used in this command will become the new primary
server. The IP address must match that of a previously configured RADIUS authentication server.
Format
radius server primary
<ipaddr>
Mode
Global Config
radius server retransmit
This command sets the maximum number of times a request packet is re-transmitted when no
response is received from the RADIUS server. The retries value is an integer in the range of 1 to
15.
Default
10

Rate

4.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top