NETGEAR GS108Tv3 Router Manual PDF (Setup & Configuration Guide)

Page 81 / 140 Scroll up to view Page 76 - 80

GS108T Smart Switch Software Administration Manual

Configuring QoS and Security

5-9

v1.0, December 2007

3.

Perform one of the following actions:

To add a RADIUS server:

a.

Define all fields that are listed in

step 2

.

b.

Click

Add

.

To delete a RADIUS server:

a.

Select the check box to the left of the host IP address of the RADIUS server that you want

to remove.

b.

Click

Delete

.

To change the authentication fields of a RADIUS server:

a.

Select the check box to the left of the host IP address of the RADIUS server for which you

want to make changes.

b.

Make changes to the authentication fields.

c.

Click

Apply

.

Authentication Type

The Authentication Type screen lets you specify the order in which authentication is performed:

1.

Select Security > Management Security > Authentication Type. A screen similar to the

following displays.

Figure 5-7

Page 82 / 140

GS108T Smart Switch Software Administration Manual

5-10

Configuring QoS and Security

v1.0, December 2007

2.

Select the authentication type from the drop-down list. The possible field values are:

•

Local

. Specifies that authentication occurs locally.

•

RADIUS

. Specifies that authentication occurs at the RADIUS server.

•

RADIUS. None

. Specifies that no authentication type is applied. A user is allowed to log

in without any authentication.

•

RADIUS. Local

. Specifies that authentication occurs only on a local RADIUS server.

The authentication procedure shows the order in which authentication is performed. If the first

authentication type is not available, the second authentication type is used.

Example

: If

RADIUS, Local

is selected, the RADIUS server is used to authenticate a user. If

the RADIUS server is unavailable, or there is no RADIUS server on the network, then

authentication is done locally.

3.

Click

Apply

to confirm any settings changes.

Port Authentication

The Port Authentication menu lets you configure various levels of port authentication to control

network access.

Basic—802.1x Configuration

The 802.1x Configuration screen lets you configure port authentication settings and guest VLANs,

and lets you specify whether port authentication is applied to a port:

1.

Select Security > Port Authentication > Basic > 802.1x Configuration. A screen similar to the

following displays.

Page 83 / 140

GS108T Smart Switch Software Administration Manual

Configuring QoS and Security

5-11

v1.0, December 2007

.

2.

Under 802.1x Configuration, the following fields are displayed, all of which are configurable:

•

Port Based Authentication State

. Specifies whether port authentication is enabled on the

device. Select one of the following radio buttons:

–

Disable

. Specifies that port-based authentication is disabled.

–

Enable

. Specifies that port-based authentication is enabled.

•

Authentication Method

.

Specifies the authentication method that is used for port

authentication. Port authentication must be enabled to select an authentication method

from the drop-down list. The possible field values are:

–

RADIUS, None

. Specifies that port authentication occurs through the RADIUS

server. However, if the port is not authenticated, then no authentication method is

used, and the session is permitted.

Figure 5-8

Page 84 / 140

GS108T Smart Switch Software Administration Manual

5-12

Configuring QoS and Security

v1.0, December 2007

–

RADIUS

. Specifies that port authentication occurs through the RADIUS server.

–

None

. Specifies that no authentication method is used to authenticate the port.

•

Guest VLAN

: Specifies whether a guest VLAN is enabled on the device. At least one

VLAN must exist to select one of the following radio buttons:

–

Disable

. Specifies that a guest VLAN cannot be used for unauthorized ports. This is

the default value.

–

Enable

. Specifies that a guest VLAN can be used for unauthorized ports. If a guest

VLAN is enabled, the unauthorized port automatically joins the VLAN selected in the

VLAN List field.

•

VLAN List

. Specifies a VLAN. Select an existing VLAN for the guest VLAN from the

drop-down list.

•

Forward DOT1x EAPOL

. When the port-based authentication state is disabled, you can

enable or disable flooding EAPOL. Select one of the following radio buttons:

–

Disable

. Specifies that EAPOL flooding is disabled. This is the default value.

–

Enable

. Specifies that EAPOL flooding is enabled.

3.

Click

Apply

to confirm any settings changes to the 802.1x configuration.

4.

Under Port Settings, you can make changes to the port authentication setting for an individual

port, for a group of ports, or for all ports simultaneously:

•

To change the port authentication setting for an individual port, select the check box to the

left of its port number, and then select the authentication status.

•

To change the port authentication setting for a group of ports, select the check boxes to the

left of their port numbers, and then select the authentication status.

•

To change the port authentication setting for all ports simultaneously, select the check box

at the top of the column of check boxes, and then select the authentication status.

The following port authentication settings are displayed. Only the Status field is configurable:

•

Port

. Shows the port number.

•

Status

. Specifies whether port authentication is enabled or disabled for the port. The

possible field values are:

Note:

You can also enter the interface number (that is, the port number) in the

GO

TO INTERFACE

field, and then click

GO

.

Page 85 / 140

GS108T Smart Switch Software Administration Manual

Configuring QoS and Security

5-13

v1.0, December 2007

–

Disable

. Specifies that port authentication is disabled for the port. No authentication

process is required for the port; traffic can be forwarded normally. This is the default

value.

–

Enable

. Specifies that port authentication is enabled for the port. The port must be

authorized by a RADIUS server to forward traffic. No traffic is forwarded if the port is

unauthorized.

5.

Click

Apply

to confirm any settings changes to the port authentication settings.

Advanced—802.1x Configuration

The Advanced 802.1x Configuration screen is identical to the Basic 802.1x Configuration screen.

See the previous section.

Advanced—Port Authentication

The Advanced Port Authentication screen lets you configure global settings for port-based

authentication:

1.

Select Security > Port Authentication > Advanced > Port Authentication. A screen similar to

the following displays. (Because the online screen is very wide, it is divided in a left screen

and right screen in this manual.)

The following figure displays the left side of the Advanced Port Authentication screen:

Figure 5-9

Rate

Popular NETGEAR Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share