beautypg.com

Interlogix NS3550-8T-2S User Manual User Manual

Page 203

background image

User’s Manual of NS3550-8T-2S

203

QoS Class is enabled for that port. When unchecked, RADIUS-server assigned
QoS Class is disabled for all ports.

RADIUS-Assigned

VLAN Enabled

RADIUS-assigned VLAN provides a means to centrally control the VLAN on
which a successfully authenticated supplicant is placed on the switch. Incoming
traffic will be classified to and switched on the RADIUS-assigned VLAN. The
RADIUS server must be configured to transmit special RADIUS attributes to take
advantage of this feature (see RADIUS-Assigned VLAN Enabled below for a
detailed description).

The "RADIUS-Assigned VLAN Enabled" checkbox provides a quick way to
globally enable/disable RADIUS-server assigned VLAN functionality. When
checked, the individual ports' ditto setting determine whether RADIUS-assigned
VLAN is enabled for that port. When unchecked, RADIUS-server assigned VLAN
is disabled for all ports.

Guest VLAN Enabled

A Guest VLAN is a special VLAN - typically with limited network access - on
which 802.1X-unaware clients are placed after a network administrator-defined
timeout. The switch follows a set of rules for entering and leaving the Guest
VLAN as listed below.

The "Guest VLAN Enabled" checkbox provides a quick way to globally
enable/disable Guest VLAN functionality. When checked, the individual ports'
ditto setting determines whether the port can be moved into Guest VLAN. When
unchecked, the ability to move to the Guest VLAN is disabled for all ports.

Guest VLAN ID

This is the value that a port's Port VLAN ID is set to if a port is moved into the
Guest VLAN. It is only changeable if the Guest VLAN option is globally enabled.

Valid values are in the range [1; 4095].

Max. Reauth. Count

The number of times that the switch transmits an EAPOL Request Identity frame
without response before considering entering the Guest VLAN is adjusted with
this setting. The value can only be changed if the Guest VLAN option is globally
enabled.

Valid values are in the range [1; 255].

Allow Guest VLAN if

EAPOL Seen

The switch remembers if an EAPOL frame has been received on the port for the
life-time of the port. Once the switch considers whether to enter the Guest VLAN,
it will first check if this option is enabled or disabled. If disabled (unchecked;
default), the switch will only enter the Guest VLAN if an EAPOL frame has not
been received on the port for the life-time of the port. If enabled (checked), the
switch will consider entering the Guest VLAN even if an EAPOL frame has been
received on the port for the life-time of the port.

The value can only be changed if the Guest VLAN option is globally enabled.

Port Configuration

The table has one row for each port on the selected switch in the stack and a number of columns, which are:

Object

Description

Port

The port number for which the configuration below applies.

Admin State

The Configuration All with available options will assign to whole ports.
If NAS is globally enabled, this selection controls the port's authentication mode.
The following modes are available:

Force Authorized

In this mode, the switch will send one EAPOL Success frame when the port
link comes up, and any client on the port will be allowed network access
without authentication.

Force Unauthorized

In this mode, the switch will send one EAPOL Failure frame when the port
link comes up, and any client on the port will be disallowed network access.

Port-based 802.1X

In the 802.1X-world, the user is called the supplicant, the switch is the
authenticator, and the RADIUS server is the authentication server. The
authenticator acts as the man-in-the-middle, forwarding requests and