beautypg.com

PLANET WGSW-20160HP User Manual

Page 234

background image

User’s Manual of WGSW-20160HP

this setting. The value can only be changed if the Guest VLAN option is globally

enabled.

Valid values are in the range [1; 255].

Allow Guest VLAN if

EAPOL Seen

The switch remembers if an EAPOL frame has been received on the port for the

life-time of the port. Once the switch considers whether to enter the Guest VLAN,

it will first check if this option is enabled or disabled. If disabled (unchecked;

default), the switch will only enter the Guest VLAN if an EAPOL frame has not

been received on the port for the life-time of the port. If enabled (checked), the

switch will consider entering the Guest VLAN even if an EAPOL frame has been

received on the port for the life-time of the port.

The value can only be changed if the Guest VLAN option is globally enabled.

Port Configuration

The table has one row for each port on the selected switch in the stack and a number of columns, which are:

Object

Description

The port number for which the configuration below applies.

Port

Admin State

If NAS is globally enabled, this selection controls the port's authentication mode.

The following modes are available:

Force Authorized

In this mode, the switch will send one EAPOL Success frame when the port link

comes up, and any client on the port will be allowed network access without

authentication.

Force Unauthorized

In this mode, the switch will send one EAPOL Failure frame when the port link

comes up, and any client on the port will be disallowed network access.

Port-based 802.1X

In the 802.1X-world, the user is called the supplicant, the switch is the

authenticator, and the RADIUS server is the authentication server. The

authenticator acts as the man-in-the-middle, forwarding requests and responses

between the supplicant and the authentication server. Frames sent between the

supplicant and the switch are special 802.1X frames, known as EAPOL (EAP

Over LANs) frames. EAPOL frames encapsulate EAP PDUs (RFC3748). Frames

sent between the switch and the RADIUS server are RADIUS packets. RADIUS

packets also encapsulate EAP PDUs together with other attributes like the

234