NETGEAR M4350-24F4V 24-Port 10G SFP+ Managed AV Network Switch User Manual
Page 693
•
Auto: The authenticator port access entity (PAE) sets the controlled port mode
to reflect the outcome of the authentication exchanges between the supplicant,
authenticator, and the authentication server. This is the default setting.
•
Force Authorized: The authenticator PAE unconditionally sets the controlled
port to authorized.
•
Force Unauthorized: The authenticator PAE unconditionally sets the controlled
port to unauthorized.
9. From the Host Mode menu, select an option to specify the number of clients and
the type of clients that can be authenticated and authorized on the port:
•
Single-Host: One data client only can be authenticated on the port. After
authentication succeeds, access is granted to this client only but not to other
clients. Only when this client logs off can another client be authenticated and
authorized on the port and granted access to the port.
•
Multi-Host: Initially, one data client only can be authenticated on the port. After
authentication succeeds, access is granted to all clients connected to the port.
As an example, use this option when a WiFi access point is connected to an
access-controlled port of a NAS. After the access point is authenticated by the
NAS, the port is authorized for traffic from not just the access point but also from
all the WiFi clients connected to the access point.
•
Multi-Domain: One data client and one voice client can be authenticated on the
port. After authentication succeeds, the data and voice clients are granted access.
As an example, use this option when an IP phone is connected to a NAS port and
a laptop is connected to the hub port of the IP phone. Both devices must be
authenticated to access the network services behind the NAS. The voice and data
domains are segregated. (The RADIUS server attribute Cisco-AVPair =
device-traffic-class=voice is used to identify a voice client.)
•
Multi-Auth: One voice client and multiple data clients can be authenticated on
the port. After authentication succeeds, access is granted to all clients.
As an example, use this option when a network of laptops and an IP phone are
connected to a NAS port via a hub.
•
Multi-Domain-Multi-Host: Initially, one voice client and one data client can be
authenticated on the port. After the data client is authenticated, access is granted
to all clients connected to the port and they are considered data clients.
As an example, use this option when an IP phone is connected to a NAS port and
a virtual machine (VM) controller is connected to the hub port of the IP phone.
The VM controller hosts multiple VMs. Both the VM controller and the IP phone
must be authenticated to access the network services behind the NAS. The voice
and data domains are segregated. After the VM controller is authenticated, traffic
Main User Manual
693
Manage Switch Security
Fully Managed Switches M4350 Series Main User Manual