NETGEAR M4350-24F4V 24-Port 10G SFP+ Managed AV Network Switch User Manual
Page 694
is allowed from all VMs hosted by the VM controller. Note that if the data client
is authenticated first, the voice client can be authenticated only using 802.1x.
10. From the MAB menu, select to enable or disable MAC-based authentication bypass
(MAB) for 802.1x unaware clients.
MAB functions only if the port control mode is MAC-based. The default selection is
Disable.
11. From the MAB Auth Type menu, select a MAB authentication option:
•
EAP-MD5: The MD5 hash of the MAC address is sent as the password in the EAP
message (Radius Attribute 79) to the authentication server.
•
PAP: The MAC address of the client is sent as the password, similar to the format
of Attribute 1, in clear text as part of the User-Password message (Radius Attribute
2).
•
CHAP: A randomly generated 16-octet challenge is sent as the CHAP-Challenge
message (Radius Attribute 60) along with the CHAP-Password message (Radius
Attribute 3). The CHAP ID is a unique number that is used to identify the session.
The MAC address of the client is retrieved and formatted using the configured
Attribute 1 format. Then, this information is used as a secret to derive the
information for the CHAP-Password message. The information for the
CHAP-Password message is calculated as MD5 (with the CHAP-ID, secret, and
CHAP-Challenge).
12. In the Quiet Period field, enter the period in seconds during which the interface
does not attempt to acquire a supplicant after an earlier authentication exchange
failed.
Enter a value in the range from 0 to 65535. A quiet period of 0 means that the
interface does not acquire a supplicant at all. The default is 60 seconds.
13. In the Transmit Period field, enter the period in seconds after which the interface
sends an EAPOL EAP Request/Identity frame to the supplicant.
Enter a value in the range from 0 to 65535. The default is 30 seconds.
14. In the GuestVLAN ID field, enter the ID of the guest VLAN.
Enter a value in the range from 0 to 4093. The default is 0.
15. In the Unauthenticated VLAN ID field, enter the ID for the unauthenticated VLAN
ID
A user is allowed three attempts to enter the correct credentials. Otherwise, the
client is placed in the unauthenticated VLAN. Enter a value in the range from 0 to
4093. The default is 0.
16. In the Max ReAuth Requests field, enter the maximum number of reauthentication
requests that are allowed.
Enter a value in the range from 1 to 20. The default value is 2.
Main User Manual
694
Manage Switch Security
Fully Managed Switches M4350 Series Main User Manual