Security
HMG-838PT & HMG-838EPT Web Configuration 5-25
frames. In MAC-based authentication, the switch acts as the supplicant on behalf of clients. The initial
frame (any kind of frame) sent by a client is snooped by the switch, which in turn uses the client's MAC
address as both username and password in the subsequent EAP exchange with the RADIUS server. The
6-byte MAC address is converted to a string on the following form "xx-xx-xx-xx-xx-xx", that is, a dash (-) is
used as separator between the lower-cased hexadecimal digits. The switch only supports the
MD5-Challenge authentication method, so the RADIUS server must be configured accordingly.
RADIUS-Assigned QoS Enabled: Select the checkbox to enable RADIUS-Assigned QoS on a port.
Radius-Assigned VLAN Enabled: Select the checkbox to enable RADIUS-Assigned VLAN on a port.
Guest VLAN Enabled: Select the checkbox to enable Guest VLAN on a port.
Port State: Display the current state of the port from 802.1X authentication point of view. The possible states are
as follows:
Globally Disabled: 802.1X and MAC-based authentication are globally disabled.
Link Down: 802.1X and MAC-based authentication are enabled but there is no link on a port.
Authorized: The port is forced in authorized mode and the supplicant is successfully authorized.
Unauthorized: The port is forced in unauthorized mode and the supplicant is not successfully authorized by
the RADIUS server.
X Auth/Y Unauth: The port is in a multi-supplicant mode. X clients are authorized and Y are unauthorized.
Restart: Restart client authentication using one of the methods described below. Note that the restart buttons are
only enabled when the switch’s authentication mode is globally enabled (under System Configuration) and the
port's Admin State is an EAPOL-based or MACBased mode. Clicking these buttons will not cause settings
changed on the page to take effect.
Reauthenticate: Schedules re-authentication to whenever the quiet-period of the port runs out
(EAPOL-based authentication). For MAC-based authentication, re-authentication will be attempted
immediately. The button only has effect for successfully authenticated clients on the port and will not cause
the clients to get temporarily unauthorized.
Reinitialize: This forces the re-initialization of the clients on the port and thereby a re-authentication
immediately. The clients will transfer to the unauthorized state while the re-authentication is in progress.
5-2.2.2 Switch Status
Network Access Server Switch Status:
Port: The port number. Click a port to view the detailed NAS statistics.
Admin State: Display the port’s current administrative state.
Port Status: Display the port state.
Last Source: The source MAC address carried in the most recently received EAPOL frame for EAPOL-based
authentication.