Configuration Examples
335
S350 Series 8-Port Gigabit Ethernet Smart Managed Pro Switch Models GS308T and GS310TP
802.1X Example Configuration
This example shows how to configure the switch so that 802.1X-based authentication is
required on the ports in a corporate conference room (1/0/5–1/0/8). These ports are available
to visitors and must be authenticated before access is granted to the network. The
authentication is handled by an external RADIUS server. When the visitor is successfully
authenticated, traffic is automatically assigned to the guest VLAN. This example assumes
that a VLAN was configured with a VLAN ID of 150 and VLAN name of Guest.
1. On the Port Authentication page, select ports 1/0/5, 1/0/6, 1/0/7, and 1/0/8.
2. From the Port Control menu, select Unauthorized.
The selection from the Port Control menu for all other ports on which authentication is
not needed must be Authorized. When the selection from the Port Control menu is
Authorized, the port is unconditionally put in a force-authorized state and does not
require any authentication. When the selection from the Port Control menu is Auto, the
authenticator PAE sets the controlled port mode.
3. In the Guest VLAN field for ports 1/0/5–1/0/8, enter 150 to assign these ports to the guest
VLAN.
You can configure additional settings to control access to the network through the ports.
See
Configure a Port Security Interface on page 241 for information about the settings.
4. Click the Apply button.
5. On the 802.1X Configuration page, set the port based authentication state and guest VLAN
mode to Enable, and then the Apply button. (See
Configure the Global Port Security Mode
on page 240.)
This example uses the default values for the port authentication settings, but you can
configure several additional settings. For example, the EAPOL Flood Mode field allows
you to enable the forwarding of EAPoL frames when 802.1X is disabled on the device.
6. On the RADIUS Server Configuration page, configure a RADIUS server with the following
settings:
• Server Address. 192.168.10.23
• Secret Configured. Yes
• Secret. secret123
• Active. Primary
For more information, see Manage the RADIUS Settings on page 198.
7. Click the Add button.
8. On the Authentication List page, configure the default list to use RADIUS as the first
authentication method. (See
Configure Authentication Lists on page 210.)
This example enables 802.1X-based port security on the switch and prompts the hosts
connected on ports g5-g8 for an 802.1X-based authentication. The switch passes the
authentication information to the configured RADIUS server.
To Next Page
Loading...
Need help?
General
