Chapter 18 Port Authentication
GS2220 Series User’s Guide
199
The following table describes the labels in this screen.
18.5 G ue st VLAN
When 802.1x or MAC Authentication is enabled on the Switch and its ports, clients that do not have the
correct credentials are blocked from using the ports. You can configure your Switch to have one VLAN
that acts as a guest VLAN. If you enable the guest VLAN (102 in the example) on a port (2 in the
Table 82 Advanced Application > Port Authentication > MAC Authentication
LABEL DESC RIPTIO N
Active Select this check box to permit MAC authentication on the Switch.
Note: You must first enable MAC authentication on the Switch before configuring it
on each port.
Name Prefix Type the prefix that is appended to all MAC addresses sent to the RADIUS server for
authentication. You can enter up to 32 printable ASCII characters.
If you leave this field blank, then only the MAC address of the client is forwarded to the RADIUS
server.
Delimiter Select the delimiter the RADIUS server uses to separate the pairs in MAC addresses used as the
account user name (and password). You can select Da sh (–), C olon (:), or None to use no
delimiters at all in the MAC address.
Case Select the case (Up pe r or Lo we r) the RADIUS server requires for letters in MAC addresses used
as the account user name (and password).
Password Type Select Sta tic to have the Switch send the password you specify below or MAC - Addre ss to use
the client MAC address as the password.
Password Type the password the Switch sends along with the MAC address of a client for authentication
with the RADIUS server. You can enter up to 32 printable ASCII characters except [ ? ], [ | ], [ ' ],
[ " ] or [ , ].
Timeout Specify the amount of time before the Switch allows a client MAC address that fails
authentication to try and authenticate again. Maximum time is 3000 seconds.
When a client fails MAC authentication, its MAC address is learned by the MAC address table
with a status of denied. The timeout period you specify here is the time the MAC address entry
stays in the MAC address table until it is cleared. If you specify 0 for the timeout value, the
Switch uses the Ag ing Time configured in the Switc h Se tup screen.
Note: If the Ag ing Tim e in the Switc h Se tup screen is set to a lower value, then it
supersedes this setting.
Port This field displays a port number. * means all ports.
* Use this row to make the setting the same for all ports. Use this row first and then make
adjustments on a port-by-port basis.
Note: Changes in this row are copied to all the ports as soon as you make them.
Active Select this check box to permit MAC authentication on this port. You must first allow MAC
authentication on the Switch before configuring it on each port.
Trusted VLAN List Enter the ID numbers of the trusted VLANs (separated by a comma). If a client’s VLAN ID is
specified here, the client can access the port and the connected networks without MAC
authentication.
Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Sa ve link on the top navigation panel to
save your changes to the non-volatile memory when you are done configuring.
Cancel Click C a nc e l to begin configuring this screen afresh.
To Next Page
Loading...
