Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
The IEEE 802.1X standard authentication uses the RADIUS (Remote Authentication Dial in User Service) protocol to validate users and provide a security standard for network access control. The user that wishes to be authenticated is called a supplicant. The actual server doing the authentication, typically a RADIUS server, is called the authentication server. The mediating device, such as a switch, is called the authenticator. Clients connected to a port on the switch must be authenticated by the Authentication server (RADIUS) before accessing any services offered by the switch on the LAN. Use a RADIUS server to authenticate users trying to access a network by relaying Extensible Authentication Protocol over LAN (EAPOL) packets between the client and server. This establishes the requirements needed for a protocol between the authenticator (the system that passes an authentication request to the authentication server) and the supplicant (the system that requests authentication), as well as between the authenticator and the authentication server.
RADIUS proxy servers are used for centralized administration. Remote Authentication Dial in User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for users that connect and use a network service for greater convenience. RADIUS is a server protocol that runs in the application layer, using UDP as transport. The Network switch with port-based authentication and all have a RADIUS client component that communicates with the RADIUS server. Clients connected to a port on the switch must be authenticated by the Authentication server before accessing services offered by the switch on the LAN. Use a RADIUS server to authenticate users trying to access a network by relaying Extensible Authentication Protocol over LAN (EAPOL) packets between the client and server. The RADIUS server maintains a user database, which contains authentication information. The switch passes information to the configured RADIUS server, which can authenticate a username and password before authorizing use of the network.
Port Isolation feature provides L2 isolation between ports within the same broadcast domain. When enabled, Isolated ports can forward traffic to Not Isolated ports, but not to other Isolated ports. Not Isolated ports can send traffic to any port whether Isolated or Not Isolated. The default setting is Not Isolated.
Click Apply to update the system settings.
Network security can be increased by limiting access on a specific port to users with specific MAC addresses. Port Security prevents unauthorized devices to the switch prior to stopping the auto-learning processing.
Click Apply to update the system settings.
HTTP(S) Settings
The EnGenius Switch provides a built-in browser interface that enables you to configure and manage the switch via Hypertext Transfer Protocol (HTTP) and Hypertext Transfer Protocol Secure (HTTPS) requests selectively to help prevent security breaches on the network. You can manage your HTTP and HTTPS settings for the switch further by choosing the length of session timeouts for HTTP and HTTPS requests. Select whether to enable or disable the HTTP service and enter the HTTP Timeout session. Next, select whether to enable or disable the HTTPS service and enter the HTTPS timeout session for the switch.
Click Apply to update the system settings.
From here, you can configure and manage the switch's Telnet protocol settings. The Telnet protocol is a standard Internet protocol which enables terminals and applications to interface over the Internet with remote hosts by providing Command Line Interface (CLI) communication using a virtual terminal connection. This protocol provides the basic rules for making it possible to link a client to a command interpreter. The Telnet service for the switch is enabled by default. Please note that for secure communication, it is better to use SSH over Telnet. To enable and configure SSH settings, please refer to SSH settings on the next page.
Click Apply to update the system settings.
Secure Shell (SSH) is a cryptographic network protocol for secure data communication network services. SSH is a way of accessing the command line interface on the network switch. The traffic is encrypted, so it is difficult to eavesdrop as it creates a secure connection within an insecure network such as the Internet. Even if an attacker were able to view the traffic, the data would be incomprehensible without the correct encryption key to decode it.
To configure SSH settings for the switch, first select whether you wish to enable or disable the SSH service for the switch. Note that SSH is more secure than the Telnet service when
deciding which service to use. Enter the session timeout you wish to implement for SSH. Next, enter the History Count number you wish. The default count is: 128. Enter the number of passwords requests to be sent across SSH. The default attempts are: 3. Finally, enter the silent time you wish to implement for the SSH service.
Click Apply to update the system settings.
From here, you can configure the Console service settings for the switch.
Click Apply to update the system settings.
When a supplicant is connected to a switch port, the port issues an 802.1X authentication request to the attached the 802.1X supplicant. The supplicant replies with the given username and password, and an authentication request is then passed to a configured RADIUS server. The authentication server's user database supports Extended Authentication Protocol (EAP), which allows particular guest VLAN memberships to be defined based on each individual user. After authorization, the port connected to the authenticated supplicant then becomes a member of the specified guest VLAN. When the supplicant is successfully authenticated, traffic is automatically assigned to the guest VLAN. The EAP authentication methods supported by the switch are EAP-MD5, EAPTLS, EAP-TTLS, and EAP-PEAP.
Click Apply to update the system settings.
The IEEE 802.1X port-based authentication provides a security standard for network access control with RADIUS servers and holds a network port disconnected until authentication is completed. With 802.1X port-based authentication, the supplicant provides the required credentials, such as username, password, or digital certificate to the authenticator, and the authenticator forwards the credentials to the authentication server for verification to the guest VLAN. If the authentication server determines the credentials are valid, the supplicant is allowed to access resources located on the protected side of the network.
From here, you can configure the port settings as they relate to 802.1X. First, select the mode you wish to utilize from the drop-down box. Next, choose whether to enable or disable re-authentication for the port. Enter the time span that you wish to elapse for the re-authentication Period, Quiet Period, and Supplicant Period. After this, enter the max number of times you wish for the switch to retransmit the EAP request. Finally, choose whether you wish to enable or disable the VLAN ID.
Click Apply to update the system settings.
The Authenticated Host section displays the Authenticated Username, Port, Session Time, Authenticated Method, and Mac Address.
Click the Apply button to accept the changes or the Cancel button to discard them.
Items
Descriptions
Telnet Service
Select whether the Telnet service is Enabled or Disabled. It is enabled by default.
Session Timeout
Enter the amount of time that elapses before the Telnet service is timed out. The default is 5 minutes. The range is from 0 to 65535 minutes.
History Count
Enter the entry number for history of Telnet service. The default is 128. The range is from 0 to 256.
Password Retry Count
Enter the number of password requests send to Telnet service. The default is 3. The range is from 0 to 120.
Silent Time
Enter the silent time for Telnet service. The range is from 0 to 65535 seconds.
Items
Descriptions
SSH Service
Select whether the SSH service is Enabled or Disabled. It is disabled by default.
Session Timeout
Enter the amount of time that elapses before the SSH Service is timed out. The default is 5 minutes. The range is from 0-65535 minutes.
History Count
Enter the entry number for history of SSH service. The default is 128. The range is from 0 to 256.
Password Retry Count
Enter the number of password requests send to SSH service. The default is 3. The range is from 0 to 120.
Silent Time
Enter the silent time for SSH service. The range is from 0 to 65535 seconds.
Items
Descriptions
Session Timeout
Enter the amount of time that elapses before Console service is timed out. The default is 5 minutes. The range is from 0 to 65535 minutes.
History Count
Enter the entry number for the history of Console service. The default is 128. The range is from 0 to 256.
Password Retry Count
Enter the number of password requests to send to the Console service. The default is 3. The range is from 0 to 120.
Silent Time
Enter the silent time for Console service. The range is from 0 to 65535 seconds.
Items
Descriptions
Port
Displays the ports for which the 802.1X information is displayed.
Mode
Select Auto or Force_UnAuthorized or Force_Authorized mode from the list.
Re-Authentication
Select whether port re-authentication is Enabled or Disabled.
Re-authentication period
Enter the time span in which the selected port is re-authenticated. The default is 3600 seconds.
Quiet Period
Enter the number of the device that remains in the quiet state following a failed authentication exchange. The default is 60 seconds.
Supplicant Period
Enter the amount of time that lapses before an EAP request is resent to the supplicant. The default is 30 seconds.
Max Retry
Enter the maximum number of times that the switch retransmits an EAP request to the client before it times out the authentication session. The default is 2 times.
Guest VLAN ID
Select whether guest VLAN ID is Enabled or Disabled.
Items
Description
Index
Displays the index for which RADIUS server is displayed.
Server IP
Enter the RADIUS server IP address.
Authorized Port
Enter the authorized port number. The default port is 1812.
Accounting Port
Enter the name you wish to use to identify this switch.
Key String
Enter the key string used for encrypting all RADIUS communication between the device and the RADIUS server.
Timeout Reply
Enter the amount of time the device waits for an answer from the RADIUS server before switching to the next server. The default value is 3.
Retry
Enter the number of transmitted requests sent to the RADIUS server before a failure occurs. The default is 3.
Server Priority
Enter the priority for the RADIUS server.
Dead Timeout
Enter the amount of time that the RADIUS server is bypassed for service requests. The default value is 0.
Port
Displays the port for which the port security is defined.
State
Select Enabled or Disabled for the port security feature for the selected port.
Max MAC Address
Enter the maximum number of MAC addresses that can be learned on the port. The range is from 1 to 256.
Items
Descriptions
HTTP Service
Select whether HTTP service for the switch is Enabled or Disabled. This is enabled by default.
HTTP Session Timeout
Enter the amount of time that elapses before HTTP is timed out. The default is 5 minutes. The range is from 0 to 86400 minutes.
HTTPS Service
Select whether the HTTP service is Enabled or Disabled. This is disabled by default.
HTTPS Session Timeout
Enter the amount of time that elapses before HTTPS is timed out. The default is 5 minutes. The range is from 0 to 86400 minutes.
Items
Descriptions
State
Select whether authentication is Enabled or Disabled on the switch.
Guest VLAN
Select whether Guest VLAN is Enabled or Disabled on the switch. The default is Disabled.
Guest VLAN ID
Select the guest VLAN ID from the list of currently defined VLANs.
DoS (Denial of Service) is used for classifying and blocking specific types of DoS attacks. From here, you can configure the switch to monitor and block different types of attacks.
On this page, the user can enable or disable the prevention of different types of DoS attacks. When enabled, the switch will drop the packets matching the types of DoS attack detected.
Click Apply to update the system settings.
From here you can configure the Port Settings for DoS for the switch. Select from the drop-down list whether you wish to enable or disable DoS protection for the switch.
Click Apply to update the system settings.
Descriptions
Port
Displays the port for which the DoS protection is defined.
DoS Protection
Select Enabled or Disabled for the DoS protection feature for the selected port.
