H3c-technologies H3C S5120 Series Switches User Manual Page 390
- Page / 745
- Table of contents
- TROUBLESHOOTING
- BOOKMARKS
Rated. / 5. Based on customer reviews
1-12
Similar to a guest VLAN, an Auth-Fail VLAN can be a port-based Auth-Fail VLAN (PAFV) or a
MAC-based Auth-Fail VLAN (MAFV), depending on the port access control method.
Currently, on the switch, An Auth-Fail VLAN can be only a port-based Auth-Fail VLAN (PAFV).
PAFV refers to the Auth-Fail VLAN configured on a port that uses the port-based access control method.
With PAFV configured on a port, if a user on the port fails authentication, the port will be added to the
Auth-Fail VLAN and all users accessing the port will be authorized to access the resources in the
Auth-Fail VLAN. The device adds a PAFV-configured port into the Auth-Fail VLAN according to the
port’s link type in the similar way as described in VLAN assignment
.
If a user of a port in the Auth-Fail VLAN initiates authentication but fails the authentication, the port stays
in the Auth-Fail VLAN. If the user passes the authentication successfully, the port leaves the Auth-Fail
VLAN, and:
z If the authentication server assigns a VLAN, the port joins the assigned VLAN. After the user goes
offline, the port returns to its initial VLAN, that is, the VLAN the port was in before it was added to
any authorized VLAN.
z If the authentication server assigns no VLAN, the port returns to its initial VLAN. After the client
goes offline, the port still stays in its initial VLAN.
ACL assignment
ACLs provide a way of controlling access to network resources and defining access rights. When a user
logs on through a port, and the RADIUS server is configured with authorization ACLs, the device will
permit or deny data flows traversing through the port according to the authorization ACLs. Before
specifying authorization ACLs on the server, you need to configure the ACL rules on the device. You
can change the access rights of users by modifying authorization ACL settings on the RADIUS server or
changing the corresponding ACL rules on the device.
Mandatory authentication domain for a specified port
The mandatory authentication domain function provides a security control mechanism for 802.1X
access. With a mandatory authentication domain specified for a port, the system uses the mandatory
authentication domain for authentication, authorization, and accounting of all 802.1X users on the port.
In this way, users accessing the port cannot use any account in other domains.
Meanwhile, for EAP relay mode 802.1X authentication that uses certificates, the certificate of a user
determines the authentication domain of the user. However, you can specify different mandatory
authentication domains for different ports even if the user certificates are from the same certificate
authority (that is, the user domain names are the same). This allows you to deploy 802.1X access
policies flexibly.
802.1X Configuration Task List
Complete the following tasks to configure 802.1X:
Task Remarks
802.1X Basic Configuration Required
Enabling the Online User Handshake Function Optional
Enabling the Multicast Trigger Function Optional
Specifying a Mandatory Authentication Domain for a Port Optional
- Configuration Guide 1
- All Rights Reserved 2
- Trademarks 2
- Preface 3
- 1 About This Document 4
- Conventions 8
- 2 Documentation Guide 9
- Technical Support 10
- Documentation Feedback 10
- 3 Product Features 11
- Distribution Layer Switches 12
- Access Switches 12
- S9500/S7500E 13
- S5120-SI 13
- Core/Aggregation 13
- 1 CLI Configuration 15
- Entering CLI Through Telnet 20
- Command Conventions 21
- CLI View Description 22
- Command View Reference 23
- Login command views 24
- Tips on Using the CLI 28
- Typing and Editing Commands 29
- Undo Form of a Command 31
- Controlling CLI Display 31
- Saving Configurations 34
- Supported User Interfaces 37
- User Interface Number 37
- Common Configuration 42
- Password 47
- Logging In Through SSH 66
- Management System 67
- Displaying Web Users 68
- 5 Logging In Through NMS 70
- Packets 72
- 7 Controlling Login Users 73
- [Sysname] ip http acl 2030 80
- Ethernet Port Configuration 82
- Configuring a Port Group 86
- Configuration 95
- Null Interface 96
- Operational key 100
- Configuration classes 100
- Reference port 101
- LACP protocol 101
- Link aggregation modes 102
- Selecting a reference port 103
- Configuration Guidelines 106
- Network requirements 110
- Configuration procedure 110
- Table of Contents 115
- Port Isolation Configuration 116
- Networking requirements 117
- Port Mirroring Configuration 120
- 1 LLDP Configuration 125
- LLDPDUs 127
- How LLDP Works 129
- LLDP Configuration Task List 130
- Enabling LLDP 131
- Enabling LLDP Polling 132
- Configuration Prerequisites 135
- Configuring LLDP Trapping 136
- LLDP Configuration Examples 137
- LLDP status on Switch A 139
- 3) Verify the configuration 141
- 1 VLAN Configuration 143
- VLAN Fundamentals 144
- Types of VLAN 145
- Port link type 147
- Default VLAN 147
- interface vlan-interface 151
- [ vlan-interface-id ] 151
- [ interface-type 151
- VLAN Configuration Example 152
- Verification 153
- 2 Voice VLAN Configuration 154
- Voice VLAN Assignment Modes 155
- Configuring a Voice VLAN 158
- 1 MSTP Configuration 166
- Basic Concepts in STP 167
- How STP works 168
- STP timers 173
- Introduction to RSTP 174
- Introduction to MSTP 174
- Basic Concepts in MSTP 175
- Common root bridge 177
- Boundary port 177
- Roles of ports 177
- Port states 178
- How MSTP Works 179
- MSTP Configuration Task List 180
- Configuring MSTP 181
- Configuring Timers of MSTP 185
- Configuration example 190
- Configuring Port Priority 191
- Enabling the MSTP Feature 193
- Performing mCheck 194
- Configuration Procedure 195
- Configuration Example 195
- Configuring Digest Snooping 196
- GE1/0/2 GE1/0/2 198
- Configuration prerequisites 200
- Enabling BPDU guard 200
- Enabling Root guard 201
- Enabling Loop guard 202
- Enabling TC-BPDU guard 203
- MSTP Configuration Example 204
- Figure 1-13 207
- IP Addressing Configuration 210
- Special IP Addresses 211
- Subnetting and Masking 211
- Configuring IP Addresses 212
- Directly Connected Network 215
- Configuring TCP Attributes 216
- 1 ARP Configuration 222
- ARP Operation 223
- Configuring ARP 224
- Enabling the ARP Entry Check 226
- ARP Configuration Example 226
- Configuring Gratuitous ARP 227
- Introduction 229
- Configuring ARP Detection 231
- Man-in-the-middle attack 232
- ARP detection mechanism 232
- Application Environment 241
- Fundamentals 241
- Enabling DHCP 243
- Prerequisites 247
- Symptom 251
- Analysis 251
- Solution 251
- 2 DHCP Client Configuration 252
- DHCP Snooping Configuration 254
- Untrusted Untrusted 255
- BOOTP Client Configuration 262
- Through BOOTP 263
- Network requirement 264
- 1 FTP Configuration 266
- Configuring the FTP Client 267
- Configuring the FTP Server 273
- 2 TFTP Configuration 278
- Configuring the TFTP Client 279
- IP Routing and Routing Table 284
- Static Routing Configuration 288
- Configuring a Static Route 289
- 1 Multicast Overview 295
- Broadcast 296
- Multicast 297
- Features of Multicast 298
- Advantages of multicast 299
- Applications of multicast 299
- Multicast Models 300
- Multicast Architecture 300
- Multicast Addresses 301
- Multicast Protocols 303
- Layer 2 multicast protocols 304
- IGMP Snooping Configuration 306
- GE1/0/1 GE1/0/2 307
- How IGMP Snooping Works 308
- IGMP Snooping Proxying 310
- Protocols and Standards 311
- Enabling IGMP Snooping 312
- Configuring Static Ports 315
- Multicast VLAN Configuration 338
- Configuring Multicast VLAN 339
- Network requirements 342
- Network diagram 343
- 1 QoS Overview 348
- QoS Techniques Overview 349
- 2 QoS Policy Configuration 350
- Defining a Traffic Behavior 352
- Defining a Policy 352
- Applying the QoS Policy 353
- Priority Mapping Overview 355
- Priority Mapping Tables 356
- Priority Mapping Procedure 356
- Configuring Priority Mapping 357
- 4 Line Rate Configuration 361
- <Sysname> system-view 362
- SP queuing 364
- WRR queuing 364
- Configuring SP Queuing 366
- Configure WRR Queuing 367
- Configuring SP+WRR Queuing 368
- Traffic Filtering Overview 370
- Traffic Redirecting Overview 373
- 8 Appendix 374
- 802.1p Priority 376
- 1 802.1X Configuration 379
- Basic Concepts of 802.1X 380
- EAP over LAN 381
- EAP Packet Format 382
- EAP over RADIUS 383
- EAP relay 384
- EAP termination 386
- 802.1X Access Control Method 387
- 802.1X Timers 387
- VLAN assignment 388
- Guest VLAN 389
- Auth-Fail VLAN 389
- ACL assignment 390
- 802.1X Basic Configuration 391
- Enabling 802.1X for a port 392
- Enabling the Quiet Timer 394
- Configuring a Guest VLAN 395
- 802.1X Configuration Example 397
- Internet 400
- 1 AAA Configuration 407
- Introduction to RADIUS 408
- RADIUS Packet Format 410
- AAA Configuration Task List 414
- Configuring AAA 415
- [ flow ] 416
- Configuring RADIUS 424
- Creating a RADIUS Scheme 425
- 430
- AAA Configuration Examples 434
- Troubleshooting AAA 444
- 1 PKI Configuration 447
- Architecture of PKI 448
- Applications of PKI 449
- Operation of PKI 449
- PKI Configuration Task List 450
- Configuring an Entity DN 450
- Configuring a PKI Domain 452
- Deleting a Certificate 457
- PKI Configuration Examples 459
- Troubleshooting PKI 467
- Failed to Retrieve CRLs 468
- 1 SSL Configuration 470
- SSL Protocol Stack 471
- SSL Configuration Task List 472
- Troubleshooting SSL 476
- 1 SSH2.0 Configuration 479
- Version negotiation 480
- Authentication 481
- Session request 482
- Interaction 482
- Configuring an SSH User 485
- 192.168.0.2/24 490
- Vlan-int1 490
- 192.168.0.1/24 490
- 2 SFTP Service 501
- Configuring an SFTP Client 502
- Working with SFTP Files 504
- Displaying Help Information 504
- 1 Public Key Configuration 512
- 2) Configure Device B 517
- 1 HABP Configuration 522
- Configuring HABP 523
- HABP Configuration Example 524
- 1 ACL Configuration 527
- ACL Classification 528
- ACL Numbering and Naming 528
- Match Order 528
- ACL Rule Numbering Step 529
- ACL Configuration Task List 530
- Configuring an ACL 531
- Configuring an Advanced ACL 533
- Copying an ACL 535
- ACL Configuration Examples 537
- 1 Device Management 539
- Rebooting a Device 540
- Upgrading Device Software 542
- 1 NTP Configuration 550
- Advantages of NTP 551
- How NTP Works 551
- NTP Message Format 552
- Operation Modes of NTP 554
- Broadcast mode 555
- Multicast mode 555
- NTP Configuration Task List 556
- NTP Configuration Examples 565
- Root delay: 31.00 ms 571
- delay disper 571
- 1 SNMP Configuration 577
- SNMP Protocol Version 578
- MIB Overview 578
- SNMP Configuration 579
- Configuring SNMP Logging 581
- Configuring SNMP Trap 582
- Configuring Trap Parameters 583
- SNMPv3 Configuration Example 586
- 2 MIB Style Configuration 589
- 1 RMON Configuration 591
- Working Mechanism 592
- RMON Groups 592
- Private alarm group 593
- History group 593
- Ethernet statistics group 593
- 1 File System Management 602
- Directory Operations 603
- File Operations 604
- Copying a File 605
- Moving a File 605
- Deleting a File 605
- Batch Operations 606
- Storage Medium Operations 606
- Checking files 607
- <Sysname> cd 609
- <Sysname> pwd 609
- Configuration File Overview 610
- Configuration Task List 613
- Configuring Ping 620
- Ping Configuration Example 621
- Tracert 623
- System Debugging 624
- Configuring System Debugging 625
- 1 Basic Configurations 628
- Configuring the Device Name 629
- Configuring the System Clock 629
- Displaying the system clock 630
- " is in 632
- Configuring a Banner 633
- Configuring CLI Hotkeys 634
- Modifying command level 641
- Information Center Overview 644
- System Information Format 648
- Overview 665
- Mac address aging time: 500s 671
- Cluster Management Overview 673
- How a Cluster Works 674
- Introduction to NDP 675
- Introduction to NTDP 675
- DisconnectConnect 676
- Management VLAN 677
- Configuring NDP Parameters 679
- Configuring NTDP Parameters 680
- Establishing a Cluster 681
- Devices Within a Cluster 683
- Cluster Member Management 684
- Member Devices 685
- 1 HTTP Configuration 695
- Enabling the HTTP Service 696
- HTTP Configuration Example 697
- 2 HTTPS Configuration 699
- Enabling the HTTPS Service 700
- Control Policy 701
- HTTPS Configuration Example 702
- 1 Stack Configuration 707
- Establishing a Stack 708
- Configuring Stack Ports 709
- Creating a Stack 709
- Stack Configuration Example 710
- 1 PoE Configuration 714
- PoE Configuration Task List 715
- Enabling PoE 716
- Detecting PDs 717
- Configuring the PoE Power 718
- Monitoring PD 720
- Configuring PoE Profile 720
- Applying PoE Profile 721
- PoE Configuration Example 722
- Troubleshooting PoE 724
- IP Source Guard Overview 726
Related products and manuals for Routers H3c-technologies H3C S5120 Series Switches
(13 pages)
Routers H3c-technologies H3C SR8800 User Manual
(431 pages)
(431 pages)
Routers H3c-technologies H3C SR8800 User Manual
(410 pages)
(410 pages)
Routers H3c-technologies H3C SR8800 User Manual
(149 pages)
(149 pages)
Routers H3c-technologies H3C SR8800 User Manual
(135 pages)
(135 pages)
Routers H3c-technologies H3C SR8800 User Manual
(210 pages)
(210 pages)
© 2020, manymanuals.com. All rights reserved. | 2.348 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals