5 Configuration
D-Link Web Smart Switch User Manual
40
Security > 802.1X Settings
Network switches provide easy and open access to resources by simply attaching a client PC. Unfortunately
this automatic configuration also allows unauthorized personnel to easily intrude and possibly gain access to
sensitive data.
IEEE-802.1X provides a security standard for network access control, especially in Wi-Fi wireless networks.
802.1X holds a network port disconnected until authentication is completed. The switch uses Extensible
Authentication Protocol over LANs (EAPOL) to exchange authentication protocol client identity (such as a
user name) with the client, and forward it to another remote RADIUS authentication server to verify access
rights. The EAP packet from the RADIUS server also contains the authentication method to be used. The
client can reject the authentication method and request another, depending on the configuration of the client
software and the RADIUS server. Depending on the authenticated results, the port is either made available
to the user, or the user is denied access to the network.
The RADIUS servers make the network a lot easier to manage for the administrator by gathering and storing
the user lists.
Figure 69 – Security > 802.1X Setting
By default, 802.1X is disabled. To use EAP for security, select enabled and set the 802.1X
Global Settings
for the Radius Server and applicable authentication information.
Authentication Port:
sets primary port for security monitoring. Default is 1812.
Key:
Masked password matching the Radius Server Key.
Confirm Key:
Enter the Key a second time for confirmation.
TxPeriod:
Sets the number of seconds that the switch waits for a response to an EAP-request/identity frame
from the client before retransmitting the request. Default is 24 seconds.
ReAuthEnabled:
This enables or disables the periodic ReAuthentication control. When the 802.1X function
is enabled, the ReAuthEnabled function is by default also enabled.
QuietPeriod:
Sets the number of seconds that the switch remains in the quiet state following a failed
authentication exchange with the client. Default is 80 seconds
SuppTimeout:
Sets the switch-to-client retransmission time for the EAP-request frame. Default is 12
seconds.
ServerTimeout:
Sets the amount of time the switch waits for a response from the client before resending the
response to the authentication server. Default is 16 seconds.
MaxReq:
This parameter specifies the maximum number of times that the switch retransmits an EAP
Request packet to the client before it times out the authentication session. Default is 5 times.
ReAuthPeriod:
This command affects the behavior of the switch only if periodic re-authentication is enabled.
Default is 3600.
To establish 802.1X port-specific assignments, select the
From Ports
/
To
Ports
and select enable.