Chapter 4: Web configuration
NS3562-8P-2S-V2 Industrial Managed Switch User Manual
213
The page includes the following fields:
Object
Description
Rate Limiter ID
The rate limiter ID for the settings contained in the same row.
Rate (pps)
The allowed values are:
0-3276700
in pps or
0, 100, 200, 300, ..., 1000000
in kbps.
Unit
Specify the rate unit. The allowed values are:
pps
: packets per second.
kbps
: Kbits per second.
All
means all ports will have one specific setting.
Buttons
• Click
Save
to save changes.
• Click
Reset
to undo any changes made locally and revert to previously saved
values.
Authentication
This section describes user access and management control for the industrial managed
switch, including user access and management control. The following main topics are
covered:
• IEEE 802.1X port-based network access control
• MAC-based authentication
• User authentication
Overview of 802.1X (port-based) authentication
In 802.1X, the user is called the supplicant, the switch is the authenticator, and the
RADIUS server is the authentication server. The switch acts as the man-in-the-middle,
forwarding requests and responses between the supplicant and the authentication
server. Frames sent between the supplicant and the switch are special 802.1X EAPOL
(EAP Over LANs) frames. EAPOL frames encapsulate EAP PDUs (RFC3748). Frames
sent between the switch and the RADIUS server are RADIUS packets. RADIUS
packets also encapsulate EAP PDUs together with other attributes like the switch's IP
address, name, and the supplicant's port number on the switch. EAP is very flexible in
that it allows for different authentication methods like MD5-Challenge, PEAP, and TLS.
The authenticator (switch) doesn't need to know which authentication method the
supplicant and the authentication server are using, or how many information exchange
frames are needed for a particular method. The switch simply encapsulates the EAP
part of the frame into the relevant type (EAPOL or RADIUS) and forwards it.
When authentication is complete, the RADIUS server sends a special packet containing
a success or failure indication. Besides forwarding this decision to the supplicant, the
switch uses it to open up or block traffic on the switch port connected to the supplicant.