3Com OfficeConnect WX1200 Скачать руководство пользователя | Manualshive

Страница: 9 / 28

background image

Points to Note when using the WX1200 and WX4400

9

Computer authentication also requires specific con-
figuration considerations on the WX switch:

■

The username of a computer authentication con-
nection will be in the form of host/fully-quali-
fied-domain-name, for example
host/bob-laptop.3Com.com or host/tac1-lap-
top.support.3Com.com. This username is the same
regardless of the configured protocol
(PEAP-MS-CHAP-V2 or EAP-TLS). An appropriate
userglob would be host/*.domain.com where
domain.com is the Active Directory domain name.
Alternatively, in a smaller deployment you could
use a userglob of ** and have both user and com-
puter authentication go to the same RADIUS
server.

■

PEAP-MS-CHAP-V2 offload mode is not supported
with computer authentication. You must use
pass-through 802.1x authentication policies with
computer authentication.

AAA

The following table lists the AAA servers and configu-
rations that have been tested with MSS. Tests were
performed to a local user database in most cases, and
additionally to Microsoft Active Directory and LDAP
with specific protocols as noted in the table. The tests
were initially performed using Dynamic WEP, though
subsequent testing has revealed no noticeable differ-
ences in RADIUS compatibility when using WPA.

A result of Pass indicates that the combination is sup-
ported by MSS. A result of NA (Not Applicable) indi-
cates that the RADIUS server tested does not support
the feature. A result of Fail indicates that the RADIUS

server does not interoperate with MSS for that fea-
ture. A result of NT (Not Tested) indicates that the fea-
ture was not tested.

RADIUS Testing notes

Single-Sign-On is defined

as clients being able to use the same username and
password for 802.1X authentication that they use to

Configuration

RADIUS Servers Tested

Win
2000
IAS

Win
2003
IAS

Funk
Steel
Belted
Radius

Cisco
ACS

Free-
Radius
(Linux)

PEAP-MS-CHAP-
V2

Pass

Pass

Pass

Pass

Pass

PEAP-MS-CHAP-
V2 Offload

Pass

Pass

Pass

Pass

Pass

EAP-TLS

Pass

Pass

Pass

NT

Pass

EAP-TTLS

NA

NA

Pass

NA

NT

Single-Sign-On
Active Directory
&
PEAP-MS-CHAP-
V2

Pass

Pass

Pass

Pass

NA

Single-Sign-On
LDAP & EAP-TTLS

NA

NA

Pass

NT

NT

MSS VSAs

Pass

Pass

Pass

Pass

Pass

Mac-based
authentication

Pass

Pass

Pass

Pass

Pass

Microsoft Active
Directory com-
puter authentica-
tion

Pass

Pass

NA

Pass

NA

«
...
7
8
9
10
11
...
»

Содержание OfficeConnect WX1200

Страница 1: ...cting exe that you have downloaded from the 3Com Web site Points to Note when using the WX1200 and WX4400 Follow these best practice recommendations during configuration and implementation to avoid or...

Страница 2: ...le below lists the NICs that have been used successfully with MSS The majority were tested using recently available drivers using the Microsoft native 802 1X client and a Microsoft IAS RADIUS server 3...

Страница 3: ...ds that you set up a sepa rate service profile for WPA CCMP with a different SSID for compatibility If you are migrating from Dynamic WEP to WPA TKIP 3Com recommends creat ing separate service profile...

Страница 4: ...e to the client through the MAP for the duration of the 802 1X quiet period timer which defaults to 60 seconds An error mes sage indicating that a client has failed authorization appears in the WX swi...

Страница 5: ...Some drivers install this automatically if you run the setup exe utility to install the driver 3Com strongly recommends that you update the driver manually using the driver properties in the Network c...

Страница 6: ...ble WEP encryption When using dynamic WEP in Windows 2000 select static WEP 128bit and enter any static WEP key as a placeholder This temporary key configures the driver to use WEP to encrypt packets...

Страница 7: ...the current Panther client If you need to run both WPA TKIP and Dynamic WEP at the same time you must configured separate service profiles for each encryption type in order to maintain compatibility w...

Страница 8: ...KB826942 or Hotfix KB822596 Windows 2000 requires hotfix KB822596 Using PEAP MS CHAP V2 with computer authenti cation will allow users who have never logged on to a PC authenticate wirelessly without...

Страница 9: ...LDAP with specific protocols as noted in the table The tests were initially performed using Dynamic WEP though subsequent testing has revealed no noticeable differ ences in RADIUS compatibility when...

Страница 10: ...pe in this case Dynamic WEP Additionally compatibility with wireless NICs is reduced Downloading the latest drivers for your wireless NIC is strongly recommended See 802 1X Cli ents for specific infor...

Страница 11: ...rmation Security Best Practices MSS and 3WXM provide robust options for securing management access to WX switches and to the 3WXM client and 3WXM monitoring service To opti mize security for managemen...

Страница 12: ...SNMP if not already disabled use the set ip snmp server disable command To change the community strings use the set snmp community command CLI Access MSS allows CLI access through the console through...

Страница 13: ...the one where you installed the certificate signed by the CA Communication between the WX Switch and 3WXM or Web Manager Administration certificate requirement 11974 Before the WX switch can communica...

Страница 14: ...atedly disables and reenables the link caus ing STP to repeatedly stop the other device s port from forwarding traffic As a result the boot attempt is never successful To allow a MAP to boot over a li...

Страница 15: ...c For a user ACL to take effect you must explicitly set both the source and destina tion addresses in the ACL Add Authentication Rules for Last Resort Access to Any SSID Last resort authentication is...

Страница 16: ...o use these strings you will need to con figure them manually To configure an SNMP commu nity string use the set snmp community command The quickstart command prompts for time and date parameters 1817...

Страница 17: ...ng on the license WX1200 20 configured 12 active Includes directly attached MAPs and Distributed MAPs Inactive configurations are backups Minimum link speed within a Mobility Domain 128 Kbps Network P...

Страница 18: ...t 18367 MSS can tunnel traffic for a VLAN through a WX switch that does not have that VLAN statically config ured If you attempt to add a static VLAN to a switch that is already tunneling traffic for...

Страница 19: ...ed Below is an example of the error message This applies to both MX1200 and MX4400 Example Starting supervisor 3 0 3 0_110304_WX1200 SPAN Nov 05 07 01 44 073135 ERROR SPAN_VLAN_ERR span_port_change po...

Страница 20: ...port group before you add the groups ports to the VLAN then add the port group to the VLAN MAP Issues WX1200 allows configuration of ports 7 and 8 as MAP access ports 18280 Ports 7 and 8 on the WX120...

Страница 21: ...e to the additional messages sent by 802 11b g radios When the radio enters protection mode a message such as the following appears in the WX switch s log buffer MAP Jul 09 21 01 36 845822 WARNING Por...

Страница 22: ...tem IP address from 3WXM causes the switch to be unmanageable from 3WXM 18414 If you use 3WXM to change a managed switch s system name or system IP address other changes to the switch are not received...

Страница 23: ...conds with the following command set arp agingtime 1200 Logging in to SSH requires hitting Enter twice 15613 When you start an SSH session with a WX switch the switch does not display the login prompt...

Страница 24: ...rt become congested and another instance of the RADIUS server on the same machine is configured to use a different UDP port number MSS does not allow you to specify the UDP port number of a RADIUS ser...

Страница 25: ...s However the commands that con figure MAC Web and last resort network access rules accept the value This is an invalid configuration and can provide unexpected results The command for configuring 802...

Страница 26: ...tatistics output The display radius command is not documented and has no output 18233 Web AAA Issues Web AAA users receive page not found error if RADIUS is the authentication method 17752 If you use...

Страница 27: ...he ACE name that starts with abc which is not a CLI keyword is accepted WX1200 set security acl ip port_abc deny 0 0 0 0 255 255 255 255 error Wrong ACL name input port_abc WX1200 set security acl ip...

Страница 28: ...tream through a MAP stop receiving the stream if one of the clients leaves the group Do not disable IGMP snooping The feature is enabled by default Invalid IP multicast forwarded 12784 IGMP multicast...

Отзывы:

Нет отзывов

Похожие инструкции для OfficeConnect WX1200

Бренд: Gefen Страницы: 11

xStack DES-3500 Series

Бренд: D-Link Страницы: 260

DXS-3600 Series

Бренд: D-Link Страницы: 48

DXS-3400 SERIES

Бренд: D-Link Страницы: 3

Web Smart Switch DGS-1210-16

Бренд: D-Link Страницы: 71

Бренд: D-Link Страницы: 3

Бренд: D-Link Страницы: 56

xStack DES-3800 Series

Бренд: D-Link Страницы: 326

xStack DES-3526

Бренд: D-Link Страницы: 222

Бренд: D-Link Страницы: 2

DXS-1210 Series

Бренд: D-Link Страницы: 20

Бренд: wavin Страницы: 4

Бренд: H3C Страницы: 90

Бренд: Kramer Страницы: 2

Бренд: Dahua Страницы: 17

Бренд: Clever Little Box Страницы: 15

Бренд: Tripp Lite Страницы: 12

852-1411/000-001

Бренд: WAGO Страницы: 40

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды