The following procedure describes how to configure the smart switch so that 802.1X-based authentication is required on ports
g2–g8. and corrects the errors of the official documentation on the netgear site.
the url official doc : https://kb.netgear.com/24753/How-do-I-configure-802-1X-based-authentication-on-a-smart-switch
First Step :
Open a web browser.
In the browser address field, type the IP address of the smart switch. The default IP address is 192.168.0.239 and the default subnet mask is 255.255.255.0. You are prompted to enter your password.
Type the password in the Password field. The default password is password. Passwords are case-sensitive.
Click the Login button. After the system authenticates you, the System Information screen displays.
Select Security > Port Authentication > Advanced > Port Authentication.
6. On the port Authentification screen, select all ports you dont wont to use 802.1x authentification.
7.Configure the following policy attibutes for all ports (expect g2-g8) :
From the port Control menu, select Authorized
Explication : if you leave all the ports in auto, as suggested by the official documentation on the netgear site, the port directly connecting to the server will not be able to athenticate and you will lose all connection with the switch, it will then have to be reset factory default settings.
you can chose your Vlan ID in the port with Auto.
8.Click the Apply button.
The settings are saved.
9.Select Security > Port Authentication > Advanced > 802.1X Configuration.
Next to Port Based Authentication State, select the Enable radio button.
10.Select Security >Management Security>RADIUS>Server Configuration.
11.Configure a RADIUS server with the following settings:
Server Address. 192.168.3.10 (Your Server Radius Address)
Secret Configured. Yes.
Secret. secret123. (put your secret shared)
Active. Primary.
12.Select Security >Management Security>Radius>Global Configuration
On the Accouting Mode, select Enable
NOTE : (this step is not present in the officiel doc on site netgear, and it is a necessary to working)
13.Go to Accouting Server Configuration
and configure the Secret shared
add your IP address Server
and port (by default 1813)
Note : (this step is not present in the officiel site, and it is necessary)
14.Please do not follow this step from the official site netgear, it is a false method, and you will lose all connection to to the http page.
leave it as default, local on 1 position.
15.And finnaly select Security > Management Security >Authentication List>Dot1x Authentification List
From the menu in the 1 column, select Radius
Click the Apply button
NOTE (this step not exist in the official site Netgear, and it is a necessary for operation)
The RADIUS server is now designated as the first authentication method.
Thanks you.
コメント