Cisco Sg3008 Manual
Have a look at the manual Cisco Sg3008 Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Security: 802.1X Authentication 802.1X Configuration Through the GUI 404 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 19 To customize the web-authentication pages: STEP 1Click Security > 802.1X/MAC/ Web Authentication > Web Authentication Customization. This page displays the languages that can be customized. STEP 2Click Edit Logon Page. Figure 4 The following page is displayed: . STEP 3Click Edit1. The following fields are displayed: •Language—Displays the page’s language. •Color Scheme—Select one of the contrast options. If the Custom color scheme is selected, the following options are available: -Page Background Color—Enter the ASCII code of the background color. The selected color is shown in the Text field. -Header and Footer Background Color—Enter the ASCII code of the header and footer background color. The selected color is shown in the Te x t f i e l d . -Header and Footer Tex t Color—Enter the ASCII code of the header and footer text color. The selected color is shown in the Text field. -Hyperlink Color—Enter the ASCII code of the hyperlink color. The selected color is shown in the Text field. •Current Logo Image—Select one of the following options:
Security: 802.1X Authentication 802.1X Configuration Through the GUI Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 405 19 -None—No logo. -Default—Use the default logo. -Other—Select to enter a customized logo. If the Other logo option is selected, the following options are available: -Lo go Ima ge Filename—Enter the logo file name or Browse to the image. -Application Tex t—Enter text to accompany the logo. -Window Title Tex t—Enter a title for the Login page. STEP 4Click Apply and the settings are saved to the Running Configuration file. STEP 5Click Edit2. The following fields are displayed: •Invalid User Credentials—Enter the text of the message to be displayed when the end user enters an invalid username or password. •Service Not Available—Enter the text of the message to be displayed when the authentication service is not available. STEP 6Click Apply and the settings are saved to the Running Configuration file. STEP 7Click Edit3. The following fields are displayed: •Welcome Message—Enter the text of the message to be displayed when the end user logs on. •Instructional Message—Enter the instructions to be displayed to the end user. •RADIUS Authentication—Displays whether RADIUS authentication is enabled. If so, the username and password must be included in the login page. •Username Textbox—Select for a username textbox to be displayed. •Username Textbox Label—Select the label to be displayed before the username textbox. •Password Textbox—Select for a password textbox to be displayed. •Password Textbox Label—Select the label to be displayed before the password textbox. •Language Selection—Select to enable the end user to select a language.
Security: 802.1X Authentication 802.1X Configuration Through the GUI 406 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 19 •Language Dropdown Label—Enter the label of the language selection dropdown. •Login Button Label—Enter the label of the login button. •Login Progress Label—Enter the text that will be displayed during the login process. STEP 8Click Apply and the settings are saved to the Running Configuration file. STEP 9Click Edit4. The following fields are displayed: •Terms and Conditions—Select to enable a terms and conditions text box. •Terms and Conditions Warning—Enter the text of the message to be displayed as instructions to enter the terms and conditions. •Terms and Conditions Contents—Enter the text of the message to be displayed as terms and conditions. STEP 10Click Apply and the settings are saved to the Running Configuration file. STEP 11Edit5. The following fields are displayed: •Copyright—Select to enable displaying copyright text. •Copyright Text—Enter the copyright text. STEP 12Click Apply and the settings are saved to the Running Configuration file. STEP 13Click Edit Success Page. Figure 5 The following page is displayed . STEP 14Click the Edit. button on the right side of the page.
Security: 802.1X Authentication Defining Time Ranges Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 407 19 STEP 15Enter the Success Message, which is the text that will be displayed if the end user successfully logs in. STEP 16Click Apply and the settings are saved to the Running Configuration file. To preview the login or success message, click Preview. To set one of the languages as the default language, click Set Default Display Language. Defining Time Ranges See Time Range for an explanation of this feature. Authentication Method and Port Mode Support The following table shows which combinations of authentication method and port mode are supported. Legend: †—The port mode also supports the guest VLAN and RADIUS-VLAN assignment. N/S—The authentication method does not support the port mode. NOTEWeb-based authentication requires TCAM support for input traffic classification and can be supported only by the full multi-sessions mode. You can simulate the single-host mode by setting Max Hosts parameter to 1 in the Port Authentication page.Authentication MethodSingle-host Multi-host Multi-sessions Device in L3 Device in L2 802.1x †††† MAC †††† WEB N/S N/S N/S †
Security: 802.1X Authentication Authentication Method and Port Mode Support 408 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 19 Mode Behavior The following table describes how authenticated and non-authenticated traffic is handled in various situations. Unauthenticated Traffic Authenticated Traffic With Guest VLAN Without Guest VLAN With Radius VLAN Without Radius VLAN Untagged Tagged Untagged Tagged Untagged Tagged Untagged Tagged Single- hostFrames are re-mapped to the guest VLANFrames are dropped unless they belong to the guest VLAN or to the unauthent icated VLANsFrames are dropped Frames are dropped unless they belong to the unauthent icated VLANsFrames are re-mapped to the RADIUS assigned VLANFrames are dropped unless they belong to the RADIUS VLAN or to the unauthent icated VLANsFrames are bridged based on the static VLAN configurationFrames are bridged based on the static VLAN configurat ion Multi- hostFrames are re-mapped to the guest VLANFrames are dropped unless they belongs to the guest VLAN or to the unauthent icated VLANsFrames are dropped Frames are dropped unless they belongs to the unauthent icated VLANsFrames are re-mapped to the Radius assigned VLANFrames are dropped unless they belongs to the Radius VLAN or to the unauthent icated VLANsFrames are bridged based on the static VLAN configurationFrames are bridged based on the static VLAN configurat ion Lite multi- sessionsN/S N/S Frames are droppedFrames are dropped unless they belongs to the unauthent icated VLANsN/S N/S Frames are bridged based on the static VLAN configurationFrames are bridged based on the static VLAN configurat ion
Security: 802.1X Authentication Authentication Method and Port Mode Support Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 409 19 Full multi- sessionsFrames are re-mapped to the guest VLANFrames are re- mapped to the guest VLAN unless they belongs to the unauthent icated VLANsFrames are dropped Frames are dropped unless they belongs to the unauthent icated VLANsFrames are re-mapped to the RADIUS assigned VLANFrames are re- mapped to the Radius VLAN unless they belongs to the unauthent icated VLANsFrames are bridged based on the static VLAN configurationFrames are bridged based on the static VLAN configurat ion Unauthenticated Traffic Authenticated Traffic With Guest VLAN Without Guest VLAN With Radius VLAN Without Radius VLAN Untagged Tagged Untagged Tagged Untagged Tagged Untagged Tagged
Security: 802.1X Authentication Authentication Method and Port Mode Support 410 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 19
20 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 410 Security: IPV6 First Hop Security This section describes how First Hop Security (FHS) works and how to configure it in the GUI. It covers the following topics: •First Hop Security Overview •Router Advertisement Guard •Neighbor Discovery Inspection •DHCPv6 Guard •Neighbor Binding Integrity •Attack Protection •Policies, Global Parameters and System Defaults •Common Tasks •Default Settings and Configuration •Default Settings and Configuration •Configuring First Hop Security through Web GUI
Security: IPV6 First Hop Security First Hop Security Overview Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 411 20 First Hop Security Overview IPv6 FHS is a suite of features designed to secure link operations in an IPv6- enabled network. It is based on the Neighbor Discovery Protocol and DHCPv6 messages. In this feature, a Layer 2 switch (as shown in Figure 6) filters Neighbor Discovery Protocol messages, DHCPv6 messages and user data messages according to a number of different rules. Figure 6 First Hop Security Configuration A separate and independent instance of IPv6 First Hop Security runs on each VLAN on which the feature is enabled. Abbreviations Name Description CPA message Certification Path Advertisement message CPS message Certification Path Solicitation message DAD-NS message Duplicate Address Detection Neighbor Solicitation message FCFS-SAVI First Come First Served - Source Address Validation Improvement
Security: IPV6 First Hop Security First Hop Security Overview 412 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 20 IPv6 First Hop Security Components IPv6 First Hop Security includes the following features: •IPv6 First Hop Security Common •RA Guard •ND Inspection •Neighbor Binding Integrity •DHCPv6 Guard These components can be enabled or disabled on VLANs. There are two empty, pre-defined policies per each feature with the following names: vlan_default and port_default. The first one is attached to each VLAN that is not attached to a user-defined policy and the second one is connected to each interface and VLAN that is not attached to a user-defined policy. These policies cannot be attached explicitly by the user. See Policies, Global Parameters and System Defaults. IPv6 First Hop Security Pipe If IPv6 First Hop Security is enabled on a VLAN, the switch traps the following messages: •Router Advertisement (RA) messages •Router Solicitation (RS) messages •Neighbor Advertisement (NA) messages NA message Neighbor Advertisement message NDP Neighbor Discovery Protocol NS message Neighbor Solicitation message RA message Router Advertisement message RS message Router Solicitation message SAVI Source Address Validation Improvement Name Description