Template:Networking tswos manual ports: Difference between revisions

From Teltonika Networks Wiki
No edit summary
 
(10 intermediate revisions by 3 users not shown)
Line 62: Line 62:
You will be redirected to `Port settings`. From here you can enable/disable ports or change settings:
You will be redirected to `Port settings`. From here you can enable/disable ports or change settings:


[[File:Networking_tswos_manual_ports_ports_settings_port_settings_settings_{{{poe}}}.png|border|class=tlt-border]]
[[File:Networking_tswos_manual_ports_ports_settings_port_settings_settings.png|border|class=tlt-border]]


<table class="nd-mantable">
<table class="nd-mantable">
Line 74: Line 74:
       <td>off {{!}} on; default: <b>on</b></td>
       <td>off {{!}} on; default: <b>on</b></td>
       <td>Toggle port on or off.</td>
       <td>Toggle port on or off.</td>
    </tr>
    <tr>
      <td>Port name</td>
      <td>string; default: <b>none</b></td>
      <td>Name of the port. This is only used for easier management purposes.</td>
     </tr>
     </tr>
     <tr>
     <tr>
Line 106: Line 111:
This section displays port status information. There is also an option to select, enable ports, enable/disable PoE, EEE and Isolation options:
This section displays port status information. There is also an option to select, enable ports, enable/disable PoE, EEE and Isolation options:


[[File:Networking_tswos_manual_ports_ports_settings_port_status_{{{poe}}}.png|border|class=tlt-border]]
[[File:Networking_tswos_manual_ports_ports_settings_port_statusV3.png|border|class=tlt-border]]


<table class="nd-othertables_2">
<table class="nd-othertables_2">
Line 266: Line 271:
</table>
</table>


==Port Security==
==802.1X==


This section displays information about the status of the device's ports with the ability to configure port security settings.  
This section displays information about the status of the device's ports with the ability to configure port `802.1x` settings.  


===General===
===General===
====Port Settings====
====Port Status====
----
----
The figure below is an example of the '''Port Settings''' window, color indicates port speed and status:
The figure below is an example of the '''Port Status''' window, color indicates port speed and status:


[[File:Networking_tswos_manual_ports_port_security_port_settings_{{{poe}}}.png|border|class=tlt-border]]
[[File:Networking_tswos_manual_ports_port_security_port_settings_{{{poe}}}.png|border|class=tlt-border]]


To change port security settings select port and press `edit (number of ports) ports` button:
To change port `802.1x` settings select port and press `edit (number of ports) ports` button:


[[File:Networking_tswos_manual_ports_port_security_port_settings_edit_{{{poe}}}.png|border|class=tlt-border]]
[[File:Networking_tswos_manual_ports_port_security_port_settings_edit_{{{poe}}}.png|border|class=tlt-border]]


You will be redirected to `Port security settings`. From here you can enable/disable ports or change security settings:
You will be redirected to `Port 802.1x settings`. From here you can enable/disable 802.1x protocol or change role:


[[File:Networking_tswos_manual_ports_port_security_port_settings_settings_{{{poe}}}.png|border|class=tlt-border]]
[[File:Networking tswos manual ports 8021x port status settings.png|border|class=tlt-border]]


<table class="nd-mantable">
<table class="nd-mantable">
Line 294: Line 299:
       <td>Enable</td>
       <td>Enable</td>
       <td>off {{!}} on; default: <b>off</b></td>
       <td>off {{!}} on; default: <b>off</b></td>
       <td>Enable security for port.</td>
       <td>Toggle 802.1x on or off.</td>
    </tr>
    <tr>
      <td>Role</td>
      <td><span style="color:orange">Client</span> {{!}} Server; default: <b>Server</b></td>
      <td>Toggle 802.1x role.</td>
     </tr>
     </tr>
     <tr>
     <tr>
Line 302: Line 312:
     </tr>
     </tr>
     <tr>
     <tr>
       <td>Radius unreachable action</td>
       <td>Guest VLAN</td>
       <td>Accept {{!}} Reject; default: <b>Accept</b></td>
      <td>Disabled {{!}} VLAN; default: <b>Disabled</b></td>
       <td>"Accept" gives anyone access to the port when the radius server is unreachable. "Reject" only unblocks the port if radius server explicitly authorizes it.</td>
      <td>Select guest VLAN for 802.1x server service.</td>
    </tr>
    <tr>
      <td>Fallback VLAN</td>
       <td>Disabled {{!}} VLAN; default: <b>Disabled</b></td>
      <td>Select fallback VLAN 802.1x for server service.</td>
    </tr>
    <tr>
      <td>Reject VLAN</td>
      <td>Disabled {{!}} VLAN; default: <b>Disabled</b></td>
      <td>Select reject VLAN 802.1x for server service.</td>
    </tr>
    <tr>
      <td>Accept VLAN</td>
      <td>Radius assigned {{!}} VLAN; default: <b>VLAN</b></td>
       <td>Select accept VLAN 802.1x for server service</td>
    </tr>
    <tr>
      <td><span style="color:orange">Client:</span> Authentication type</td>
      <td>MD5 {{!}} <span style="color:red">TLS</span> {{!}} PWD {{!}} <span style="color:green">Tunneled TLS</span> {{!}} <span style="color:blue">Protected EAP (PEAP)</span>; default: <b>MD5</b></td>
      <td>Authentication type.</td>
    </tr>
    <tr>
      <td><span style="color:orange">Client:</span> Identity (Username)</td>
      <td>string; default: <b>none</b></td>
      <td>Used as the username for authentication.</td>
    </tr>
    <tr>
      <td><span style="color:orange">Client:</span> MD5, PWD, <span style="color:green">Tunneled TLS</span>, <span style="color:blue">Protected EAP (PEAP)</span>: Password</td>
      <td>string; default: <b>none</b></td>
      <td>Used for authentication.</td>
    </tr>
    <tr>
      <td><span style="color:orange">Client:</span><span style="color:red">TLS</span>: CA Certificate</td>
      <td>.crt file; default: <b>none</b></td>
      <td>Radius server CA certificate.</td>
    </tr>
    <tr>
      <td><span style="color:orange">Client:</span><span style="color:red">TLS</span>: User certificate</td>
      <td>.crt file; default: <b>none</b></td>
      <td>TLS client certificate.</td>
    </tr>
    <tr>
      <td><span style="color:orange">Client:</span><span style="color:red">TLS</span>: Private Key</td>
      <td>.key file; default: <b>none</b></td>
      <td>TLS Private Key.</td>
    </tr>
    <tr>
      <td><span style="color:orange">Client:</span><span style="color:red">TLS</span>: Private Key Password</td>
      <td>string; default: <b>none</b></td>
      <td>TLS Private Key Password.</td>
    </tr>
    <tr>
      <td><span style="color:orange">Client:</span><span style="color:green">Tunneled TLS</span>: Inner authentication</td>
      <td>PAP {{!}} MSCHAP {{!}} MSCHAPv2 {{!}} MSCHAPv2 (no EAP) {{!}} CHAP {{!}} MD5 {{!}} GTC; default: <b>PAP</b></td>
      <td>Inner authentication type.</td>
    </tr>
    <tr>
      <td><span style="color:orange">Client:</span><span style="color:blue">Protected EAP (PEAP)</span>: Inner authentication</td>
      <td>MSCHAPv2 {{!}} MD5 {{!}} GTC; default: <b>MSCHAPv2</b></td>
      <td>Inner authentication type.</td>
    </tr>
    <tr>
      <td><span style="color:orange">Client:</span><span style="color:blue">Protected EAP (PEAP)</span>: Peap version</td>
      <td>auto {{!}} 0 {{!}} 1; default: <b>auto</b></td>
      <td>Peap version.</td>
    </tr>
    <tr>
      <td><span style="color:orange">Client:</span><span style="color:green">Tunneled TLS</span>, <span style="color:blue">Protected EAP (PEAP)</span>: Anonymous identity</td>
      <td>string; default: <b>none</b></td>
      <td>Shown as username outside the encrypted tunnel. Not used for authentication.</td>
    </tr>
    <tr>
      <td><span style="color:orange">Client:</span><span style="color:green">Tunneled TLS</span>, <span style="color:blue">Protected EAP (PEAP)</span>: CA Certificate</td>
      <td>.crt file; default: <b>none</b></td>
      <td>Radius server CA certificate.</td>
     </tr>
     </tr>
</table>
</table>


====Port Status====
====802.1X Status====
----
----
This section displays port status information. There is also an option to select, enable ports security, choose RADIUS server and change RADIUS unreachable action:
This section displays port `802.1x` status information. There is also an option to select, enable 802.1x for ports:


[[File:Networking_tswos_manual_ports_port_security_port_status.png|border|class=tlt-border]]
[[File:Networking_tswos_manual_ports_8021x_status.png|border|class=tlt-border]]


<table class="nd-othertables_2">
<table class="nd-othertables_2">
Line 332: Line 417:
     </tr>
     </tr>
     <tr>
     <tr>
         <td>Radius server</td>
         <td>Role</td>
         <td>Authenticates and authorizes devices trying to connect to this port.</td>
         <td>Shows the role of the port.</td>
    </tr>
    <tr>
        <td>Radius unreachable action</td>
        <td>"Accept" gives anyone access to the port when the radius server is unreachable. "Reject" only unblocks the port if radius server explicitly authorizes it.</td>
     </tr>
     </tr>
</table>
</table>
Line 345: Line 426:
The <b>RADIUS</b> page is used to create and manage radius servers:
The <b>RADIUS</b> page is used to create and manage radius servers:


[[File:Networking_tswos_manual_ports_port_security_radius.png|border|class=tlt-border]]
[[File:Networking_tswos_manual_ports_port_security_radiusV2.png|border|class=tlt-border]]


<table class="nd-othertables_2">
<table class="nd-othertables_2">
Line 374: Line 455:
The RADIUS configuration window should look similar to this:
The RADIUS configuration window should look similar to this:


[[File:Networking_tswos_manual_ports_port_security_radius_configuration.png|border|class=tlt-border]]
[[File:Networking_tswos_manual_ports_port_security_radius_configuration_v2.png|border|class=tlt-border]]


<table class="nd-mantable">
<table class="nd-mantable">
Line 383: Line 464:
     </tr>
     </tr>
     <tr>
     <tr>
         <td>Address (IPv4/IPv6)</td>
         <td>IP address</td>
         <td>ip; default: <b>0.0.0.0</b></td>
         <td>ip; default: <b>0.0.0.0</b></td>
         <td>RADIUS server IP.</td>
         <td>RADIUS server IP.</td>
Line 389: Line 470:
     <tr>
     <tr>
         <td>Authentication port</td>
         <td>Authentication port</td>
         <td>interger [1.. 65535]; default: <b>1812</b></td>
         <td>integer [1.. 65535]; default: <b>1812</b></td>
         <td>RADIUS server athentication port.</td>
         <td>RADIUS server athentication port.</td>
     </tr>
     </tr>
Line 413: Line 494:
     </tr>
     </tr>
     <tr>
     <tr>
         <td><span style="color: red;">Address (IPv4/IPv6)</span></td>
         <td><span style="color: red;">IP address</span></td>
         <td>ip; default: <b>none</b></td>
         <td>ip; default: <b>none</b></td>
         <td>Backup RADIUS server IP.</td>
         <td>Backup RADIUS server IP.</td>
Line 419: Line 500:
     <tr>
     <tr>
         <td><span style="color: red;">Authentication port</span></td>
         <td><span style="color: red;">Authentication port</span></td>
         <td>interger [1.. 65535]; default: <b>none</b></td>
         <td>integer [1.. 65535]; default: <b>none</b></td>
         <td>Backup RADIUS server athentication port.</td>
         <td>Backup RADIUS server authentication port.</td>
     </tr>
     </tr>
     <tr>
     <tr>

Latest revision as of 12:41, 25 October 2024

The information in this page is updated in accordance with firmware version .

Summary

The Ports page provides information related to the status of the device's physical ports, as well as the ability to edit port settings, security, loopback detection.

General

In this section you can enable Jumbo frames and LLDP frame filter services.

Field Value Description
Jumbo frames off | on; default: on Allow ethernet frame with a payload greater than the standard maximum transmission unit (MTU) of 1500 bytes. This may improve network performance by making data transmissions more efficient.
LLDP frame filter off | on; default: off Enable to stop the forwarding of LLDP frames.
IGMP snooping off | on; default: off Enables IGMP snooping.
Multicast querier off | on; default: off Enables multicast querier.

Port Settings

This section displays information about the status of the device's ports with the ability to configure port settings.

Port Settings


The figure below is an example of the All Ports window, color indicates port speed and status:

[[File:Networking_tswos_manual_ports_ports_settings_port_settings_{{{poe}}}.png|border|class=tlt-border]]

To change port settings select port and press `edit (number of ports) ports` button:

[[File:Networking_tswos_manual_ports_ports_settings_port_settings_edit_{{{poe}}}.png|border|class=tlt-border]]

You will be redirected to `Port settings`. From here you can enable/disable ports or change settings:

Field Value Description
Enable off | on; default: on Toggle port on or off.
Port name string; default: none Name of the port. This is only used for easier management purposes.
EEE off | on; default: on Enable Energy-Efficient Ethernet.
Isolate port off | on; default: off When enabled port will be isolated from other isolated ports. Traffic between isolated ports will droped. Traffic between isolated and normal ports will be sent as normal.
Link speed Auto | 10Mbps (E) | 100Mbps (FE) | 1000Mbps (GbE); default: Auto A measure of how fast ports are able to transmit and receive data.
Duplex Full | Half; default: Advertises preferred duplex mode and speed for negotiation with other devices.

Port Status


This section displays port status information. There is also an option to select, enable ports, enable/disable PoE, EEE and Isolation options:

Field Name Description
Port Port ID.
Enabled Enable/Disable port.
Status Port status.
Speed Port link speed.
  • Possible speeds:
  • GbE: 1000Mbps
  • FE: 100Mbps
  • E: 10Mbps
  • PoE (W) PoE port power usage in watts.
    EEE Enable/Disable Energy-Efficient Ethernet.
    Isolation When enabled port will be isolated from other isolated ports. Traffic between isolated ports will be droped. Traffic between isolated and normal ports will be sent as normal.
    TX sum Total upload.
    RX sum Total download.
    TX rate Upload speed.
    RX rate Download speed.

    Port Mirroring

    Port Mirroring is a service that mirrors incoming and outgoing packets on one Ethernet port (Source Port) to another (Monitoring Port).

    To change port mirroring settings select port and press `Edit` button:

    You will be redirected to `Port mirroring settings`, from here you can select ingress and egress ports:

    Field Value Description
    Enable off | on; default: off The port which will mirror the packets.
    Ingress mirroring port list port; default: none Specify which port incoming traffic is mirrored.
    Egress mirroring port list port; default: none Specify which port outcoming traffic is mirrored.

    Loopback Detection

    Loopback Detection


    A port-based loopback detection service that using its own distinctive packets, seeks to identify and break a network loop by shutting down troublesome ports.

    Field Value Description
    Enable off | on; default: off Enable loopback detection.
    Broadcast interval integer [1..10000]; default: none Send detection packets in an given interval from 1 to 10000 seconds.
    Auto-recovery interval integer [60..10000]; default: none Restores disabled ports in an given interval from 60 to 10000 seconds.

    Port Tracking


    Tracks specific port status. Notes:

  • STP: STP must be disabled in Network -> Spanning Tree and loopback detection must be enabled for the service to function.
  • Port unblocking: When a loop occurs before a broadcast, it won't be recognized until the broadcast transmits its own packets, since the service only listens for packets with its own particular protocol.
  • To change port tracking setting press on port and you will be redirected to `Port tracking configuration`:

    Field Value Description
    Enable off | on; default: on Enable port tracking.
    Recovery mode Auto | Manual; default: Auto Manages port unblocking type.Possible modes:
  • Manual: Port is blocked until manual unblock.
  • Auto: Unblocked automatically depending on the global Auto-recovery interval value.
  • 802.1X

    This section displays information about the status of the device's ports with the ability to configure port `802.1x` settings.

    General

    Port Status


    The figure below is an example of the Port Status window, color indicates port speed and status:

    [[File:Networking_tswos_manual_ports_port_security_port_settings_{{{poe}}}.png|border|class=tlt-border]]

    To change port `802.1x` settings select port and press `edit (number of ports) ports` button:

    [[File:Networking_tswos_manual_ports_port_security_port_settings_edit_{{{poe}}}.png|border|class=tlt-border]]

    You will be redirected to `Port 802.1x settings`. From here you can enable/disable 802.1x protocol or change role:

    Field Value Description
    Enable off | on; default: off Toggle 802.1x on or off.
    Role Client | Server; default: Server Toggle 802.1x role.
    Radius sever radius server ID; default: example Radius server ID.
    Guest VLAN Disabled | VLAN; default: Disabled Select guest VLAN for 802.1x server service.
    Fallback VLAN Disabled | VLAN; default: Disabled Select fallback VLAN 802.1x for server service.
    Reject VLAN Disabled | VLAN; default: Disabled Select reject VLAN 802.1x for server service.
    Accept VLAN Radius assigned | VLAN; default: VLAN Select accept VLAN 802.1x for server service
    Client: Authentication type MD5 | TLS | PWD | Tunneled TLS | Protected EAP (PEAP); default: MD5 Authentication type.
    Client: Identity (Username) string; default: none Used as the username for authentication.
    Client: MD5, PWD, Tunneled TLS, Protected EAP (PEAP): Password string; default: none Used for authentication.
    Client:TLS: CA Certificate .crt file; default: none Radius server CA certificate.
    Client:TLS: User certificate .crt file; default: none TLS client certificate.
    Client:TLS: Private Key .key file; default: none TLS Private Key.
    Client:TLS: Private Key Password string; default: none TLS Private Key Password.
    Client:Tunneled TLS: Inner authentication PAP | MSCHAP | MSCHAPv2 | MSCHAPv2 (no EAP) | CHAP | MD5 | GTC; default: PAP Inner authentication type.
    Client:Protected EAP (PEAP): Inner authentication MSCHAPv2 | MD5 | GTC; default: MSCHAPv2 Inner authentication type.
    Client:Protected EAP (PEAP): Peap version auto | 0 | 1; default: auto Peap version.
    Client:Tunneled TLS, Protected EAP (PEAP): Anonymous identity string; default: none Shown as username outside the encrypted tunnel. Not used for authentication.
    Client:Tunneled TLS, Protected EAP (PEAP): CA Certificate .crt file; default: none Radius server CA certificate.

    802.1X Status


    This section displays port `802.1x` status information. There is also an option to select, enable 802.1x for ports:

    Field Name Description
    Port Port ID.
    Enabled Enables port security on this port.
    Status Port status.
    Role Shows the role of the port.

    RADIUS

    The RADIUS page is used to create and manage radius servers:

    Field Name Description
    ID RADIUS server ID.
    Address (IPv4) RADIUS server IP.
    Authentication port RADIUS server athentication port.
    Secret RADIUS server secret.

    Radius Configuration


    The RADIUS configuration window should look similar to this:

    [[Category:{{{name}}} Network section]]
    Field Value Description
    IP address ip; default: 0.0.0.0 RADIUS server IP.
    Authentication port integer [1.. 65535]; default: 1812 RADIUS server athentication port.
    Secret string; default: - RADIUS server secret.
    Test connectivity -(interactive) button Test connectivity to RADIUS server.
    Test user credentials -(interactive) button Test credentials to RADIUS server.
    Enable backup RADIUS server off | on; default: off Enable backup RADIUS server.
    IP address ip; default: none Backup RADIUS server IP.
    Authentication port integer [1.. 65535]; default: none Backup RADIUS server authentication port.
    Secret string; default: - Backup RADIUS server secret.
    Test connectivity -(interactive) button Test connectivity to backup RADIUS server.
    Test user credentials -(interactive) button Test credentials to backup RADIUS server.