Table of Contents
TP-Link TL-SG2008 User Manual
Displayed below is the user manual for TL-SG2008 by TP-Link which is a product in the Network Switches category. This manual has pages.
User Guide
802.1X Client Software
REV1.0.1
1910011882
I
COPYRIGHT & TRADEMARKS
Specifications are subject to change without notice. is a registered trademark of
TP-Link Technologies Co., Ltd. Other brands and product names are trademarks or registered
trademarks of their respective holders.
No part of the specifications may be reproduced in any form or by any means or used to make any
derivative such as translation, transformation, or adaptation without permission from TP-Link
Technologies Co., Ltd. Copyright © 2016 TP-Link Technologies Co., Ltd. All rights reserved.
http://www.tp-link.com
II
CONTENTS
802.1X Client Software ..................................................................................................................... 1
1 Installation.................................................................................................................................... 1
2 Configuration ............................................................................................................................... 2
3 FAQ .............................................................................................................................................. 6
1
802.1X Client Software
The IEEE 802.1x port-based authentication on the TP-Link switch prevents unauthorized clients
from accessing the network. 802.1x operates in the typical client/server model. When using the
TP-Link switch as the authenticator system, please read this user guide to acquire information
about the installation and configuration of the 802.1X Client Software.
1 Installation
1. Typical Topology
The 802.1x architecture consists of three entities: Supplicant System (Client), Authenticator
System and Authentication System.
Figure 1-1 802.1x Topology
Supplicant System: The supplicant system is an entity in LAN and is authenticated by the
authenticator system. The supplicant system is usually a common user terminal computer.
Authenticator System: The authenticator system is usually an 802.1X-supported network
device, such as this TP-Link switch. It provides the physical or logical port for the supplicant
system to access the LAN and authenticates the supplicant system.
Authentication Server System: The authentication server system is an entity that provides
authentication service to the authenticator system. The server system is normally in the form
of a RADIUS server.
The 802.1X client software should be installed on the terminal computer in the Supplicant
System.
2. Supported Platforms
32-bit Windows Server 2008
32-bit Windows XP SP3
32-bit Windows 7 SP1
64-bit Windows 7
32-bit Windows 8
64-bit Windows 8
32-bit Windows 8.1
64-bit Windows 8.1
2
3. Installation
The 802.1X Client Software is in the same directory with this User Guide. This software is also
available at our official website. Follow the InstallSheild Wizard to accomplish the installation.
2 Configuration
1. After completing installation, double click the icon to run the TP-Link 802.1X Client
Software. The following screen will appear.
Figure 1-2 TP-Link 802.1X Client
Enter the Name and the Password for EAP-MD5 or PAP authentication method specified in
the Authentication Server. The length of Name and Password should be less than 31
characters. Try to enter no more than 16 characters as Name and Password if your switch
does not support advanced authentication.
2. Select Advanced Authentication and click Advanced Setting to perform EAP-TLS,
EAP-TTLS or PEAP authentication.
Note:
When using this interface, please ensure that both the TP-Link switch and the authentication
server supports the authentication methods in the following figure.
3
Figure 1-3 Advanced Setting
Authentication Method: EAP-TLS, EAP-TTLS or PEAP authentication method can be
selected.
Tunnel: The authentication methods adopted for EAP-TTLS or PEAP after the TLS secure
tunnel is established. For EAP-TTLS, EAP/MSCHAPV2, EAP/MD5, EAP/GTC, MSCHAPV2,
MSCHAP, CHAP and PAP can be selected. For PEAP, EAP/MSCHAPV2, EAP/MD5 and
EAP/GTC can be selected.
If Anonymous is selected, the clients will use anonymous as the identity to initiate the
authentication.
Name/Password: Name and password for EAP-TTLS, PEAP or EAP-TLS (name required
only) authentication method. Both Name and password should be less than 31 characters.
Certificate Setting: A client certificate is needed for EAP-TLS authentication. Click to select
the certificate.
4
Figure 1-4 Select Certificate
Verify Server: Select this option to verify the server certificate.
3. Click the Properties button on Figure B-12 to load the following screen for configuring the
connection properties.
Figure 1-5 Connection Properties
Send 802.1X protocol packets by Unicast: When this option is selected, the Client will send
the EAPOL Start packets to the switch via multicast and send the 802.1X authentication
packets via unicast.
Obtain an IP address automatically: Select this option if the Client automatically obtains the
IP address from DHCP server. After passing the authentication, the Client can be assigned
the IP address by DHCP server. The Client can access the network after getting the new IP
address.
Handshake
:
When this option is selected, the notification of network disconnection will pop
up after Handshake timeout.
Auto reconnect after timeout: Select this option to allow the Client to automatically start the
connection again when it does not receive the handshake reply packets from the switch within
a period.
5
4. To continue, click Connect button after entering the Name and Password on Figure B-12.
Then the following screen will appear to prompt that the Radius server is being searched.
Figure 1-6 Authentication Dialog
5. When passing the authentication, the following screen will appear.
Figure 1-7 Successfully Authenticated
6. Double click the icon on the right corner of desktop, and then the following connection
status screen will pop up.
Figure 1-8 Connection Status
6
3 FAQ
Q1: Why does this error dialog box pop up when starting up the TP-Link 802.1X Client Software?
A1: It’s because the supported DLL file is missing. You are suggested to go to
http://www.winpcap.org to download WinPcap 4.0.2 or the higher version for installation, and run
the client software again.
Q2: Is this TP-Link 802.1X Client Software compliable with the switches of the other
manufacturers?
A2: No. This TP-Link 802.1X Client Software is customized for TP-Link switches.
Q3: Is it safe to set the password being automatically saved?
A3: Yes. The password saved in the configuration files is encrypted.