Home » D-Link Manuals » Hubs & Switches » D-Link 3100 24P » Manual Viewer

D-Link 3100 24P User Manual - Page 150

Configuring Secure Socket Layer Security

UPC - 790069304941

Add to My Manuals
Save this manual to your list of manuals

Page 150 highlights

DGS-3100 Series Gigabit Stackable Managed Switch User Manual Configuring Secure Socket Layer Security Secure Socket Layer (SSL) is a security feature that provides a secure communication path between a host and client through the use of authentication, digital signatures, and encryption. These security functions are implemented using a Ciphersuite, which is a security string that determines the exact cryptographic parameters, specific encryption algorithms and key sizes used for authentication sessions, and that consists of:  Key Exchange -Cyphersuite strings specify the public key algorithm used. This switch utilizes the Rivest Shamir Adleman (RSA) public key algorithm. This is the first authentication process between client and host as they "exchange keys" in looking for a match and therefore authentication to be accepted to negotiate encryptions on the following level.  Encryption: The second part of the ciphersuite that includes the encryption used for encrypting the messages sent between client and host. The Switch supports two types of cryptology algorithms: - Stream Ciphers - There are two types of stream ciphers on the Switch, RC4 with 40-bit keys and RC4 with 128-bit keys. These keys are used to encrypt messages and need to be consistent between client and host for optimal use. - CBC Block Ciphers - Cipher Block Chaining (CBC) links encrypted text blocks. The Switch supports the 3DES EDE encryption code defined by the Data Encryption Standard (DES) to create the encrypted text.  Hash Algorithm - This part of the ciphersuite allows the user to choose a message digest function which will determine a Message Authentication Code. This Message Authentication Code will be encrypted with a sent message to provide integrity and prevent against replay attacks. The Switch supports two hash algorithms, Message Digest 5 (MD5) and Secure Hash Algorithm (SHA). The SSL Configuration Settings Page permits network managers to enable SSL with all supported ciphersuites on the Switch. Ciphersuites are security strings that determines the exact cryptographic parameters, specific encryption algorithms and key sizes to be used for an authentication session. The Switch possesses three possible ciphersuites for the SSL function, which are enabled by default. When the SSL function has been enabled, the Web is disabled. To manage the device via an Embedded Web System while SSL is enabled, the web browser must support SSL encryption. URL headers must begin with https://, for example https://10.90.90.90. The system supports up-to five SSH sessions. To enable SSL on the device: 1. Click Security > SSL. The SSL Configuration Settings Page opens: Figure 5-8. SSL Configuration Settings Page 136

Section	Page
Preface	7
System Overview	8
Viewing the Device	8
DGS-3100 Series Front Panel	8
DGS-3100-24TG Front Panel	8
Device Management Methods	9
User Guide Overview	9
Intended Audience	9
Notes, Notices, and Cautions	10
Safety Cautions	11
General Precautions for Rack-Mountable Products	12
GETTING STARTED	15
Accessing the Boot/Startup Menu Functions	16
Downloading Software	16
Set Terminal Baud-Rate	16
Defining Stacking Units	17
Using the Web-Based User Interface	18
Understanding the D-Link Embedded Web Interface	19
Using the Tool Menu	21
Displaying the Stack Status	21
Locating Devices	21
Backing up and Restoring Configuration Files	22
Resetting the Device	23
Downloading the Firmware	24
Rebooting the System	26
Using the Web System Components	27
CONFIGURING BASIC CONFIGURATION	28
Viewing Device Information	29
Defining System Information	31
Defining IP Addresses	32
Managing Stacking	33
Managing Stacking Modes	33
Advanced Stacking	33
Stack Startup Process	35
Building Stacks – Quick Start	37
Stack Management Examples	38
Configuring Stacking	44
Defining Ports	45
Configuring Port Properties	45
Viewing Port Properties	47
ARP Settings	48
Configuring User Accounts	49
Managing System Logs	51
Configuring SNTP	53
Configuring Daylight Savings Time	55
Configuring SNMP	59
Defining SNMP Views	60
Defining SNMP Groups	61
Defining SNMP Users	63
Defining SNMP Communities	65
Defining SNMP Host Table	66
Defining SNMP Engine ID	68
Enabling SNMP Traps	69
DHCP Auto Configuration	70
Dual Image Services	71
Firmware Information	71
Config Firmware Image	72
Telnet Setting	73
CONFIGURING L2 FEATURES	74
Enabling Jumbo Frames	75
Configuring VLANs	76
Understanding IEEE 802.1p Priority	76
VLAN Description	76
Notes about VLANs on the DGS-3100 Series	76
IEEE 802.1Q VLANs	76
802.1Q VLAN Tags	78
Port VLAN ID	79
Tagging and Untagging	79
Ingress Filtering	79
Default VLANs	80
VLAN and Trunk Groups	80
VLAN Status	80
Defining VLAN Properties	81
Configuring GVRP	83
Defining Trunking	85
Traffic Segmentation	87
Configuring LACP	88
Defining IGMP Snooping	89
Defining MLD Snooping	93
Configuring Port Mirroring	97
Configuring Spanning Tree	99
Defining Spanning Tree Global Parameters	100
Defining STP Port Settings	102
Defining Multiple Spanning Tree Configuration Identification	104
Defining MSTP Port Information	105
Defining Forwarding and Filtering	107
Defining Unicast Forwarding	107
Defining Multicast Forwarding	108
Defining Multicast Filtering	109
Configuring LLDP	111
Defining LLDP Global Settings	111
Defining LLDP Port Settings	112
Defining LLDP Basic TLV Settings	114
Defining LLDP Dot3 TLV Settings	115
Viewing LLDP Local Port Information	116
Viewing LLDP Remote Port Information	118
CONFIGURING QUALITY OF SERVICE	123
Understanding QoS	125
Defining Bandwidth Settings	126
Configuring Storm Control	128
Mapping Ports to Packet Priorities	129
Mapping Priority to Classes (Queues)	130
Configuring QoS Scheduling Mechanism	131
Defining Multi-Layer CoS Settings	132
SECURITY FEATURES	133
Configuring Safeguard Engine	134
Configuring Trust Host	135
Configuring Port Security	136
Configuring Guest VLANs	138
Configuring Port Authentication 802.1X	139
Configuring MAC Authentication (by using Guest VLAN, 802.1X and Radius pages)	144
Defining RADIUS Settings	147
Defining EAP Forwarding Settings	149
Configuring Secure Socket Layer Security	150
Configuring Secure Shell Security	152
Defining SSH Algorithm Settings	153
Defining Application Authentication Settings	155
Configuring Authentication Server Hosts	156
Defining Login Methods	157
Defining Enable Methods	159
Configuring Local Enable Password	161
MONITORING THE DEVICE	162
Viewing Stacking Information	163
Viewing CPU Utilization	164
Viewing Port Utilization	165
Viewing Packet Size Information	166
Viewing Received Packet Statistics	167
Viewing UMB_cast Packet Statistics	168
Viewing Transmitted Packet Statistics	169
Viewing RADIUS Authenticated Session Statistics	171
Viewing ARP Table	172
Viewing MLD Router Ports	173
Viewing Router Ports	174
Viewing Session Table	175
Viewing IGMP Group Information	176
Viewing MLD Group Information	177
Defining Dynamic and Static MAC Addresses	178
Viewing System Log	180
MANAGING POWER OVER ETHERNET DEVICES	181
Defining PoE System Information	182
Displaying and Editing PoE System Information	184
DEFINING ACCESS PROFILE LISTS	185
ACL Configuration Wizard	186
Defining Access Profile Lists	188
Defining Access Rules Lists	201
Finding ACL Rules	204
Defining Time Ranges	207
Copyright Statement: No part of this publication or documentation accompanying this product may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation without permission from D-Link Corporation/D-Link Systems, Inc., as stipulated by the United States Copyright Act of 1976 and any amendments thereto. Contents are subject to change without prior notice. Copyright 2007 by D-Link Corporation/D-Link Systems, Inc. All rights reserved.	212
FCC Statement: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a commercial installation. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communication. However, there is no guarantee that interference will not occur in a particular installation. Operation of this equipment in a residential environment is likely to cause harmful interference to radio or television reception. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:	212

Match case Limit results 1 per page

DGS-3100 Series Gigabit Stackable Managed Switch User Manual

136

Configuring Secure Socket Layer Security

Secure Socket Layer

(SSL) is a security feature that provides a secure communication path between a host and client

through the use of authentication, digital signatures, and encryption. These security functions are implemented using a

Ciphersuite

, which is a security string that determines the exact cryptographic parameters, specific encryption algorithms

and key sizes used for authentication sessions, and that consists of:



Key Exchange

—Cyphersuite strings specify the public key algorithm used. This switch utilizes the

Rivest Shamir

Adleman

(RSA) public key algorithm. This is the first authentication process between client and host as they “exchange

keys” in looking for a match and therefore authentication to be accepted to negotiate encryptions on the following level.



Encryption:

The second part of the ciphersuite that includes the encryption used for encrypting the messages sent

between client and host. The Switch supports two types of cryptology algorithms:

–

Stream Ciphers

– There are two types of stream ciphers on the Switch,

RC4 with 40-bit keys

and

RC4 with

128-bit keys

. These keys are used to encrypt messages and need to be consistent between client and host for

optimal use.

–

CBC Block Ciphers

–

Cipher Block Chaining

(CBC) links encrypted text blocks. The Switch supports the

3DES EDE

encryption code defined by the

Data Encryption Standard

(DES) to create the encrypted text.



Hash Algorithm

— This part of the ciphersuite allows the user to choose a message digest function which will

determine a Message Authentication Code. This

Message Authentication Code

will be encrypted with a sent message to

provide integrity and prevent against replay attacks. The Switch supports two hash algorithms,

Message Digest 5

(

MD5

)

and

Secure Hash Algorithm

(

SHA

The

SSL Configuration Settings Page

permits network managers to enable SSL with all supported ciphersuites on the

Switch. Ciphersuites are security strings that determines the exact cryptographic parameters, specific encryption algorithms

and key sizes to be used for an authentication session. The Switch possesses three possible ciphersuites for the SSL function,

which are enabled by default.

When the SSL function has been enabled, the Web is disabled.

To manage the device via an Embedded Web System while SSL is enabled, the web browser must support SSL encryption.

URL headers must begin with

https://

, for example

https://10.90.90.90

The system supports up-to five SSH sessions.

To enable SSL on the device:

Click

Security > SSL

. The

SSL Configuration Settings Page

opens:

Figure 5-8. SSL Configuration Settings Page