Home » D-Link Manuals » Hubs & Switches » D-Link DES-3228PA » Manual Viewer

D-Link DES-3228PA Installation Guide - Page 129

Configuring Network Security, Network Security Overview

UPC - 790069296352

Add to My Manuals
Save this manual to your list of manuals

Page 129 highlights

Configuring Device Security Configuring Network Security Configuring Network Security Network security manages both access control lists and locked ports. This section contains the following topics: • Network Security Overview • Defining Network Authentication Properties • Defining Port Authentication • Configuring Traffic Control Network Security Overview This section provides an overview of network security and contains the following topics: • Port-Based Authentication • Advanced Port-Based Authentication Port-Based Authentication Port-based authentication authenticates users on a per-port basis via an external server. Only authenticated and approved system users can transmit and receive data. Ports are authenticated via the RADIUS server using the Extensible Authentication Protocol (EAP). Port-based authentication includes: • Authenticators - Specifies the device port which is authenticated before permitting system access. • Supplicants - Specifies the host connected to the authenticated port requesting to access the system services. • Authentication Server - Specifies the server that performs the authentication on behalf of the authentica- tor, and indicates whether the supplicant is authorized to access system services. Port-based authentication creates two access states: • Controlled Access - Permits communication between the supplicant and the system, if the supplicant is authorized. • Uncontrolled Access - Permits uncontrolled communication regardless of the port state. The device currently supports port-based authentication via RADIUS servers. Advanced Port-Based Authentication Advanced port-based authentication enables multiple hosts to be attached to a single port. Advanced port-based authentication requires only one host to be authorized for all hosts to have system access. If the port is unauthorized, all attached hosts are denied access to the network. Advanced port-based authentication also enables user-based authentication. Specific VLANs in the device are always available, even if specific ports attached to the VLAN are unauthorized. For example, Voice over IP does not require authentication, while data traffic requires authentication. VLANs for which authorization is not required can be defined. Unauthenticated VLANs are available to users, even if the ports attached to the VLAN are defined as authorized. Page 126

Section	Page
Preface	6
Section 1. Device Description	9
Viewing the Device	9
Front Panel	9
Back Panel	10
Ports Description	10
10/100Base-T Fast Ethernet Ports	10
Combo Copper/SFP Port (100Base-FX/1000Base-X Fiber Ports)	10
1000Base-T Stacking Ports	11
RS-232 Console Port	11
Cable Specifications	12
LED Definitions	12
Port LEDs	12
System LEDs	14
Cable, Port, and Pinout Information	15
Pin Connections for the 10/100/1000 Ethernet Interface	15
Physical Dimensions	15
Section 2. Mounting Device	17
Preparing for Installation	17
Installation Precautions	17
Site Requirements	18
Unpacking	18
Installing the Device	19
Desktop or Shelf Installation	19
Rack Installation	20
Connecting the Device	22
Connecting the Switch to a Terminal	22
AC Power Connection	22
Section 3. Initial Configuration	23
General Configuration Information	23
Auto-Negotiation	23
Device Port Default Settings	24
Booting the Switch	24
Configuration Overview	27
Initial Configuration	27
Static IP Address and Subnet Mask	27
User Name	28
SNMP Community Strings	28
Advanced Configuration	30
Retrieving an IP Address From a DHCP Server	30
Notes: 1. The device configuration does not have to be deleted to retrieve an IP address for the DHCP server.	31
2. When copying configuration files, avoid using a configuration file that contains an instruction to enable DHCP on an interfac...	31
Receiving an IP Address From a BOOTP Server	31
Security Management and Password Configuration	32
Configuring Security Passwords Introduction	32
Configuring an Initial Console Password	33
Configuring an Initial Telnet Password	33
Configuring an Initial SSH password	33
Configuring an Initial HTTP Password	33
Configuring an initial HTTPS Password	34
Software Download and Reboot	34
Software Download through XModem	34
Software Download Through TFTP Server	35
Boot Image Download	36
Startup Menu Functions	36
Download Software	37
Erase FLASH File	37
Erase FLASH Sectors	38
Password Recovery	38
Section 4. Getting Started	40
Starting the D-Link Embedded Web Interface	41
Understanding the D-Link Embedded Web Interface	43
Device Representation	44
Using the D-Link Embedded Web Interface Management Buttons	45
Using Screen and Table Options	46
Adding Configuration Information	46
Modifying Configuration Information	46
Deleting Configuration Information	47
Resetting the Device	48
Logging Off from the Device	49
Section 5. Managing Device Information	50
Defining the System Description	50
Configuring System Time	52
Configuring Daylight Savings Time	53
Resetting the Device	57
Configuring SNTP	58
Polling for Unicast Time Information	58
Polling for Anycast Time Information	58
Broadcast Time Information	58
Defining SNTP Global Settings	60
Defining SNTP Authentication	62
Defining SNTP Servers	64
Defining SNTP Interface Settings	66
Section 6. Managing Stacking	68
Understanding the Stack Topology	69
Ring Topology	69
Chain Topology	69
Stacking Failover Topology	69
Stacking Members and Unit ID	70
Removing and Replacing Stacking Members	70
Exchanging Stacking Members	71
Switching the Stacking Master	71
Configuring Stacking	72
Section 7. Configuring Ports	74
Viewing Interface Properties	76
Section 8. Aggregating Ports	78
Configuring LACP	79
LAG Membership	81
Section 9. Configuring VLANs	82
Defining VLAN Properties	83
Defining VLAN Membership	85
Defining VLAN Interface Settings	86
Section 10. Defining the Forwarding Database	88
Defining Static Forwarding Database Entries	89
Defining Dynamic Forwarding Database Entries	91
Section 11. Configuring Spanning Tree	94
Defining Classic Spanning Tree	95
Defining STP on Interfaces	97
Defining Rapid Spanning Tree	99
Defining Multiple Spanning Tree	101
Defining MSTP Instance Settings	102
Defining MSTP Interface Settings	103
Section 12. Configuring Device Security	108
Configuring Management Security	109
Configuring Authentication Methods	109
Configuring Passwords	125
Configuring Network Security	129
Network Security Overview	129
Defining Network Authentication Properties	131
Defining Port Authentication	132
Defining Authentication Hosts	136
Configuring Traffic Control	137
Section 13. Configuring IP Information	142
Defining IP Addresses	143
Defining Default Gateways	146
Configuring DHCP	147
Configuring ARP	149
Section 14. Configuring Multicast Forwarding	152
Defining IGMP Snooping	153
Defining Multicast Bridging Groups	155
Defining Multicast Forward All Settings	157
Section 15. Managing Power over Ethernet Devices	160
Defining PoE System Information	161
Displaying and Editing PoE System Information	162
Section 16. Managing System Files	164
Downloading System Files	165
Firmware Download	165
Configuration Download	166
Uploading System Files	167
Upload Type	167
Software Image Upload	167
Configuration Upload	168
Activating Image Files	169
Copying Files	170
Restoring the Default Configuration File	171
Configuring the File System	171
Section 17. Configuring Quality of Service	172
Quality of Service Overview	172
VPT Classification Information	172
CoS Services	172
Defining General QoS Settings	172
Configuring CoS General Settings	173
Restoring Factory Default QoS Interface Settings	174
Configure Bandwidth Settings	174
Defining Queues	176
Configuring QoS Mapping	177
Mapping CoS Values to Queues	177
Mapping DSCP Values to Queues	178
Configuring Basic Mode	179
Configuring Trust Mode	179
Configuring DSCP Rewrite	180
Section 18. Configuring SNMP	182
SNMP v1 and v2c	182
SNMP v3	182
Configuring SNMP Security	183
Defining SNMP Security	183
Defining SNMP Views	184
Defining SNMP Group Profiles	186
Defining SNMP Group Members	188
Defining SNMP Communities	191
Configuring SNMP Notifications	194
Defining SNMP Notification Global Parameters	195
Defining SNMP Notification Filters	196
Defining SNMP Notification Recipients	198
Section 19. Managing System Logs	202
Enabling System Logs	203
Viewing the Device Memory Logs	205
Clearing Device Memory Logs	205
Viewing the FLASH Logs	205
Clearing FLASH Logs	206
Defining Servers Log Parameters	206
Section 20. Managing Device Diagnostics	210
Configuring Port Mirroring	211
Viewing Integrated Cable Tests	213
Viewing Optical Transceivers	214
Viewing the CPU Utilization	214
Section 21. Viewing Statistics	216
Viewing Interface Statistics	216
Viewing Device Interface Statistics	217
Managing RMON Statistics	219
Viewing RMON Statistics	220
Resetting RMON Statistics Counters	221
Configuring RMON History	222
Defining RMON Alarms	228
Viewing Etherlike Statistics	230
Resetting Etherlike Statistics Counters	231
Viewing Port Utilization Statistics	232
Appendix A, Device Specifications & Features	233
Appendix B Troubleshooting	240
Problem Solving	240
Troubleshooting Solutions	240

Match case Limit results 1 per page

Configuring Device Security

Configuring Network Security

Page 126

Configuring Network Security

Network security manages both access control lists and locked ports. This section contains the following topics:

•

Network Security Overview

•

Defining Network Authentication Properties

•

Defining Port Authentication

•

Configuring Traffic Control

Network Security Overview

This section provides an overview of network security and contains the following topics:

•

Port-Based Authentication

•

Advanced Port-Based Authentication

Port-Based Authentication

Port-based authentication authenticates users on a per-port basis via an external server. Only authenticated and

approved system users can transmit and receive data. Ports are authenticated via the RADIUS server using the

Extensible Authentication Protocol

(EAP). Port-based authentication includes:

•

Authenticators

— Specifies the device port which is authenticated before permitting system access.

•

Supplicants

— Specifies the host connected to the authenticated port requesting to access the system ser-

vices.

•

Authentication Server

— Specifies the server that performs the authentication on behalf of the authentica-

tor, and indicates whether the supplicant is authorized to access system services.

Port-based authentication creates two access states:

•

Controlled Access

— Permits communication between the supplicant and the system, if the supplicant is

authorized.

•

Uncontrolled Access

— Permits uncontrolled communication regardless of the port state.

The device currently supports port-based authentication via RADIUS servers.

Advanced Port-Based Authentication

Advanced port-based authentication enables multiple hosts to be attached to a single port. Advanced port-based

authentication requires only one host to be authorized for all hosts to have system access. If the port is unautho-

rized, all attached hosts are denied access to the network.

Advanced port-based authentication also enables user-based authentication. Specific VLANs in the device are

always available, even if specific ports attached to the VLAN are unauthorized. For example, Voice over IP does

not require authentication, while data traffic requires authentication. VLANs for which authorization is not required

can be defined. Unauthenticated VLANs are available to users, even if the ports attached to the VLAN are defined

as authorized.