Home » D-Link Manuals » Hubs & Switches » D-Link DGS-3120-24TC » Manual Viewer

D-Link DGS-3120-24TC Product Manual - Page 206

Authentication Server, Authenticator, Security / 802.1X /802.1X Settings, Security, 1X Settings

View all D-Link DGS-3120-24TC manuals

Add to My Manuals
Save this manual to your list of manuals

Page 206 highlights

xStack® DGS-3120 Series Managed Switch Web UI Reference Guide Authentication Server The Authentication Server is a remote device that is connected to the same network as the Client and Authenticator, must be running a RADIUS Server program and must be configured properly on the Authenticator (Switch). Clients connected to a port on the Switch must be authenticated by the Authentication Server (RADIUS) before attaining any services offered by the Switch on the LAN. The role of the Authentication Server is to certify the identity of the Client attempting to access the network by exchanging secure information between the RADIUS server and the Client through EAPOL packets and, in turn, informs the Switch whether or not the Client is granted access to the LAN and/or switches services. Figure 8-3 The Authentication Server Authenticator The Authenticator (the Switch) is an intermediary between the Authentication Server and the Client. The Authenticator serves two purposes when utilizing the 802.1X function. The first purpose is to request certification information from the Client through EAPOL packets, which is the only information allowed to pass through the Authenticator before access is granted to the Client. The second purpose of the Authenticator is to verify the information gathered from the Client with the Authentication Server, and to then relay that information back to the Client. Figure 8-4 The Authenticator Three steps must be implemented on the Switch to properly configure the Authenticator. 1. The 802.1X State must be Enabled. (Security / 802.1X /802.1X Settings) 2. The 802.1X settings must be implemented by port (Security / 802.1X / 802.1X Settings) 3. A RADIUS server must be configured on the Switch. (Security / 802.1X / Authentic RADIUS Server) Client The Client is simply the end station that wishes to gain access to the LAN or switch services. All end stations must be running software that is compliant with the 802.1X protocol. For users running Windows XP and Windows Vista, that software is included within the operating system. All other users are required to attain 802.1X client software from an outside source. The Client will request access to the LAN and or Switch through EAPOL packets and, in turn will respond to requests from the Switch. Figure 8-5 The Client 198

Section	Page
Intended Readers	9
Typographical Conventions	9
Notes, Notices and Cautions	9
Chapter 1 Web-based Switch Configuration	10
Introduction	10
Login to the Web Manager	10
Web-based User Interface	10
Areas of the User Interface	11
Web Pages	12
Chapter 2 System Configuration	13
Device Information	13
System Information Settings	14
Port Configuration	15
Port Settings	15
Port Description Settings	16
Port Error Disabled	17
Jumbo Frame Settings	17
PoE	18
PoE System Settings	18
PoE Port Settings	19
Serial Port Settings	21
Warning Temperature Settings	21
System Log configuration	22
System Log Settings	22
System Log Server Settings	23
System Log	24
System Log & Trap Settings	24
System Severity Settings	25
Time Range Settings	26
Port Group Settings (EI Mode Only)	26
Time Settings	27
User Accounts Settings	27
Command Logging Settings	29
Stacking	29
Stacking Device Table	31
Stacking Mode Settings	31
Chapter 3 Management	33
ARP	33
Static ARP Settings	33
Proxy ARP Settings (EI Mode Only)	34
ARP Table	34
Gratuitous ARP	35
Gratuitous ARP Global Settings	35
Gratuitous ARP Settings	35
IPv6 Neighbor Settings (EI Mode Only)	36
IP Interface	37
System IP Address Settings	37
Interface Settings	38
Management Settings	41
Session Table	42
Single IP Management	43
Single IP Settings	45
Topology	45
Firmware Upgrade	51
Configuration File Backup/Restore	52
Upload Log File	52
SNMP Settings	52
SNMP Global Settings	53
SNMP Traps Settings	54
SNMP Linkchange Traps Settings	54
SNMP View Table Settings	55
SNMP Community Table Settings	56
SNMP Group Table Settings	57
SNMP Engine ID Settings	58
SNMP User Table Settings	59
SNMP Host Table Settings	60
SNMPv6 Host Table Settings (EI Mode Only)	61
RMON Settings	61
Telnet Settings	62
Web Settings	62
Chapter 4 L2 Features	63
VLAN	63
802.1Q VLAN Settings	68
802.1v Protocol VLAN	71
802.1v Protocol Group Settings	71
802.1v Protocol VLAN Settings	72
Asymmetric VLAN Settings	73
GVRP	73
GVRP Global Settings	73
GVRP Port Settings	74
MAC-based VLAN Settings	75
Private VLAN Settings	75
PVID Auto Assign Settings	77
Voice VLAN	77
Voice VLAN Global Settings	77
Voice VLAN Port Settings	78
Voice VLAN OUI Settings	79
Voice VLAN Device	79
VLAN Trunk Settings	80
Browse VLAN	80
Show VLAN Ports	81
QinQ (EI Mode Only)	81
QinQ Settings	83
VLAN Translation Settings	84
Spanning Tree	85
STP Bridge Global Settings	86
STP Port Settings	88
MST Configuration Identification	89
STP Instance Settings	90
MSTP Port Information	91
Link Aggregation	91
Port Trunking Settings	93
LACP Port Settings	93
FDB	95
Static FDB Settings	95
Unicast Static FDB Settings	95
Multicast Static FDB Settings	95
MAC Notification Settings	96
MAC Address Aging Time Settings	97
MAC Address Table	98
ARP & FDB Table	98
L2 Multicast Control	99
IGMP Snooping	99
IGMP Snooping Settings	99
IGMP Snooping Rate Limit Settings	102
IGMP Snooping Static Group Settings	103
IGMP Router Port	104
IGMP Snooping Group	104
IGMP Snooping Forwarding Table	105
IGMP Snooping Counter	106
MLD Snooping	107
MLD Snooping Settings	108
MLD Snooping Rate Limit Settings	110
MLD Snooping Static Group Settings	110
MLD Router Port	111
MLD Snooping Group	112
MLD Snooping Forwarding Table	113
MLD Snooping Counter	113
Multicast VLAN	114
IGMP Multicast Group Profile Settings	115
IGMP Snooping Multicast VLAN Settings	116
MLD Multicast Group Profile Settings	118
MLD Snooping Multicast VLAN Settings	119
Multicast Filtering	121
IPv4 Multicast Filtering	121
IPv4 Multicast Profile Settings	121
IPv4 Limited Multicast Range Settings	122
IPv4 Max Multicast Group Settings	123
IPv6 Multicast Filtering	124
IPv6 Multicast Profile Settings	124
IPv6 Limited Multicast Range Settings	125
IPv6 Max Multicast Group Settings	126
Multicast Filtering Mode	126
ERPS Settings (EI Mode Only)	127
LLDP	131
LLDP Global Settings	131
LLDP Port Settings	132
LLDP Management Address List	133
LLDP Basic TLVs Settings	133
LLDP Dot1 TLVs Settings	134
LLDP Dot3 TLVs Settings	135
LLDP Statistic System	136
LLDP Local Port Information	137
LLDP Remote Port Information	138
NLB FDB Settings	139
Chapter 5 L3 Features	140
IPv4 Default Route Settings (SI Mode Only)	140
IPv4 Static/Default Route Settings (EI Mode Only)	140
IPv4 Route Table	141
IPv6 Static/Default Route Settings (EI Mode Only)	142
IP Forwarding Table	142
Chapter 6 QoS	143
802.1p Settings	144
802.1p Default Priority Settings	144
802.1p User Priority Settings	145
Bandwidth Control	146
Bandwidth Control Settings	146
Queue Bandwidth Control Settings	148
Traffic Control Settings	148
DSCP	151
DSCP Trust Settings	151
DSCP Map Settings	152
HOL Blocking Prevention	153
Scheduling Settings	154
QoS Scheduling	154
QoS Scheduling Mechanism	155
Chapter 7 ACL	156
ACL Configuration Wizard	156
Access Profile List	157
Add an Ethernet ACL Profile	158
Adding an IPv4 ACL Profile	161
Adding an IPv6 ACL Profile	165
Adding a Packet Content ACL Profile	169
CPU Access Profile List	173
Adding a CPU Ethernet ACL Profile	174
Adding a CPU IPv4 ACL Profile	177
Adding a CPU IPv6 ACL Profile	181
Adding a CPU Packet Content ACL Profile	184
ACL Finder	187
ACL Flow Meter	187
Egress Access Profile List (EI Mode Only)	191
Add an Ethernet ACL Profile	191
Adding an IPv4 ACL Profile	194
Adding an IPv6 ACL Profile	198
Egress ACL Flow Meter (EI Mode Only)	202
Chapter 8 Security	205
802.1X	205
802.1X Global Settings	208
802.1X Port Settings	209
802.1X User Settings	210
Guest VLAN Settings	211
RADIUS	212
Authentication RADIUS Server Settings	212
RADIUS Accounting Settings	214
RADIUS Authentication	214
RADIUS Account Client	216
IP-MAC-Port Binding (IMPB) (EI Mode Only)	217
IMPB Global Settings	217
IMPB Port Settings	218
IMPB Entry Settings	219
MAC Block List	219
DHCP Snooping	220
DHCP Snooping Maximum Entry Settings	220
DHCP Snooping Entry	221
MAC-based Access Control (MAC)	221
MAC-based Access Control Settings	221
MAC-based Access Control Local Settings	223
MAC-based Access Control Authentication State	224
Web-based Access Control (WAC)	224
WAC Global Settings	227
WAC User Settings	228
WAC Port Settings	228
WAC Authentication State	230
Compound Authentication	230
Compound Authentication Settings	230
Compound Authentication Guest VLAN Settings (EI Mode Only)	232
Port Security	233
Port Security Settings	233
Port Security VLAN Settings	235
Port Security Entries	235
ARP Spoofing Prevention Settings	236
BPDU Attack Protection	237
Loopback Detection Settings	238
Traffic Segmentation Settings	239
NetBIOS Filtering Settings	240
DHCP Server Screening	241
DHCP Server Screening Port Settings	241
DHCP Offer Permit Entry Settings	242
Access Authentication Control	243
Enable Admin	244
Authentication Policy Settings	245
Application Authentication Settings	245
Authentication Server Group Settings	246
Authentication Server Settings	247
Login Method Lists Settings	248
Enable Method Lists Settings	249
Local Enable Password Settings	250
SSL Settings	251
SSH	253
SSH Settings	254
SSH Authentication Method and Algorithm Settings	254
SSH User Authentication List	256
Trusted Host Settings	257
Safeguard Engine Settings	258
Chapter 9 Network Application	261
DHCP	261
DHCP Relay	261
DHCP Relay Global Settings	261
DHCP Relay Interface Settings	264
DHCP Relay VLAN Settings (SI Mode Only)	265
DHCP Relay Option 60 Server Settings	265
DHCP Relay Option 60 Settings	266
DHCP Relay Option 61 Settings	267
DHCP Local Relay Settings	268
SNTP	268
SNTP Settings	268
Time Zone Settings	269
Flash File System Settings	270
Chapter 10 OAM	273
CFM	273
CFM Settings	273
CFM Port Settings	279
CFM MIPCCM Table	280
CFM Loopback Settings	280
CFM Linktrace Settings	281
CFM Packet Counter	282
CFM Fault Table	283
CFM MP Table	284
Ethernet OAM	284
Ethernet OAM Settings	284
Ethernet OAM Configuration Settings	285
Ethernet OAM Event Log	286
Ethernet OAM Statistics	287
Cable Diagnostics	288
Chapter 11 Monitoring	290
Utilization	290
CPU Utilization	290
DRAM & Flash Utilization	291
Port Utilization	291
Statistics	292
Port Statistics	292
Packets	292
Received (RX)	292
UMB_Cast (RX)	294
Transmitted (TX)	295
Errors	297
Received (RX)	297
Transmitted (TX)	298
Packet Size	300
Mirror	302
Port Mirror Settings	302
RSPAN Settings	302
sFlow (EI Mode Only)	304
sFlow Global Settings	304
sFlow Analyzer Server Settings	304
sFlow Flow Sampler Settings	305
sFlow Counter Poller Settings	306
Ping Test	307
Trace Route	308
Peripheral	310
Device Environment	310
Chapter 12 Save and Tools	311
Save Configuration / Log	311
Stacking Information	311
Download firmware	313
Download Firmware From TFTP	313
Download Firmware From HTTP	313
Upload Firmware	314
Upload Firmware To TFTP	314
Download Configuration	315
Download Configuration From TFTP	315
Download Configuration From HTTP	316
Upload Configuration	316
Upload Configuration To TFTP	316
Upload Configuration To HTTP	317
Upload Log File	318
Upload Log To TFTP	318
Upload Log To HTTP	318
Reset	319
Reboot System	319
Appendix Section	321
Appendix A Mitigating ARP Spoofing Attacks Using Packet Content ACL	321
How Address Resolution Protocol works	321
How ARP Spoofing Attacks a Network	323
Prevent ARP Spoofing via Packet Content ACL	324
Configuration	324
Appendix B Password Recovery Procedure	327
Appendix C System Log Entries	328

Match case Limit results 1 per page

xStack® DGS-3120 Series Managed Switch Web UI Reference Guide

198

The Authentication Server is a remote device that is

connected to the same network as the Client and

Authenticator, must be running a RADIUS Server

program and must be configured properly on the

Authenticator (Switch). Clients connected to a port on

the Switch must be authenticated by the Authentication

Server (RADIUS) before attaining any services offered

by the Switch on the LAN. The role of the

Authentication Server is to certify the identity of the

Client attempting to access the network by exchanging

secure information between the RADIUS server and the

Client through EAPOL packets and, in turn, informs the

Switch whether or not the Client is granted access to

the LAN and/or switches services.

Authentication Server

Figure 8–3 The Authentication Server

The Authenticator (the Switch) is an intermediary

between the Authentication Server and the Client. The

Authenticator serves two purposes when utilizing the

802.1X function. The first purpose is to request

certification information from the Client through EAPOL

packets, which is the only information allowed to pass

through the Authenticator before access is granted to

the Client. The second purpose of the Authenticator is to

verify the information gathered from the Client with the

Authentication Server, and to then relay that information

back to the Client.

Authenticator

Figure 8–4 The Authenticator

Three steps must be implemented on the Switch to properly configure the Authenticator.

The 802.1X State must be

Enabled

. (

Security / 802.1X /802.1X Settings

)

The 802.1X settings must be implemented by port (

Security

802.1X

802.1X Settings

)

A RADIUS server must be configured on the Switch. (

Security

802.1X

Authentic

RADIUS Server

)

The Client is simply the end station that wishes to gain

access to the LAN or switch services. All end stations

must be running software that is compliant with the

802.1X protocol. For users running Windows XP and

Windows Vista, that software is included within the

operating system. All other users are required to attain

802.1X client software from an outside source. The

Client will request access to the LAN and or Switch

through EAPOL packets and, in turn will respond to

requests from the Switch.

Client

Figure 8–5 The Client