Home » D-Link Manuals » Hubs & Switches » D-Link DGS-3120-24TC » Manual Viewer

D-Link DGS-3120-24TC Product Manual - Page 210

X User Settings, Security > 802.1X > 802.1X User Settings

View all D-Link DGS-3120-24TC manuals

Add to My Manuals
Save this manual to your list of manuals

Page 210 highlights

xStack® DGS-3120 Series Managed Switch Web UI Reference Guide TxPeriod ReAuthPeriod ReAuthentication Port Control This sets the TxPeriod of time for the authenticator PAE state machine. This value determines the period of an EAP Request/Identity packet transmitted to the client. The default setting is 30 seconds. A constant that defines a nonzero number of seconds between periodic reauthentication of the client. The default setting is 3600 seconds. Determines whether regular re-authentication will take place on this port. The default setting is Disabled. This allows the user to control the port authorization state. Select ForceAuthorized to disable 802.1X and cause the port to transition to the authorized state without any authentication exchange required. This means the port transmits and receives normal traffic without 802.1X-based authentication of the client. If ForceUnauthorized is selected, the port will remain in the unauthorized state, ignoring all attempts by the client to authenticate. The Switch cannot provide authentication services to the client through the interface. If Auto is selected, it will enable 802.1X and cause the port to begin in the unauthorized state, allowing only EAPOL frames to be sent and received through the port. The authentication process begins when the link state of the port transitions from down to up, or when an EAPOL-start frame is received. The Switch then requests the identity of the client and begins relaying authentication messages between the client and the authentication server. The default setting is Auto. Capability This allows the 802.1X Authenticator settings to be applied on a per-port basis. Select Authenticator to apply the settings to the port. When the setting is activated, a user must pass the authentication process to gain access to the network. Select None disable 802.1X functions on the port. Direction Sets the administrative-controlled direction to Both or In. If Both is selected, control is exerted over both incoming and outgoing traffic through the controlled port selected in the first field. If In is selected, the control is only exerted over incoming traffic through the port the user selected in the first field. Forward EAPOL PDU This is a global setting to control the forwarding of EAPOL PDU. When 802.1X functionality is disabled globally or for a port, and if 802.1X forward PDU is enabled both globally and for the port, a received EAPOL packet on the port will be flooded in the same VLAN to those ports for which 802.1X forward PDU is enabled and 802.1X is disabled (globally or just for the port). The default state is disabled. Max Users Specifies the maximum number of users. The maximum user limit is 448 users. The default is 16. Click the Refresh button to refresh the display table so that new entries will appear. Click the Apply button to accept the changes made. 802.1X User Settings Users can set different 802.1X users in switch's local database. To view this window, click Security > 802.1X > 802.1X User Settings as shown below: 202

Section	Page
Intended Readers	9
Typographical Conventions	9
Notes, Notices and Cautions	9
Chapter 1 Web-based Switch Configuration	10
Introduction	10
Login to the Web Manager	10
Web-based User Interface	10
Areas of the User Interface	11
Web Pages	12
Chapter 2 System Configuration	13
Device Information	13
System Information Settings	14
Port Configuration	15
Port Settings	15
Port Description Settings	16
Port Error Disabled	17
Jumbo Frame Settings	17
PoE	18
PoE System Settings	18
PoE Port Settings	19
Serial Port Settings	21
Warning Temperature Settings	21
System Log configuration	22
System Log Settings	22
System Log Server Settings	23
System Log	24
System Log & Trap Settings	24
System Severity Settings	25
Time Range Settings	26
Port Group Settings (EI Mode Only)	26
Time Settings	27
User Accounts Settings	27
Command Logging Settings	29
Stacking	29
Stacking Device Table	31
Stacking Mode Settings	31
Chapter 3 Management	33
ARP	33
Static ARP Settings	33
Proxy ARP Settings (EI Mode Only)	34
ARP Table	34
Gratuitous ARP	35
Gratuitous ARP Global Settings	35
Gratuitous ARP Settings	35
IPv6 Neighbor Settings (EI Mode Only)	36
IP Interface	37
System IP Address Settings	37
Interface Settings	38
Management Settings	41
Session Table	42
Single IP Management	43
Single IP Settings	45
Topology	45
Firmware Upgrade	51
Configuration File Backup/Restore	52
Upload Log File	52
SNMP Settings	52
SNMP Global Settings	53
SNMP Traps Settings	54
SNMP Linkchange Traps Settings	54
SNMP View Table Settings	55
SNMP Community Table Settings	56
SNMP Group Table Settings	57
SNMP Engine ID Settings	58
SNMP User Table Settings	59
SNMP Host Table Settings	60
SNMPv6 Host Table Settings (EI Mode Only)	61
RMON Settings	61
Telnet Settings	62
Web Settings	62
Chapter 4 L2 Features	63
VLAN	63
802.1Q VLAN Settings	68
802.1v Protocol VLAN	71
802.1v Protocol Group Settings	71
802.1v Protocol VLAN Settings	72
Asymmetric VLAN Settings	73
GVRP	73
GVRP Global Settings	73
GVRP Port Settings	74
MAC-based VLAN Settings	75
Private VLAN Settings	75
PVID Auto Assign Settings	77
Voice VLAN	77
Voice VLAN Global Settings	77
Voice VLAN Port Settings	78
Voice VLAN OUI Settings	79
Voice VLAN Device	79
VLAN Trunk Settings	80
Browse VLAN	80
Show VLAN Ports	81
QinQ (EI Mode Only)	81
QinQ Settings	83
VLAN Translation Settings	84
Spanning Tree	85
STP Bridge Global Settings	86
STP Port Settings	88
MST Configuration Identification	89
STP Instance Settings	90
MSTP Port Information	91
Link Aggregation	91
Port Trunking Settings	93
LACP Port Settings	93
FDB	95
Static FDB Settings	95
Unicast Static FDB Settings	95
Multicast Static FDB Settings	95
MAC Notification Settings	96
MAC Address Aging Time Settings	97
MAC Address Table	98
ARP & FDB Table	98
L2 Multicast Control	99
IGMP Snooping	99
IGMP Snooping Settings	99
IGMP Snooping Rate Limit Settings	102
IGMP Snooping Static Group Settings	103
IGMP Router Port	104
IGMP Snooping Group	104
IGMP Snooping Forwarding Table	105
IGMP Snooping Counter	106
MLD Snooping	107
MLD Snooping Settings	108
MLD Snooping Rate Limit Settings	110
MLD Snooping Static Group Settings	110
MLD Router Port	111
MLD Snooping Group	112
MLD Snooping Forwarding Table	113
MLD Snooping Counter	113
Multicast VLAN	114
IGMP Multicast Group Profile Settings	115
IGMP Snooping Multicast VLAN Settings	116
MLD Multicast Group Profile Settings	118
MLD Snooping Multicast VLAN Settings	119
Multicast Filtering	121
IPv4 Multicast Filtering	121
IPv4 Multicast Profile Settings	121
IPv4 Limited Multicast Range Settings	122
IPv4 Max Multicast Group Settings	123
IPv6 Multicast Filtering	124
IPv6 Multicast Profile Settings	124
IPv6 Limited Multicast Range Settings	125
IPv6 Max Multicast Group Settings	126
Multicast Filtering Mode	126
ERPS Settings (EI Mode Only)	127
LLDP	131
LLDP Global Settings	131
LLDP Port Settings	132
LLDP Management Address List	133
LLDP Basic TLVs Settings	133
LLDP Dot1 TLVs Settings	134
LLDP Dot3 TLVs Settings	135
LLDP Statistic System	136
LLDP Local Port Information	137
LLDP Remote Port Information	138
NLB FDB Settings	139
Chapter 5 L3 Features	140
IPv4 Default Route Settings (SI Mode Only)	140
IPv4 Static/Default Route Settings (EI Mode Only)	140
IPv4 Route Table	141
IPv6 Static/Default Route Settings (EI Mode Only)	142
IP Forwarding Table	142
Chapter 6 QoS	143
802.1p Settings	144
802.1p Default Priority Settings	144
802.1p User Priority Settings	145
Bandwidth Control	146
Bandwidth Control Settings	146
Queue Bandwidth Control Settings	148
Traffic Control Settings	148
DSCP	151
DSCP Trust Settings	151
DSCP Map Settings	152
HOL Blocking Prevention	153
Scheduling Settings	154
QoS Scheduling	154
QoS Scheduling Mechanism	155
Chapter 7 ACL	156
ACL Configuration Wizard	156
Access Profile List	157
Add an Ethernet ACL Profile	158
Adding an IPv4 ACL Profile	161
Adding an IPv6 ACL Profile	165
Adding a Packet Content ACL Profile	169
CPU Access Profile List	173
Adding a CPU Ethernet ACL Profile	174
Adding a CPU IPv4 ACL Profile	177
Adding a CPU IPv6 ACL Profile	181
Adding a CPU Packet Content ACL Profile	184
ACL Finder	187
ACL Flow Meter	187
Egress Access Profile List (EI Mode Only)	191
Add an Ethernet ACL Profile	191
Adding an IPv4 ACL Profile	194
Adding an IPv6 ACL Profile	198
Egress ACL Flow Meter (EI Mode Only)	202
Chapter 8 Security	205
802.1X	205
802.1X Global Settings	208
802.1X Port Settings	209
802.1X User Settings	210
Guest VLAN Settings	211
RADIUS	212
Authentication RADIUS Server Settings	212
RADIUS Accounting Settings	214
RADIUS Authentication	214
RADIUS Account Client	216
IP-MAC-Port Binding (IMPB) (EI Mode Only)	217
IMPB Global Settings	217
IMPB Port Settings	218
IMPB Entry Settings	219
MAC Block List	219
DHCP Snooping	220
DHCP Snooping Maximum Entry Settings	220
DHCP Snooping Entry	221
MAC-based Access Control (MAC)	221
MAC-based Access Control Settings	221
MAC-based Access Control Local Settings	223
MAC-based Access Control Authentication State	224
Web-based Access Control (WAC)	224
WAC Global Settings	227
WAC User Settings	228
WAC Port Settings	228
WAC Authentication State	230
Compound Authentication	230
Compound Authentication Settings	230
Compound Authentication Guest VLAN Settings (EI Mode Only)	232
Port Security	233
Port Security Settings	233
Port Security VLAN Settings	235
Port Security Entries	235
ARP Spoofing Prevention Settings	236
BPDU Attack Protection	237
Loopback Detection Settings	238
Traffic Segmentation Settings	239
NetBIOS Filtering Settings	240
DHCP Server Screening	241
DHCP Server Screening Port Settings	241
DHCP Offer Permit Entry Settings	242
Access Authentication Control	243
Enable Admin	244
Authentication Policy Settings	245
Application Authentication Settings	245
Authentication Server Group Settings	246
Authentication Server Settings	247
Login Method Lists Settings	248
Enable Method Lists Settings	249
Local Enable Password Settings	250
SSL Settings	251
SSH	253
SSH Settings	254
SSH Authentication Method and Algorithm Settings	254
SSH User Authentication List	256
Trusted Host Settings	257
Safeguard Engine Settings	258
Chapter 9 Network Application	261
DHCP	261
DHCP Relay	261
DHCP Relay Global Settings	261
DHCP Relay Interface Settings	264
DHCP Relay VLAN Settings (SI Mode Only)	265
DHCP Relay Option 60 Server Settings	265
DHCP Relay Option 60 Settings	266
DHCP Relay Option 61 Settings	267
DHCP Local Relay Settings	268
SNTP	268
SNTP Settings	268
Time Zone Settings	269
Flash File System Settings	270
Chapter 10 OAM	273
CFM	273
CFM Settings	273
CFM Port Settings	279
CFM MIPCCM Table	280
CFM Loopback Settings	280
CFM Linktrace Settings	281
CFM Packet Counter	282
CFM Fault Table	283
CFM MP Table	284
Ethernet OAM	284
Ethernet OAM Settings	284
Ethernet OAM Configuration Settings	285
Ethernet OAM Event Log	286
Ethernet OAM Statistics	287
Cable Diagnostics	288
Chapter 11 Monitoring	290
Utilization	290
CPU Utilization	290
DRAM & Flash Utilization	291
Port Utilization	291
Statistics	292
Port Statistics	292
Packets	292
Received (RX)	292
UMB_Cast (RX)	294
Transmitted (TX)	295
Errors	297
Received (RX)	297
Transmitted (TX)	298
Packet Size	300
Mirror	302
Port Mirror Settings	302
RSPAN Settings	302
sFlow (EI Mode Only)	304
sFlow Global Settings	304
sFlow Analyzer Server Settings	304
sFlow Flow Sampler Settings	305
sFlow Counter Poller Settings	306
Ping Test	307
Trace Route	308
Peripheral	310
Device Environment	310
Chapter 12 Save and Tools	311
Save Configuration / Log	311
Stacking Information	311
Download firmware	313
Download Firmware From TFTP	313
Download Firmware From HTTP	313
Upload Firmware	314
Upload Firmware To TFTP	314
Download Configuration	315
Download Configuration From TFTP	315
Download Configuration From HTTP	316
Upload Configuration	316
Upload Configuration To TFTP	316
Upload Configuration To HTTP	317
Upload Log File	318
Upload Log To TFTP	318
Upload Log To HTTP	318
Reset	319
Reboot System	319
Appendix Section	321
Appendix A Mitigating ARP Spoofing Attacks Using Packet Content ACL	321
How Address Resolution Protocol works	321
How ARP Spoofing Attacks a Network	323
Prevent ARP Spoofing via Packet Content ACL	324
Configuration	324
Appendix B Password Recovery Procedure	327
Appendix C System Log Entries	328

Match case Limit results 1 per page

xStack® DGS-3120 Series Managed Switch Web UI Reference Guide

202

TxPeriod

This sets the TxPeriod of time for the authenticator PAE state machine. This value

determines the period of an EAP Request/Identity packet transmitted to the client. The

default setting is

seconds.

ReAuthPeriod

A constant that defines a nonzero number of seconds between periodic re-

authentication of the client. The default setting is

3600

seconds.

ReAuthentication

Determines whether regular re-authentication will take place on this port. The default

setting is

Disabled

Port Control

This allows the user to control the port authorization state.

Select

ForceAuthorized

to disable 802.1X and cause the port to transition to the

authorized state without any authentication exchange required. This means the port

transmits and receives normal traffic without 802.1X-based authentication of the client.

ForceUnauthorized

is selected, the port will remain in the unauthorized state, ignoring

all attempts by the client to authenticate. The Switch cannot provide authentication

services to the client through the interface.

Auto

is selected, it will enable 802.1X and cause the port to begin in the unauthorized

state, allowing only EAPOL frames to be sent and received through the port. The

authentication process begins when the link state of the port transitions from down to

up, or when an EAPOL-start frame is received. The Switch then requests the identity of

the client and begins relaying authentication messages between the client and the

authentication server.

The default setting is

Auto

Capability

This allows the 802.1X Authenticator settings to be applied on a per-port basis. Select

Authenticator

to apply the settings to the port. When the setting is activated, a user

must pass the authentication process to gain access to the network. Select

None

disable 802.1X functions on the port.

Direction

Sets the administrative-controlled direction to

Both

In.

Both

is selected, control is

exerted over both incoming and outgoing traffic through the controlled port selected in

the first field. If

is selected, the control is only exerted over incoming traffic through

the port the user selected in the first field.

Forward EAPOL

PDU

This is a global setting to control the forwarding of EAPOL PDU. When 802.1X

functionality is disabled globally or for a port, and if 802.1X forward PDU is enabled

both globally and for the port, a received EAPOL packet on the port will be flooded in

the same VLAN to those ports for which 802.1X forward PDU is enabled and 802.1X is

disabled (globally or just for the port). The default state is disabled.

Max Users

Specifies the maximum number of users. The maximum user limit is 448 users. The

default is 16.

Click the

Refresh

button to refresh the display table so that new entries will appear.

Click the

Apply

button to accept the changes made.

802.1X User Settings

Users can set different 802.1X users in switch’s local database.

To view this window, click

Security > 802.1X > 802.1X User Settings

as shown below: