Home » D-Link Manuals » Hubs & Switches » D-Link DGS-3120-24TC » Manual Viewer

D-Link DGS-3120-24TC Product Manual - Page 225

work properly the user of the PC should add the virtual IP to the exception of the proxy configuration. Whether or

View all D-Link DGS-3120-24TC manuals

Add to My Manuals
Save this manual to your list of manuals

Page 225 highlights

xStack® DGS-3120 Series Managed Switch Web UI Reference Guide The Switch can be the authentication server itself and do the authentication based on a local database, or be a RADIUS client and perform the authentication process via the RADIUS protocol with a remote RADIUS server. The client user initiates the authentication process of WAC by attempting to gain Web access. D-Link's implementation of WAC uses a virtual IP that is exclusively used by the WAC function and is not known by any other modules of the Switch. In fact, to avoid affecting a Switch's other features, WAC will only use a virtual IP address to communicate with hosts. Thus, all authentication requests must be sent to a virtual IP address but not to the IP address of the Switch's physical interface. Virtual IP works like this, when a host PC communicates with the WAC Switch through a virtual IP, the virtual IP is transformed into the physical IPIF (IP interface) address of the Switch to make the communication possible. The host PC and other servers' IP configurations do not depend on the virtual IP of WAC. The virtual IP does not respond to any ICMP packets or ARP requests, which means it is not allowed to configure a virtual IP on the same subnet as the Switch's IPIF (IP interface) or the same subnet as the host PCs' subnet. As all packets to a virtual IP from authenticated and authenticating hosts will be trapped to the Switch's CPU, if the virtual IP is the same as other servers or PCs, the hosts on the WAC-enabled ports cannot communicate with the server or PC which really own the IP address. If the hosts need to access the server or PC, the virtual IP cannot be the same as the one of the server or PC. If a host PC uses a proxy to access the Web, to make the authentication work properly the user of the PC should add the virtual IP to the exception of the proxy configuration. Whether or not a virtual IP is specified, users can access the WAC pages through the Switch's system IP. When a virtual IP is not specified, the authenticating Web request will be redirected to the Switch's system IP. The Switch's implementation of WAC features a user-defined port number that allows the configuration of the TCP port for either the HTTP or HTTPS protocols. This TCP port for HTTP or HTTPs is used to identify the HTTP or HTTPs packets that will be trapped to the CPU for authentication processing, or to access the login page. If not specified, the default port number for HTTP is 80 and the default port number for HTTPS is 443. If no protocol is specified, the default protocol is HTTP. The following diagram illustrates the basic six steps all parties go through in a successful Web Authentication process: 217

Section	Page
Intended Readers	9
Typographical Conventions	9
Notes, Notices and Cautions	9
Chapter 1 Web-based Switch Configuration	10
Introduction	10
Login to the Web Manager	10
Web-based User Interface	10
Areas of the User Interface	11
Web Pages	12
Chapter 2 System Configuration	13
Device Information	13
System Information Settings	14
Port Configuration	15
Port Settings	15
Port Description Settings	16
Port Error Disabled	17
Jumbo Frame Settings	17
PoE	18
PoE System Settings	18
PoE Port Settings	19
Serial Port Settings	21
Warning Temperature Settings	21
System Log configuration	22
System Log Settings	22
System Log Server Settings	23
System Log	24
System Log & Trap Settings	24
System Severity Settings	25
Time Range Settings	26
Port Group Settings (EI Mode Only)	26
Time Settings	27
User Accounts Settings	27
Command Logging Settings	29
Stacking	29
Stacking Device Table	31
Stacking Mode Settings	31
Chapter 3 Management	33
ARP	33
Static ARP Settings	33
Proxy ARP Settings (EI Mode Only)	34
ARP Table	34
Gratuitous ARP	35
Gratuitous ARP Global Settings	35
Gratuitous ARP Settings	35
IPv6 Neighbor Settings (EI Mode Only)	36
IP Interface	37
System IP Address Settings	37
Interface Settings	38
Management Settings	41
Session Table	42
Single IP Management	43
Single IP Settings	45
Topology	45
Firmware Upgrade	51
Configuration File Backup/Restore	52
Upload Log File	52
SNMP Settings	52
SNMP Global Settings	53
SNMP Traps Settings	54
SNMP Linkchange Traps Settings	54
SNMP View Table Settings	55
SNMP Community Table Settings	56
SNMP Group Table Settings	57
SNMP Engine ID Settings	58
SNMP User Table Settings	59
SNMP Host Table Settings	60
SNMPv6 Host Table Settings (EI Mode Only)	61
RMON Settings	61
Telnet Settings	62
Web Settings	62
Chapter 4 L2 Features	63
VLAN	63
802.1Q VLAN Settings	68
802.1v Protocol VLAN	71
802.1v Protocol Group Settings	71
802.1v Protocol VLAN Settings	72
Asymmetric VLAN Settings	73
GVRP	73
GVRP Global Settings	73
GVRP Port Settings	74
MAC-based VLAN Settings	75
Private VLAN Settings	75
PVID Auto Assign Settings	77
Voice VLAN	77
Voice VLAN Global Settings	77
Voice VLAN Port Settings	78
Voice VLAN OUI Settings	79
Voice VLAN Device	79
VLAN Trunk Settings	80
Browse VLAN	80
Show VLAN Ports	81
QinQ (EI Mode Only)	81
QinQ Settings	83
VLAN Translation Settings	84
Spanning Tree	85
STP Bridge Global Settings	86
STP Port Settings	88
MST Configuration Identification	89
STP Instance Settings	90
MSTP Port Information	91
Link Aggregation	91
Port Trunking Settings	93
LACP Port Settings	93
FDB	95
Static FDB Settings	95
Unicast Static FDB Settings	95
Multicast Static FDB Settings	95
MAC Notification Settings	96
MAC Address Aging Time Settings	97
MAC Address Table	98
ARP & FDB Table	98
L2 Multicast Control	99
IGMP Snooping	99
IGMP Snooping Settings	99
IGMP Snooping Rate Limit Settings	102
IGMP Snooping Static Group Settings	103
IGMP Router Port	104
IGMP Snooping Group	104
IGMP Snooping Forwarding Table	105
IGMP Snooping Counter	106
MLD Snooping	107
MLD Snooping Settings	108
MLD Snooping Rate Limit Settings	110
MLD Snooping Static Group Settings	110
MLD Router Port	111
MLD Snooping Group	112
MLD Snooping Forwarding Table	113
MLD Snooping Counter	113
Multicast VLAN	114
IGMP Multicast Group Profile Settings	115
IGMP Snooping Multicast VLAN Settings	116
MLD Multicast Group Profile Settings	118
MLD Snooping Multicast VLAN Settings	119
Multicast Filtering	121
IPv4 Multicast Filtering	121
IPv4 Multicast Profile Settings	121
IPv4 Limited Multicast Range Settings	122
IPv4 Max Multicast Group Settings	123
IPv6 Multicast Filtering	124
IPv6 Multicast Profile Settings	124
IPv6 Limited Multicast Range Settings	125
IPv6 Max Multicast Group Settings	126
Multicast Filtering Mode	126
ERPS Settings (EI Mode Only)	127
LLDP	131
LLDP Global Settings	131
LLDP Port Settings	132
LLDP Management Address List	133
LLDP Basic TLVs Settings	133
LLDP Dot1 TLVs Settings	134
LLDP Dot3 TLVs Settings	135
LLDP Statistic System	136
LLDP Local Port Information	137
LLDP Remote Port Information	138
NLB FDB Settings	139
Chapter 5 L3 Features	140
IPv4 Default Route Settings (SI Mode Only)	140
IPv4 Static/Default Route Settings (EI Mode Only)	140
IPv4 Route Table	141
IPv6 Static/Default Route Settings (EI Mode Only)	142
IP Forwarding Table	142
Chapter 6 QoS	143
802.1p Settings	144
802.1p Default Priority Settings	144
802.1p User Priority Settings	145
Bandwidth Control	146
Bandwidth Control Settings	146
Queue Bandwidth Control Settings	148
Traffic Control Settings	148
DSCP	151
DSCP Trust Settings	151
DSCP Map Settings	152
HOL Blocking Prevention	153
Scheduling Settings	154
QoS Scheduling	154
QoS Scheduling Mechanism	155
Chapter 7 ACL	156
ACL Configuration Wizard	156
Access Profile List	157
Add an Ethernet ACL Profile	158
Adding an IPv4 ACL Profile	161
Adding an IPv6 ACL Profile	165
Adding a Packet Content ACL Profile	169
CPU Access Profile List	173
Adding a CPU Ethernet ACL Profile	174
Adding a CPU IPv4 ACL Profile	177
Adding a CPU IPv6 ACL Profile	181
Adding a CPU Packet Content ACL Profile	184
ACL Finder	187
ACL Flow Meter	187
Egress Access Profile List (EI Mode Only)	191
Add an Ethernet ACL Profile	191
Adding an IPv4 ACL Profile	194
Adding an IPv6 ACL Profile	198
Egress ACL Flow Meter (EI Mode Only)	202
Chapter 8 Security	205
802.1X	205
802.1X Global Settings	208
802.1X Port Settings	209
802.1X User Settings	210
Guest VLAN Settings	211
RADIUS	212
Authentication RADIUS Server Settings	212
RADIUS Accounting Settings	214
RADIUS Authentication	214
RADIUS Account Client	216
IP-MAC-Port Binding (IMPB) (EI Mode Only)	217
IMPB Global Settings	217
IMPB Port Settings	218
IMPB Entry Settings	219
MAC Block List	219
DHCP Snooping	220
DHCP Snooping Maximum Entry Settings	220
DHCP Snooping Entry	221
MAC-based Access Control (MAC)	221
MAC-based Access Control Settings	221
MAC-based Access Control Local Settings	223
MAC-based Access Control Authentication State	224
Web-based Access Control (WAC)	224
WAC Global Settings	227
WAC User Settings	228
WAC Port Settings	228
WAC Authentication State	230
Compound Authentication	230
Compound Authentication Settings	230
Compound Authentication Guest VLAN Settings (EI Mode Only)	232
Port Security	233
Port Security Settings	233
Port Security VLAN Settings	235
Port Security Entries	235
ARP Spoofing Prevention Settings	236
BPDU Attack Protection	237
Loopback Detection Settings	238
Traffic Segmentation Settings	239
NetBIOS Filtering Settings	240
DHCP Server Screening	241
DHCP Server Screening Port Settings	241
DHCP Offer Permit Entry Settings	242
Access Authentication Control	243
Enable Admin	244
Authentication Policy Settings	245
Application Authentication Settings	245
Authentication Server Group Settings	246
Authentication Server Settings	247
Login Method Lists Settings	248
Enable Method Lists Settings	249
Local Enable Password Settings	250
SSL Settings	251
SSH	253
SSH Settings	254
SSH Authentication Method and Algorithm Settings	254
SSH User Authentication List	256
Trusted Host Settings	257
Safeguard Engine Settings	258
Chapter 9 Network Application	261
DHCP	261
DHCP Relay	261
DHCP Relay Global Settings	261
DHCP Relay Interface Settings	264
DHCP Relay VLAN Settings (SI Mode Only)	265
DHCP Relay Option 60 Server Settings	265
DHCP Relay Option 60 Settings	266
DHCP Relay Option 61 Settings	267
DHCP Local Relay Settings	268
SNTP	268
SNTP Settings	268
Time Zone Settings	269
Flash File System Settings	270
Chapter 10 OAM	273
CFM	273
CFM Settings	273
CFM Port Settings	279
CFM MIPCCM Table	280
CFM Loopback Settings	280
CFM Linktrace Settings	281
CFM Packet Counter	282
CFM Fault Table	283
CFM MP Table	284
Ethernet OAM	284
Ethernet OAM Settings	284
Ethernet OAM Configuration Settings	285
Ethernet OAM Event Log	286
Ethernet OAM Statistics	287
Cable Diagnostics	288
Chapter 11 Monitoring	290
Utilization	290
CPU Utilization	290
DRAM & Flash Utilization	291
Port Utilization	291
Statistics	292
Port Statistics	292
Packets	292
Received (RX)	292
UMB_Cast (RX)	294
Transmitted (TX)	295
Errors	297
Received (RX)	297
Transmitted (TX)	298
Packet Size	300
Mirror	302
Port Mirror Settings	302
RSPAN Settings	302
sFlow (EI Mode Only)	304
sFlow Global Settings	304
sFlow Analyzer Server Settings	304
sFlow Flow Sampler Settings	305
sFlow Counter Poller Settings	306
Ping Test	307
Trace Route	308
Peripheral	310
Device Environment	310
Chapter 12 Save and Tools	311
Save Configuration / Log	311
Stacking Information	311
Download firmware	313
Download Firmware From TFTP	313
Download Firmware From HTTP	313
Upload Firmware	314
Upload Firmware To TFTP	314
Download Configuration	315
Download Configuration From TFTP	315
Download Configuration From HTTP	316
Upload Configuration	316
Upload Configuration To TFTP	316
Upload Configuration To HTTP	317
Upload Log File	318
Upload Log To TFTP	318
Upload Log To HTTP	318
Reset	319
Reboot System	319
Appendix Section	321
Appendix A Mitigating ARP Spoofing Attacks Using Packet Content ACL	321
How Address Resolution Protocol works	321
How ARP Spoofing Attacks a Network	323
Prevent ARP Spoofing via Packet Content ACL	324
Configuration	324
Appendix B Password Recovery Procedure	327
Appendix C System Log Entries	328

Match case Limit results 1 per page

xStack® DGS-3120 Series Managed Switch Web UI Reference Guide

217

The Switch can be the authentication server itself and do the authentication based on a local database, or be a

RADIUS client and perform the authentication process via the RADIUS protocol with a remote RADIUS server. The

client user initiates the authentication process of WAC by attempting to gain Web access.

D-Link’s implementation of WAC uses a virtual IP that is exclusively used by the WAC function and is not known by

any other modules of the Switch. In fact, to avoid affecting a Switch’s other features, WAC will only use a virtual IP

address to communicate with hosts. Thus, all authentication requests must be sent to a virtual IP address but not to

the IP address of the Switch’s physical interface.

Virtual IP works like this, when a host PC communicates with the WAC Switch through a virtual IP, the virtual IP is

transformed into the physical IPIF (IP interface) address of the Switch to make the communication possible. The

host PC and other servers’ IP configurations do not depend on the virtual IP of WAC. The virtual IP does not

respond to any ICMP packets or ARP requests, which means it is not allowed to configure a virtual IP on the same

subnet as the Switch’s IPIF (IP interface) or the same subnet as the host PCs’ subnet.

As all packets to a virtual IP from authenticated and authenticating hosts will be trapped to the Switch’s CPU, if the

virtual IP is the same as other servers or PCs, the hosts on the WAC-enabled ports cannot communicate with the

server or PC which really own the IP address. If the hosts need to access the server or PC, the virtual IP cannot be

the same as the one of the server or PC. If a host PC uses a proxy to access the Web, to make the authentication

work properly the user of the PC should add the virtual IP to the exception of the proxy configuration. Whether or

not a virtual IP is specified, users can access the WAC pages through the Switch’s system IP. When a virtual IP is

not specified, the authenticating Web request will be redirected to the Switch’s system IP.

The Switch’s implementation of WAC features a user-defined port number that allows the configuration of the TCP

port for either the HTTP or HTTPS protocols. This TCP port for HTTP or HTTPs is used to identify the HTTP or

HTTPs packets that will be trapped to the CPU for authentication processing, or to access the login page. If not

specified, the default port number for HTTP is 80 and the default port number for HTTPS is 443. If no protocol is

specified, the default protocol is HTTP.

The following diagram illustrates the basic six steps all parties go through in a successful Web Authentication

process: