Home » D-Link Manuals » Hubs & Switches » D-Link DGS-3120-24TC » Manual Viewer

D-Link DGS-3120-24TC Product Manual - Page 248

Login Method Lists Settings

View all D-Link DGS-3120-24TC manuals

Add to My Manuals
Save this manual to your list of manuals

Page 248 highlights

xStack® DGS-3120 Series Managed Switch Web UI Reference Guide Figure 8-54 Authentication Server Settings window The fields that can be configured are described below: Parameter Description IP Address The IP address of the remote server host to add. Protocol The protocol used by the server host. The user may choose one of the following: TACACS - Enter this parameter if the server host utilizes the TACACS protocol. XTACACS - Enter this parameter if the server host utilizes the XTACACS protocol. TACACS+ - Enter this parameter if the server host utilizes the TACACS+ protocol. RADIUS - Enter this parameter if the server host utilizes the RADIUS protocol. Key Authentication key to be shared with a configured TACACS+ or RADIUS servers only. Specify an alphanumeric string up to 254 characters. Port (1-65535) Enter a number between 1 and 65535 to define the virtual port number of the authentication protocol on a server host. The default port number is 49 for TACACS/XTACACS/TACACS+ servers and 1813 for RADIUS servers but the user may set a unique port number for higher security. Timeout (1-255 sec) Enter the time in seconds the Switch will wait for the server host to reply to an authentication request. The default value is 5 seconds. Retransmit (1-255 times) Enter the value in the retransmit field to change how many times the device will resend an authentication request when the TACACS server does not respond. Click the Apply button to accept the changes made. NOTE: More than one authentication protocol can be run on the same physical server host but, remember that TACACS/XTACACS/TACACS+ are separate entities and are not compatible with each other. Login Method Lists Settings User-defined or default Login Method List of authentication techniques can be configured for users logging on to the Switch. The sequence of techniques implemented in this command will affect the authentication result. For example, if a user enters a sequence of techniques, for example TACACS - XTACACS- local, the Switch will send an authentication request to the first TACACS host in the server group. If no response comes from the server host, the Switch will send an authentication request to the second TACACS host in the server group and so on, until the list is exhausted. At that point, the Switch will restart the same sequence with the following protocol listed, XTACACS. If no authentication takes place using the XTACACS list, the local account database set in the Switch is used to authenticate the user. When the local method is used, the privilege level will be dependent on the local account privilege configured on the Switch. Successful login using any of these techniques will give the user a "User" privilege only. If the user wishes to upgrade his or her status to the administrator level, the user must use the Enable Admin window, in which the user must enter a previously configured password, set by the administrator. To view this window, click Security > Access Authentication Control > Login Method Lists Settings as shown below: 240

Section	Page
Intended Readers	9
Typographical Conventions	9
Notes, Notices and Cautions	9
Chapter 1 Web-based Switch Configuration	10
Introduction	10
Login to the Web Manager	10
Web-based User Interface	10
Areas of the User Interface	11
Web Pages	12
Chapter 2 System Configuration	13
Device Information	13
System Information Settings	14
Port Configuration	15
Port Settings	15
Port Description Settings	16
Port Error Disabled	17
Jumbo Frame Settings	17
PoE	18
PoE System Settings	18
PoE Port Settings	19
Serial Port Settings	21
Warning Temperature Settings	21
System Log configuration	22
System Log Settings	22
System Log Server Settings	23
System Log	24
System Log & Trap Settings	24
System Severity Settings	25
Time Range Settings	26
Port Group Settings (EI Mode Only)	26
Time Settings	27
User Accounts Settings	27
Command Logging Settings	29
Stacking	29
Stacking Device Table	31
Stacking Mode Settings	31
Chapter 3 Management	33
ARP	33
Static ARP Settings	33
Proxy ARP Settings (EI Mode Only)	34
ARP Table	34
Gratuitous ARP	35
Gratuitous ARP Global Settings	35
Gratuitous ARP Settings	35
IPv6 Neighbor Settings (EI Mode Only)	36
IP Interface	37
System IP Address Settings	37
Interface Settings	38
Management Settings	41
Session Table	42
Single IP Management	43
Single IP Settings	45
Topology	45
Firmware Upgrade	51
Configuration File Backup/Restore	52
Upload Log File	52
SNMP Settings	52
SNMP Global Settings	53
SNMP Traps Settings	54
SNMP Linkchange Traps Settings	54
SNMP View Table Settings	55
SNMP Community Table Settings	56
SNMP Group Table Settings	57
SNMP Engine ID Settings	58
SNMP User Table Settings	59
SNMP Host Table Settings	60
SNMPv6 Host Table Settings (EI Mode Only)	61
RMON Settings	61
Telnet Settings	62
Web Settings	62
Chapter 4 L2 Features	63
VLAN	63
802.1Q VLAN Settings	68
802.1v Protocol VLAN	71
802.1v Protocol Group Settings	71
802.1v Protocol VLAN Settings	72
Asymmetric VLAN Settings	73
GVRP	73
GVRP Global Settings	73
GVRP Port Settings	74
MAC-based VLAN Settings	75
Private VLAN Settings	75
PVID Auto Assign Settings	77
Voice VLAN	77
Voice VLAN Global Settings	77
Voice VLAN Port Settings	78
Voice VLAN OUI Settings	79
Voice VLAN Device	79
VLAN Trunk Settings	80
Browse VLAN	80
Show VLAN Ports	81
QinQ (EI Mode Only)	81
QinQ Settings	83
VLAN Translation Settings	84
Spanning Tree	85
STP Bridge Global Settings	86
STP Port Settings	88
MST Configuration Identification	89
STP Instance Settings	90
MSTP Port Information	91
Link Aggregation	91
Port Trunking Settings	93
LACP Port Settings	93
FDB	95
Static FDB Settings	95
Unicast Static FDB Settings	95
Multicast Static FDB Settings	95
MAC Notification Settings	96
MAC Address Aging Time Settings	97
MAC Address Table	98
ARP & FDB Table	98
L2 Multicast Control	99
IGMP Snooping	99
IGMP Snooping Settings	99
IGMP Snooping Rate Limit Settings	102
IGMP Snooping Static Group Settings	103
IGMP Router Port	104
IGMP Snooping Group	104
IGMP Snooping Forwarding Table	105
IGMP Snooping Counter	106
MLD Snooping	107
MLD Snooping Settings	108
MLD Snooping Rate Limit Settings	110
MLD Snooping Static Group Settings	110
MLD Router Port	111
MLD Snooping Group	112
MLD Snooping Forwarding Table	113
MLD Snooping Counter	113
Multicast VLAN	114
IGMP Multicast Group Profile Settings	115
IGMP Snooping Multicast VLAN Settings	116
MLD Multicast Group Profile Settings	118
MLD Snooping Multicast VLAN Settings	119
Multicast Filtering	121
IPv4 Multicast Filtering	121
IPv4 Multicast Profile Settings	121
IPv4 Limited Multicast Range Settings	122
IPv4 Max Multicast Group Settings	123
IPv6 Multicast Filtering	124
IPv6 Multicast Profile Settings	124
IPv6 Limited Multicast Range Settings	125
IPv6 Max Multicast Group Settings	126
Multicast Filtering Mode	126
ERPS Settings (EI Mode Only)	127
LLDP	131
LLDP Global Settings	131
LLDP Port Settings	132
LLDP Management Address List	133
LLDP Basic TLVs Settings	133
LLDP Dot1 TLVs Settings	134
LLDP Dot3 TLVs Settings	135
LLDP Statistic System	136
LLDP Local Port Information	137
LLDP Remote Port Information	138
NLB FDB Settings	139
Chapter 5 L3 Features	140
IPv4 Default Route Settings (SI Mode Only)	140
IPv4 Static/Default Route Settings (EI Mode Only)	140
IPv4 Route Table	141
IPv6 Static/Default Route Settings (EI Mode Only)	142
IP Forwarding Table	142
Chapter 6 QoS	143
802.1p Settings	144
802.1p Default Priority Settings	144
802.1p User Priority Settings	145
Bandwidth Control	146
Bandwidth Control Settings	146
Queue Bandwidth Control Settings	148
Traffic Control Settings	148
DSCP	151
DSCP Trust Settings	151
DSCP Map Settings	152
HOL Blocking Prevention	153
Scheduling Settings	154
QoS Scheduling	154
QoS Scheduling Mechanism	155
Chapter 7 ACL	156
ACL Configuration Wizard	156
Access Profile List	157
Add an Ethernet ACL Profile	158
Adding an IPv4 ACL Profile	161
Adding an IPv6 ACL Profile	165
Adding a Packet Content ACL Profile	169
CPU Access Profile List	173
Adding a CPU Ethernet ACL Profile	174
Adding a CPU IPv4 ACL Profile	177
Adding a CPU IPv6 ACL Profile	181
Adding a CPU Packet Content ACL Profile	184
ACL Finder	187
ACL Flow Meter	187
Egress Access Profile List (EI Mode Only)	191
Add an Ethernet ACL Profile	191
Adding an IPv4 ACL Profile	194
Adding an IPv6 ACL Profile	198
Egress ACL Flow Meter (EI Mode Only)	202
Chapter 8 Security	205
802.1X	205
802.1X Global Settings	208
802.1X Port Settings	209
802.1X User Settings	210
Guest VLAN Settings	211
RADIUS	212
Authentication RADIUS Server Settings	212
RADIUS Accounting Settings	214
RADIUS Authentication	214
RADIUS Account Client	216
IP-MAC-Port Binding (IMPB) (EI Mode Only)	217
IMPB Global Settings	217
IMPB Port Settings	218
IMPB Entry Settings	219
MAC Block List	219
DHCP Snooping	220
DHCP Snooping Maximum Entry Settings	220
DHCP Snooping Entry	221
MAC-based Access Control (MAC)	221
MAC-based Access Control Settings	221
MAC-based Access Control Local Settings	223
MAC-based Access Control Authentication State	224
Web-based Access Control (WAC)	224
WAC Global Settings	227
WAC User Settings	228
WAC Port Settings	228
WAC Authentication State	230
Compound Authentication	230
Compound Authentication Settings	230
Compound Authentication Guest VLAN Settings (EI Mode Only)	232
Port Security	233
Port Security Settings	233
Port Security VLAN Settings	235
Port Security Entries	235
ARP Spoofing Prevention Settings	236
BPDU Attack Protection	237
Loopback Detection Settings	238
Traffic Segmentation Settings	239
NetBIOS Filtering Settings	240
DHCP Server Screening	241
DHCP Server Screening Port Settings	241
DHCP Offer Permit Entry Settings	242
Access Authentication Control	243
Enable Admin	244
Authentication Policy Settings	245
Application Authentication Settings	245
Authentication Server Group Settings	246
Authentication Server Settings	247
Login Method Lists Settings	248
Enable Method Lists Settings	249
Local Enable Password Settings	250
SSL Settings	251
SSH	253
SSH Settings	254
SSH Authentication Method and Algorithm Settings	254
SSH User Authentication List	256
Trusted Host Settings	257
Safeguard Engine Settings	258
Chapter 9 Network Application	261
DHCP	261
DHCP Relay	261
DHCP Relay Global Settings	261
DHCP Relay Interface Settings	264
DHCP Relay VLAN Settings (SI Mode Only)	265
DHCP Relay Option 60 Server Settings	265
DHCP Relay Option 60 Settings	266
DHCP Relay Option 61 Settings	267
DHCP Local Relay Settings	268
SNTP	268
SNTP Settings	268
Time Zone Settings	269
Flash File System Settings	270
Chapter 10 OAM	273
CFM	273
CFM Settings	273
CFM Port Settings	279
CFM MIPCCM Table	280
CFM Loopback Settings	280
CFM Linktrace Settings	281
CFM Packet Counter	282
CFM Fault Table	283
CFM MP Table	284
Ethernet OAM	284
Ethernet OAM Settings	284
Ethernet OAM Configuration Settings	285
Ethernet OAM Event Log	286
Ethernet OAM Statistics	287
Cable Diagnostics	288
Chapter 11 Monitoring	290
Utilization	290
CPU Utilization	290
DRAM & Flash Utilization	291
Port Utilization	291
Statistics	292
Port Statistics	292
Packets	292
Received (RX)	292
UMB_Cast (RX)	294
Transmitted (TX)	295
Errors	297
Received (RX)	297
Transmitted (TX)	298
Packet Size	300
Mirror	302
Port Mirror Settings	302
RSPAN Settings	302
sFlow (EI Mode Only)	304
sFlow Global Settings	304
sFlow Analyzer Server Settings	304
sFlow Flow Sampler Settings	305
sFlow Counter Poller Settings	306
Ping Test	307
Trace Route	308
Peripheral	310
Device Environment	310
Chapter 12 Save and Tools	311
Save Configuration / Log	311
Stacking Information	311
Download firmware	313
Download Firmware From TFTP	313
Download Firmware From HTTP	313
Upload Firmware	314
Upload Firmware To TFTP	314
Download Configuration	315
Download Configuration From TFTP	315
Download Configuration From HTTP	316
Upload Configuration	316
Upload Configuration To TFTP	316
Upload Configuration To HTTP	317
Upload Log File	318
Upload Log To TFTP	318
Upload Log To HTTP	318
Reset	319
Reboot System	319
Appendix Section	321
Appendix A Mitigating ARP Spoofing Attacks Using Packet Content ACL	321
How Address Resolution Protocol works	321
How ARP Spoofing Attacks a Network	323
Prevent ARP Spoofing via Packet Content ACL	324
Configuration	324
Appendix B Password Recovery Procedure	327
Appendix C System Log Entries	328

Match case Limit results 1 per page

xStack® DGS-3120 Series Managed Switch Web UI Reference Guide

240

Figure 8–54 Authentication Server Settings window

The fields that can be configured are described below:

Parameter

Description

IP Address

The IP address of the remote server host to add.

Protocol

The protocol used by the server host. The user may choose one of the following:

TACACS

- Enter this parameter if the server host utilizes the TACACS protocol.

XTACACS

- Enter this parameter if the server host utilizes the XTACACS protocol.

TACACS+

- Enter this parameter if the server host utilizes the TACACS+ protocol.

RADIUS

- Enter this parameter if the server host utilizes the RADIUS protocol.

Key

Authentication key to be shared with a configured TACACS+ or RADIUS servers

only. Specify an alphanumeric string up to 254 characters.

Port (1-65535)

Enter a number between

and

65535

to define the virtual port number of the

authentication protocol on a server host. The default port number is

for

TACACS/XTACACS/TACACS+ servers and

1813

for RADIUS servers but the user

may set a unique port number for higher security.

Timeout (1-255 sec)

Enter the time in seconds the Switch will wait for the server host to reply to an

authentication request. The default value is

seconds.

Retransmit (1-255

times)

Enter the value in the retransmit field to change how many times the device will

resend an authentication request when the TACACS server does not respond.

Click the

Apply

button to accept the changes made.

NOTE:

More than one authentication protocol can be run on the same physical server host but,

remember that TACACS/XTACACS/TACACS+ are separate entities and are not compatible

with each other.

User-defined or default Login Method List of authentication techniques can be configured for users logging on to

the Switch. The sequence of techniques implemented in this command will affect the authentication result. For

example, if a user enters a sequence of techniques, for example TACACS - XTACACS- local, the Switch will send

an authentication request to the first TACACS host in the server group. If no response comes from the server host,

the Switch will send an authentication request to the second TACACS host in the server group and so on, until the

list is exhausted. At that point, the Switch will restart the same sequence with the following protocol listed,

XTACACS. If no authentication takes place using the XTACACS list, the local account database set in the Switch is

used to authenticate the user. When the local method is used, the privilege level will be dependent on the local

account privilege configured on the Switch.

Successful login using any of these techniques will give the user a "User" privilege only. If the user wishes to

upgrade his or her status to the administrator level, the user must use the

Enable Admin

window, in which the user

must enter a previously configured password, set by the administrator.

To view this window, click

Security > Access Authentication Control > Login Method Lists Settings

as shown

below: