Home » D-Link Manuals » Hubs & Switches » D-Link DGS-3200-16 » Manual Viewer

D-Link DGS-3200-16 User Manual - Page 153

Quarantine Server Configuration, Redirect Delay Time

UPC - 790069312007

Add to My Manuals
Save this manual to your list of manuals

Page 153 highlights

xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch correct response. NOTE: This IP does not respond to ARP requests or ICMP packets. HTTP(s) Port (165535) This parameter specifies the TCP port that the JWAC Switch listens to and uses to finish the authenticating process. UDP Filtering This parameter enables or disables JWAC UDP Filtering. When UDP Filtering is Enabled, all UDP and ICMP packets except DHCP and DNS packets from unauthenticated hosts will be dropped. Forcible Logout This parameter enables or disables JWAC Forcible Logout. When Forcible Logout is Enabled, a Ping packet from an authenticated host to the JWAC Switch with TTL=1 will be regarded as a logout request, and the host will move back to the unauthenticated state. RADIUS Protocol This parameter specifies the RADIUS protocol used by JWAC to complete a RADIUS authentication. The options include Local, EAP MD5, PAP, CHAP, MS CHAP, and MS CHAPv2. Redirect State This parameter enables or disables JWAC Redirect. When the redirect quarantine server is enabled, the unauthenticated host will be redirected to the quarantine server when it tries to access a random URL. When the redirect JWAC login page is enabled, the unauthenticated host will be redirected to the JWAV login page in the Switch to finish authentication. When redirect is disabled, only access to the quarantine server and the JWAC login page from the unauthenticated host are allowed, all other web access will be denied. NOTE: When enabling redirect to the quarantine server, a quarantine server must be configured first. Redirect Destination This parameter specifies the destination before an unauthenticated host is redirected to either the Quarantine Server or the JWAC Login Page. Redirect Delay Time (0-10) This parameter specifies the Delay Time before an unauthenticated host is redirected to the Quarantine Server or JWAC Login Page. Enter a value between 0 and 10 seconds. A value of 0 indicates no delay in the redirect. Quarantine Server Configuration Error Timeout (5300) This parameter is used to set the Quarantine Server Error Timeout. When the Quarantine Server Monitor is enabled, the JWAC Switch will periodically check if the Quarantine works okay. If the Switch does not receive any response from the Quarantine Server during the configured Error Timeout, the Switch then regards it as not working properly. Enter a value between 5 and 300 seconds. Monitor This parameter enables or disables the JWAC Quarantine Server Monitor. When Enabled, the JWAC Switch will monitor the Quarantine Server to ensure the server is okay. If the Switch detects no Quarantine Server, it will redirect all unauthenticated HTTP access attempts to the JWAC Login Page forcibly if the Redirect is enabled and the Redirect Destination is configured to be a Quarantine Server. URL This parameter specifies the JWAC Quarantine Server URL. If the Redirect is enabled and the Redirect Destination is the Quarantine Server, when an unauthenticated host sends the HTTP request packets to a random Web server, the Switch will handle this HTTP packet and send back a message to the host to allow it access to the Quarantine Server with the configured URL. When a computer is connected to the specified URL, the quarantine server will request the computer user to input the user name and password to complete the authentication process. Update Server Configuration Update Server IP This parameter specifies the Update Server IP address. Mask This parameter specifies the Server IP net mask. 140

Section	Page
Intended Readers	9
Typographical Conventions	9
Notes, Notices, and Cautions	10
Safety Cautions	10
General Precautions for Rack-Mountable Products	11
Lithium Battery Precaution	13
Protecting Against Electrostatic Discharge	13
Web-based Switch Configuration	14
Introduction	14
Logging onto the Web Manager	14
Web-based User Interface	15
Areas of the User Interface	15
Web Pages	16
Configuration	17
Device Information	17
System Information	18
Serial Port Settings	19
IP Address	19
Setting the Switch’s IP Address using the Console Interface	21
IPv6 Interface Settings	21
IPv6 Route Table	22
IPv6 Neighbor Settings	23
Port Configuration	24
Port Settings	24
Port Description	25
Port Error Disabled	25
Static ARP Settings	26
User Accounts	27
Admin and User Privileges	27
System Log Configuration	28
System Log Settings	28
System Log Host	29
System Severity Settings	29
DHCP/BOOTP Relay	30
DHCP/BOOTP Relay Global Settings	30
The Implementation of DHCP Relay Agent Information Option 82	32
DHCP/BOOTP Relay Interface Settings	33
DHCP Local Relay Settings	33
DHCP Auto Configuration Settings	34
MAC Address Aging Time	35
Web Settings	35
Telnet Settings	36
Password Encryption	36
CLI Paging Settings	37
Firmware Information	37
Power Saving Settings	38
Dual Configuration Settings	39
SMTP Settings	40
Ping Test	41
SNTP Settings	42
Time Settings	42
TimeZone Settings	43
MAC Notification Settings	44
MAC Notification Global Settings	44
MAC Notification Port Settings	45
SNMP Settings	46
Traps	46
MIBs	46
SNMP Global State Settings	47
SNMP View Table	47
SNMP Group Table	48
SNMP User Table	49
SNMP Community Table	50
SNMP Host Table	51
SNMP v6Host Table	52
SNMP Engine ID	53
SNMP Trap Configuration	53
RMON	53
Single IP Management	54
Upgrade to v1.61	55
Single IP Settings	56
Topology	57
Tool Tips	59
Right-Click	60
Group Icon	60
Commander Switch Icon	61
Member Switch Icon	62
Candidate Switch Icon	62
Menu Bar	63
File	63
Group	63
Device	63
View	63
Help	63
Firmware Upgrade	64
Configuration File Backup/Restore	64
Upload Log File	64
Layer 2 Features	65
Jumbo Frame	65
Egress Filter Settings	66
802.1Q VLAN	66
Understanding IEEE 802.1p Priority	66
VLAN Description	67
802.1Q VLAN Tags	68
Port VLAN ID	69
Tagging and Untagging	70
Ingress Filtering	70
Default VLANs	70
Port-based VLANs	71
VLAN Segmentation	71
VLAN and Trunk Groups	71
802.1v Protocol VLAN	75
802.1v Protocol Group Settings	75
802.1v Protocol VLAN Settings	75
MAC Based VLAN Settings	77
GVRP Settings	77
PVID Auto Assign Settings	78
Trunking	79
VLAN Trunk Settings	81
LACP Port Settings	82
Traffic Segmentation	83
IGMP Snooping	83
IGMP Snooping Settings	83
Data Driven Learning Settings	84
ISM VLAN Settings	85
Restrictions and Provisos	85
ISM Profile Settings	86
IP Multicast Profile Settings	86
Limited Multicast Address Range Settings	87
Max Multicast Group Settings	88
MLD Snooping Settings	88
MLD Control Messages	88
Port Mirroring	90
Loopback Detection Settings	91
Spanning Tree	92
802.1Q-2005 MSTP	92
802.1D-2004 Rapid Spanning Tree	92
Port Transition States	93
Edge Port	93
P2P Port	93
802.1D-1998/802.1D-2004/802.1Q-2005 Compatibility	93
STP Bridge Global Settings	94
STP Port Settings	95
MST Configuration Identification	97
STP Instance Settings	98
MSTP Port Information	99
Forwarding & Filtering	100
Unicast Forwarding	100
Multicast Forwarding	100
Multicast Filtering Mode	101
QoS	102
Understanding QoS	103
Bandwidth Control	104
Traffic Control	105
802.1p Default Priority	107
802.1p User Priority	107
QoS Scheduling Mechanism	108
Security	109
Safeguard Engine	109
Trusted Host	111
IP-MAC-Port Binding	112
IMP Global Settings	112
IMP Port Settings	112
IMP Entry Settings	114
DHCP Snooping Entries	114
MAC Block List	115
Port Security	116
Port Security Settings	116
Port Lock Entries	117
DHCP Server Screening	118
DHCP Screening Port Settings	118
DHCP Offer Filtering	118
Guest VLAN	120
Limitations Using the Guest VLAN	120
802.1X (Port-Based and Host-Based Access Control)	121
Authentication Server	122
Authenticator	122
Client	123
Authentication Process	123
Understanding 802.1X Port-based and Host-based Network Access Control	124
Port-Based Network Access Control	124
Host-Based Network Access Control	125
802.1X Settings	125
802.1X User	127
Initialize Port(s)	128
Reauthenticate Port(s)	129
Authentic RADIUS Server	130
SSL Settings	131
SSH	133
SSH Configuration	133
SSH Authmode and Algorithm Settings	134
SSH User Authentication Mode	136
Access Authentication Control	137
Authentication Policy and Parameter Settings	138
Application Authentication Settings	138
Authentication Server Group	139
Authentication Server Host	140
Login Method Lists	142
Enable Method Lists	143
Configure Local Enable Password	144
Enable Admin	144
MAC-based Access Control	145
Notes about MAC-based Access Control	145
MAC-based Access Control Settings	145
MAC-based Access Control Local Settings	147
Web-based Access Control (WAC)	147
Conditions and Limitations	149
WAC Global Settings	149
WAC User Settings	150
WAC Port Settings	151
JWAC	152
JWAC Global Settings	152
JWAC Port Settings	154
JWAC User Settings	155
JWAC Customize Page Language	155
JWAC Customize Page	156
Multiple Authentication	156
Any (MAC, 802.1X or WAC) Mode	157
Any (MAC, 802.1X or JWAC) Mode	157
802.1X & IMPB Mode	158
IMPB & WAC/JWAC Mode	158
Authorization Network State Settings	159
Multiple Authentication Settings	159
Guest VLAN	160
IGMP Access Control Settings (IGMP Authentication)	161
ACL	162
Access Profile List	162
CPU Access Profile List	176
Time Range Settings	189
Monitoring	190
Device Environment	190
Cable Diagnostic	191
CPU Utilization	191
Port Utilization	193
Packet Size	194
Packets	196
Received (RX)	196
UMB_cast (RX)	198
Transmitted (TX)	199
Errors	201
Received (RX)	201
Transmitted (TX)	203
Port Access Control	205
Authenticator State	205
Authenticator Statistics	207
Authenticator Session Statistics	209
Authenticator Diagnostics	211
RADIUS Authentication	213
RADIUS Account Client	214
Browse ARP Table	216
Browse VLAN	216
Browse Router Port	217
Browse MLD Router Port	217
Browse Session Table	218
IGMP Snooping Group	218
MLD Snooping Group	219
WAC Authenticating State	220
JWAC Host Table	221
MAC Address Table	222
System Log	223
MAC-based Access Control Authentication State	224
Save Services and Tools	225
Save Configuration ID 1	225
Save Configuration ID 2	226
Save Log	226
Save All	226
Configuration File Backup & Restore	227
Upload Log File	227
Reset	227
Download Firmware	228
Reboot System	228
Appendix A – Mitigating ARP Spoofing Attacks Using Packet Content ACL	229
How ARP Spoofing Attacks a Network	232
Prevent ARP Spoofing via Packet Content ACL	233
Appendix B – Switch Log Entries	236
Appendix C – Trap Logs	247
Appendix D – Password Recovery Procedure	250
Appendix E – Glossary	251

Match case Limit results 1 per page

xStack

DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch

140

correct response. NOTE: This IP does not respond to ARP requests or ICMP packets.

HTTP(s) Port (1-

65535)

This parameter specifies the TCP port that the JWAC Switch listens to and uses to finish the

authenticating process.

UDP Filtering

This parameter enables or disables JWAC UDP Filtering. When UDP Filtering is

Enabled

, all

UDP and ICMP packets except DHCP and DNS packets from unauthenticated hosts will be

dropped.

Forcible Logout

This parameter enables or disables JWAC Forcible Logout. When Forcible Logout is

Enabled

, a Ping packet from an authenticated host to the JWAC Switch with TTL=1 will be

regarded as a logout request, and the host will move back to the unauthenticated state.

RADIUS Protocol

This parameter specifies the RADIUS protocol used by JWAC to complete a RADIUS

authentication. The options include

Local

EAP

MD5

PAP

CHAP

MS CHAP

, and

CHAPv2

Redirect State

This parameter enables or disables JWAC Redirect. When the redirect quarantine server is

enabled, the unauthenticated host will be redirected to the quarantine server when it tries to

access a random URL. When the redirect JWAC login page is enabled, the unauthenticated

host will be redirected to the JWAV login page in the Switch to finish authentication. When

redirect is disabled, only access to the quarantine server and the JWAC login page from the

unauthenticated host are allowed, all other web access will be denied. NOTE: When enabling

redirect to the quarantine server, a quarantine server must be configured first.

Redirect Destination

This parameter specifies the destination before an unauthenticated host is redirected to either

the

Quarantine Server

or the

JWAC Login Page

Redirect Delay Time

(0-10)

This parameter specifies the Delay Time before an unauthenticated host is redirected to the

Quarantine Server or JWAC Login Page. Enter a value between

and

seconds. A value

indicates no delay in the redirect.

Quarantine Server Configuration

Error Timeout (5-

300)

This parameter is used to set the Quarantine Server Error Timeout. When the Quarantine

Server Monitor is enabled, the JWAC Switch will periodically check if the Quarantine works

okay. If the Switch does not receive any response from the Quarantine Server during the

configured Error Timeout, the Switch then regards it as not working properly. Enter a value

between

and

300

seconds.

Monitor

This parameter enables or disables the JWAC Quarantine Server Monitor. When

Enabled

the JWAC Switch will monitor the Quarantine Server to ensure the server is okay. If the

Switch detects no Quarantine Server, it will redirect all unauthenticated HTTP access

attempts to the JWAC Login Page forcibly if the Redirect is enabled and the Redirect

Destination is configured to be a Quarantine Server.

URL

This parameter specifies the JWAC Quarantine Server URL. If the Redirect is enabled and

the Redirect Destination is the Quarantine Server, when an unauthenticated host sends the

HTTP request packets to a random Web server, the Switch will handle this HTTP packet and

send back a message to the host to allow it access to the Quarantine Server with the

configured URL. When a computer is connected to the specified URL, the quarantine server

will request the computer user to input the user name and password to complete the

authentication process.

Update Server Configuration

Update Server IP

This parameter specifies the Update Server IP address.

Mask

This parameter specifies the Server IP net mask.