Home » D-Link Manuals » Hubs & Switches » D-Link DGS-3620-28TC-SI » Manual Viewer

D-Link DGS-3620-28TC-SI Product Manual - Page 177

Message Digest Authentication MD-5, External Link-State Updates

View all D-Link DGS-3620-28TC-SI manuals

Add to My Manuals
Save this manual to your list of manuals

Page 177 highlights

xStack® DGS-3620 Series Managed Switch Web UI Reference Guide 3. Network Link-State Updates - Issued by multi-access areas that have more than one attached router. One router is elected as the Designated Router (DR) and this router issues the network link-state updates describing every router on the segment. 4. External Link-State Updates - Issued by an Autonomous System Border Router and describes routes to destinations outside the AS or a default route to the outside AS. The format of these link-state updates is described in more detail below. Router link-state updates are flooded to all routers in the current area. These updates describe the destinations reachable through all of the router's interfaces. Summary link-state updates are generated by Border Routers to distribute routing information about other networks within the AS. Normally, all Summary link-state updates are forwarded to the backbone (area 0) and are then forwarded to all other areas in the network. Border Routers also have the responsibility of distributing routing information from the Autonomous System Border Router in order for routers in the network to get and maintain routes to other Autonomous Systems. Network link-state updates are generated by a router elected as the Designated Router on a multi-access segment (with more than one attached router). These updates describe all of the routers on the segment and their network connections. External link-state updates carry routing information to networks outside the Autonomous System. The Autonomous System Border Router is responsible for generating and distributing these updates. OSPF Authentication OSPF packets can be authenticated as coming from trusted routers by the use of predefined passwords. The default for routers is to use no authentication. There are two other authentication methods: Simple Password Authentication (key) and Message Digest authentication (MD-5). Simple Password Authentication A password (or key) can be configured on a per-area basis. Routers in the same area that participate in the routing domain must be configured with the same key. This method is possibly vulnerable to passive attacks where a link analyzer is used to obtain the password. Message Digest Authentication (MD-5) MD-5 authentication is a cryptographic method. A key and a key-ID are configured on each router. The router then uses an algorithm to generate a mathematical "message digest" that is derived from the OSPF packet, the key and the key-ID. This message digest (a number) is then appended to the packet. The key is not exchanged over the wire and a non-decreasing sequence number is included to prevent replay attacks. Backbone and Area 0 OSPF limits the number of link-state updates required between routers by defining areas within which a given router operates. When more than one area is configured, one area is designated as area 0, also called the backbone. The backbone is at the center of all other areas, all areas of the network have a physical (or virtual) connection to the backbone through a router. OSPF allows routing information to be distributed by forwarding it into area 0, from which the information can be forwarded to all other areas (and all other routers) on the network. In situations where an area is required, but is not possible to provide a physical connection to the backbone, a virtual link can be configured. Virtual Links Virtual links accomplish two purposes: 167

Section	Page
Intended Readers	11
Typographical Conventions	11
Notes, Notices and Cautions	11
Safety Instructions	11
Safety Cautions	12
General Precautions for Rack-Mountable Products	13
Protecting Against Electrostatic Discharge	14
Chapter 1 Web-based Switch Configuration	15
Introduction	15
Login to the Web Manager	15
Web-based User Interface	16
Areas of the User Interface	16
Web Pages	17
Chapter 2 System Configuration	18
Device Information	18
System Information Settings	19
Port Configuration	20
Port Settings	20
Port Description Settings	21
Port Error Disabled	22
Port Auto Negotiation Information	23
Jumbo Frame Settings	24
PoE	24
PoE System Settings	25
PoE Port Settings	26
Serial Port Settings	27
Warning Temperature Settings	27
System Log configuration	28
System Log Settings	28
System Log Server Settings	28
System Log	29
System Log & Trap Settings	30
System Severity Settings	31
Time Range Settings	31
Port Group Settings	32
Time Settings	32
User Accounts Settings	33
Command Logging Settings	34
Stacking	34
Stacking Device Table	36
Stacking Mode Settings	36
Chapter 3 Management	38
ARP	38
Static ARP Settings	38
Proxy ARP Settings	39
ARP Table	39
Gratuitous ARP	40
Gratuitous ARP Global Settings	40
Gratuitous ARP Settings	40
IPv6 Neighbor Settings	41
IP Interface	42
System IP Address Settings	42
Interface Settings	43
Loopback Interface Settings	47
Management Settings	48
Out of Band Management Settings	49
Session Table	49
Single IP Management	50
Single IP Settings	51
Topology	52
Firmware Upgrade	58
Configuration File Backup/Restore	59
Upload Log File	59
SNMP Settings	59
SNMP Global Settings	60
SNMP Traps Settings	61
SNMP Linkchange Traps Settings	61
SNMP View Table Settings	62
SNMP Community Table Settings	63
SNMP Group Table Settings	64
SNMP Engine ID Settings	65
SNMP User Table Settings	65
SNMP Host Table Settings	66
SNMPv6 Host Table Settings	67
RMON Settings	68
SNMP Community Encryption Settings	68
SNMP Community Masking Settings	68
Telnet Settings	69
Web Settings	69
Chapter 4 L2 Features	71
VLAN	71
802.1Q VLAN Settings	76
802.1v Protocol VLAN	79
802.1v Protocol Group Settings	79
802.1v Protocol VLAN Settings	80
Asymmetric VLAN Settings	81
GVRP	81
GVRP Global Settings	81
GVRP Port Settings	82
MAC-based VLAN Settings	83
Private VLAN Settings	83
PVID Auto Assign Settings	85
Subnet VLAN	85
Subnet VLAN Settings	85
VLAN Precedence Settings	86
Super VLAN	87
Super VLAN Settings	87
Sub VLAN Settings	88
Voice VLAN	89
Voice VLAN Global Settings	89
Voice VLAN Port Settings	90
Voice VLAN OUI Settings	91
Voice VLAN Device	91
Voice VLAN LLDP-MED Voice Device	91
VLAN Trunk Settings	92
Browse VLAN	93
Show VLAN Ports	93
QinQ	93
QinQ Settings	95
VLAN Translation Settings	96
Layer 2 Protocol Tunneling Settings	97
Spanning Tree	97
STP Bridge Global Settings	99
STP Port Settings	101
MST Configuration Identification	102
STP Instance Settings	103
MSTP Port Information	103
Link Aggregation	104
Port Trunking Settings	106
LACP Port Settings	106
FDB	107
Static FDB Settings	107
Unicast Static FDB Settings	107
Multicast Static FDB Settings	108
MAC Notification Settings	109
MAC Address Aging Time Settings	110
MAC Address Table	110
ARP & FDB Table	111
L2 Multicast Control	112
IGMP Proxy	112
IGMP Proxy Settings	112
IGMP Proxy Downstream Settings	113
IGMP Proxy Group	113
IGMP Snooping	114
IGMP Snooping Settings	114
IGMP Snooping Rate Limit Settings	116
IGMP Snooping Static Group Settings	117
IGMP Router Port	118
IGMP Snooping Group	119
IGMP Snooping Forwarding Table	119
IGMP Snooping Counter	120
MLD Proxy	121
MLD Proxy Settings	121
MLD Proxy Downstream Settings	121
MLD Proxy Group	122
MLD Snooping	122
MLD Snooping Settings	123
MLD Snooping Rate Limit Settings	125
MLD Snooping Static Group Settings	126
MLD Router Port	127
MLD Snooping Group	127
MLD Snooping Forwarding Table	128
MLD Snooping Counter	129
Multicast VLAN	130
IGMP Multicast Group Profile Settings	130
IGMP Snooping Multicast VLAN Settings	131
MLD Multicast Group Profile Settings	133
MLD Snooping Multicast VLAN Settings	134
Multicast Filtering	136
IPv4 Multicast Filtering	136
IPv4 Multicast Profile Settings	136
IPv4 Limited Multicast Range Settings	137
IPv4 Max Multicast Group Settings	138
IPv6 Multicast Filtering	138
IPv6 Multicast Profile Settings	139
IPv6 Limited Multicast Range Settings	140
IPv6 Max Multicast Group Settings	140
Multicast Filtering Mode	141
ERPS Settings	141
LLDP	145
LLDP	145
LLDP Global Settings	145
LLDP Port Settings	146
LLDP Management Address List	147
LLDP Basic TLVs Settings	147
LLDP Dot1 TLVs Settings	148
LLDP Dot3 TLVs Settings	149
LLDP Statistic System	151
LLDP Local Port Information	151
LLDP Remote Port Information	152
LLDP-MED	153
LLDP-MED System Settings	153
LLDP-MED Port Settings	153
LLDP-MED Local Port Information	154
LLDP-MED Remote Port Information	155
NLB FDB Settings	155
PTP	156
PTP Global Settings	156
PTP Port Settings	157
PTP Boundary Clock Settings	158
PTP Boundary Port Settings	159
PTP Peer to Peer Transparent Port Settings	160
PTP Clock Information	161
PTP Port Information	161
PTP Foreign Master Records Port Information	161
Chapter 5 L3 Features	163
IPv4 Static/Default Route Settings	163
IPv4 Route Table	164
IPv6 Static/Default Route Settings	165
IPv6 Route Table	166
Policy Route Settings	166
IP Forwarding Table	167
IP Multicast Forwarding Table	167
IP Multicast Interface Table	168
Static Multicast Route Settings	168
Route Preference Settings	169
ECMP Algorithm Settings	169
Route Redistribution Settings	170
IP Tunnel (EI Mode Only)	171
IP Tunnel Settings	171
IP Tunnel GRE Settings	172
OSPF	173
OSPFv2	193
OSPF Global Settings	193
OSPF Area Settings	193
OSPF Interface Settings	194
OSPF Virtual Link Settings	196
OSPF Area Aggregation Settings	197
OSPF Host Router Settings	198
OSPF LSDB Table	198
OSPF Neighbor Table	199
OSPF Virtual Neighbor Table	199
OSPFv3 (EI Mode Only)	200
OSPFv3 Global Settings	200
OSPFv3 Area Settings	200
OSPFv3 Interface Settings	201
OSPFv3 Virtual Interface Settings	203
OSPFv3 Area Aggregation Settings	204
OSPFv3 LSDB Table	204
OSPFv3 LSDB AS External LSA Table	205
OSPFv3 LSDB Link LSA Interface Table	205
OSPFv3 Neighbor Table	206
OSPFv3 Virtual Neighbor Table	206
RIP	207
RIP Settings	208
RIPng (EI Mode Only)	210
RIPng Global Settings	210
RIPng Interface Settings	211
IP Multicast Routing Protocol	211
IGMP	211
IGMP Interface Settings	213
IGMP Check Subscriber Source Network Settings	214
IGMP Group Table	215
MLD	216
MLD Interface Settings	216
MLD Group Table	217
DVMRP (EI Mode Only)	218
DVMRP Interface Settings	218
DVMRP Routing Table	219
DVMRP Neighbor Table	219
DVMRP Routing Next Hop Table	220
PIM	220
PIM for IPv4	222
PIM Global Settings	222
PIM Interface Settings	223
PIM Candidate BSR Settings	224
PIM Candidate RP Settings	225
PIM Static RP Settings	226
PIM Register Checksum Settings	226
PIM Neighbor Table	227
PIM Multicast Route Table	227
PIM RP-Set Table	227
PIM SSM Settings	228
PIM for IPv6 (EI Mode Only)	228
PIM for IPv6 Global Settings	228
PIM for IPv6 Interface Settings	229
PIM for IPv6 Candidate BSR Settings	231
PIM for IPv6 Candidate RP Settings	231
PIM for IPv6 Static RP Settings	232
PIM for IPv6 Neighbor Table	232
PIM for IPv6 Multicast Route Table	233
PIM for IPv6 RP-Set Table	234
PIM for IPv6 Multicast Route Star-G Table	235
PIM for IPv6 Multicast Route S-G Table	236
VRRP	238
VRRP Global Settings	238
VRRP Virtual Router Settings	239
VRRP Authentication Settings	241
BGP (EI Mode Only)	242
BGP Global Settings	242
BGP Aggregate Address Settings	244
BGP Network Settings	244
BGP Dampening Settings	245
BGP Peer Group Settings	246
BGP Neighbor	247
BGP Neighbor Group Settings	247
BGP Neighbor Description Settings	248
BGP Neighbor Password Settings	248
BGP Neighbor Session Settings	249
BGP Neighbor Maximum Prefix Settings	249
BGP Neighbor General Settings	250
BGP Neighbor Timer Settings	251
BGP Neighbor Map Settings	252
BGP Neighbor Filter Settings	253
BGP Neighbor Table	254
BGP Reflector Settings	255
BGP Confederation Settings	256
BGP AS Path Access Settings	257
BGP Community List Settings	258
BGP Trap Settings	259
BGP Clear Settings	259
BGP Summary Table	260
BGP Routing Table	261
BGP Dampened Route Table	262
BGP Flap Statistic Table	262
IP Route Filter	263
IP Prefix List Settings	263
IP Standard Access List Settings	264
Route Map Settings	265
MD5 Settings	268
IGMP Static Group Settings	269
Chapter 6 QoS	270
802.1p Settings	271
802.1p Default Priority Settings	271
802.1p User Priority Settings	272
Bandwidth Control	273
Bandwidth Control Settings	273
Queue Bandwidth Control Settings	275
Traffic Control Settings	275
HOL Blocking Prevention	278
Scheduling Settings	278
QoS Scheduling	278
QoS Scheduling Mechanism	279
Chapter 7 ACL	281
ACL Configuration Wizard	281
Access Profile List	282
Adding an Ethernet ACL Profile	283
Adding an IPv4 ACL Profile	286
Adding an IPv6 ACL Profile	290
Adding a Packet Content ACL Profile	294
CPU Access Profile List	298
Adding a CPU Ethernet ACL Profile	299
Adding a CPU IPv4 ACL Profile	302
Adding a CPU IPv6 ACL Profile	306
Adding a CPU Packet Content ACL Profile	309
ACL Finder	312
ACL Flow Meter	312
Egress Access Profile List	315
Adding an Ethernet ACL Profile	316
Adding an IPv4 Egress ACL Profile	319
Adding an IPv6 Egress ACL Profile	323
Egress ACL Flow Meter	327
Chapter 8 Security	330
802.1X	330
802.1X Global Settings	333
802.1X Port Settings	334
802.1X User Settings	335
Guest VLAN Settings	336
Authenticator State	337
Authenticator Statistics	338
Authenticator Session Statistics	338
Authenticator Diagnostics	339
Initialize Port-based Port(s)	340
Initialize Host-based Port(s)	341
Reauthenticate Port-based Port(s)	341
Reauthenticate Host-based Port(s)	341
RADIUS	342
Authentication RADIUS Server Settings	342
RADIUS Accounting Settings	343
RADIUS Authentication	343
RADIUS Account Client	345
IP-MAC-Port Binding (IMPB)	346
IMPB Global Settings	346
IMPB Port Settings	347
IMPB Entry Settings	348
MAC Block List	349
DHCP Snooping	349
DHCP Snooping Maximum Entry Settings	349
DHCP Snooping Entry	350
ND Snooping	351
ND Snooping Maximum Entry Settings	351
ND Snooping Entry	352
MAC-based Access Control (MAC)	352
MAC-based Access Control Settings	353
MAC-based Access Control Local Settings	354
MAC-based Access Control Authentication State	355
Web-based Access Control (WAC)	355
WAC Global Settings	358
WAC User Settings	359
WAC Port Settings	359
WAC Authentication State	360
WAC Customize Page	361
Japanese Web-based Access Control (JWAC)	363
JWAC Global Settings	363
JWAC Port Settings	365
JWAC User Settings	366
JWAC Authentication State	367
JWAC Customize Page Language	367
JWAC Customize Page	368
Compound Authentication	368
Compound Authentication Settings	368
Compound Authentication Guest VLAN Settings	370
Compound Authentication MAC Format Settings	370
Port Security	371
Port Security Settings	371
Port Security VLAN Settings	373
Port Security Entries	374
ARP Spoofing Prevention Settings	374
BPDU Attack Protection	375
Loopback Detection Settings	377
Traffic Segmentation Settings	378
NetBIOS Filtering Settings	379
DHCP Server Screening	380
DHCP Server Screening Port Settings	380
DHCP Offer Permit Entry Settings	381
Access Authentication Control	381
Enable Admin	382
Authentication Policy Settings	383
Application Authentication Settings	384
Authentication Server Group Settings	384
Authentication Server Settings	386
Login Method Lists Settings	387
Enable Method Lists Settings	388
Local Enable Password Settings	389
SSL Settings	389
SSH	392
SSH Settings	392
SSH Authentication Method and Algorithm Settings	393
SSH User Authentication List	395
Trusted Host Settings	396
Safeguard Engine Settings	396
Chapter 9 Network Application	399
DHCP	399
DHCP Relay	399
DHCP Relay Global Settings	399
DHCP Relay Interface Settings	401
DHCP Relay Option 60 Server Settings	402
DHCP Relay Option 60 Settings	402
DHCP Relay Option 61 Settings	403
DHCP Server	404
DHCP Server Global Settings	404
DHCP Server Exclude Address Settings	405
DHCP Server Pool Settings	405
DHCP Server Manual Binding	407
DHCP Server Dynamic Binding	407
DHCP Conflict IP	408
DHCPv6 Server	408
DHCPv6 Server Global Settings	408
DHCPv6 Server Pool Settings	409
DHCPv6 Server Dynamic Binding	411
DHCPv6 Server Interface Settings	411
DHCPv6 Relay	412
DHCPv6 Relay Global Settings	412
DHCPv6 Relay Settings	412
DHCP Local Relay Settings	413
DNS	413
DNS Relay	414
DNS Relay Global Settings	414
DNS Relay Static Settings	414
DNS Resolver	415
DNS Resolver Global Settings	415
DNS Resolver Static Name Server Settings	415
DNS Resolver Dynamic Name Server Table	416
DNS Resolver Static Host Name Settings	416
DNS Resolver Dynamic Host Name Table	417
RCP Server Settings	417
SNTP	417
SNTP Settings	417
Time Zone Settings	418
Flash File System Settings	420
Chapter 10 OAM	422
CFM (EI Mode Only)	422
CFM Settings	422
CFM Port Settings	428
CFM MIPCCM Table	429
CFM Loopback Settings	429
CFM Linktrace Settings	430
CFM Packet Counter	431
CFM Fault Table	431
CFM MP Table	432
Ethernet OAM	432
Ethernet OAM Settings	432
Ethernet OAM Configuration Settings	433
Ethernet OAM Event Log	434
Ethernet OAM Statistics	435
DULD Settings	436
Cable Diagnostics (EI Mode Only)	437
Chapter 11 Monitoring	439
Utilization	439
CPU Utilization	439
DRAM & Flash Utilization	440
Port Utilization	440
Statistics	441
Port Statistics	441
Packets	441
Received (RX)	441
UMB_Cast (RX)	442
Transmitted (TX)	444
Errors	445
Received (RX)	445
Transmitted (TX)	447
Packet Size	448
Mirror	450
Port Mirror Settings	450
RSPAN Settings	451
sFlow	452
sFlow Global Settings	452
sFlow Analyzer Server Settings	453
sFlow Flow Sampler Settings	454
sFlow Counter Poller Settings	454

Match case Limit results 1 per page

xStack® DGS-3620 Series Managed Switch Web UI Reference Guide

167

Network Link-State Updates

- Issued by multi-access areas that have more than one attached router.

One router is elected as the Designated Router (DR) and this router issues the network link-state updates

describing every router on the segment.

External Link-State Updates

- Issued by an Autonomous System Border Router and describes routes to

destinations outside the AS or a default route to the outside AS.

The format of these link-state updates is described in more detail below.

Router link-state updates are flooded to all routers in the current area. These updates describe the destinations

reachable through all of the router’s interfaces.

Summary link-state updates are generated by Border Routers to distribute routing information about other networks

within the AS. Normally, all Summary link-state updates are forwarded to the backbone (area 0) and are then

forwarded to all other areas in the network. Border Routers also have the responsibility of distributing routing

information from the Autonomous System Border Router in order for routers in the network to get and maintain

routes to other Autonomous Systems.

Network link-state updates are generated by a router elected as the Designated Router on a multi-access segment

(with more than one attached router). These updates describe all of the routers on the segment and their network

connections.

External link-state updates carry routing information to networks outside the Autonomous System. The

Autonomous System Border Router is responsible for generating and distributing these updates.

OSPF packets can be authenticated as coming from trusted routers by the use of predefined passwords. The

default for routers is to use no authentication.

OSPF Authentication

There are two other authentication methods: Simple Password Authentication (key) and Message Digest

authentication (MD-5).

A password (or key) can be configured on a per-area basis. Routers in the same area that participate in the routing

domain must be configured with the same key. This method is possibly vulnerable to passive attacks where a link

analyzer is used to obtain the password.

Simple Password Authentication

MD-5 authentication is a cryptographic method. A key and a key-ID are configured on each router. The router then

uses an algorithm to generate a mathematical “message digest” that is derived from the OSPF packet, the key and

the key-ID. This message digest (a number) is then appended to the packet. The key is not exchanged over the

wire and a non-decreasing sequence number is included to prevent replay attacks.

Message Digest Authentication (MD-5)

OSPF limits the number of link-state updates required between routers by defining areas within which a given

router operates. When more than one area is configured, one area is designated as area 0, also called the

backbone.

Backbone and Area 0

The backbone is at the center of all other areas, all areas of the network have a physical (or virtual) connection to

the backbone through a router. OSPF allows routing information to be distributed by forwarding it into area 0, from

which the information can be forwarded to all other areas (and all other routers) on the network.

In situations where an area is required, but is not possible to provide a physical connection to the backbone, a

virtual link can be configured.

Virtual links accomplish two purposes:

Virtual Links