Home » D-Link Manuals » Hubs & Switches » D-Link DGS-3620-28TC-SI » Manual Viewer

D-Link DGS-3620-28TC-SI Product Manual - Page 390

xStack® DGS-3620 Series Managed Switch Web UI Reference Guide, RC4 with 40-bit keys, RC4

View all D-Link DGS-3620-28TC-SI manuals

Add to My Manuals
Save this manual to your list of manuals

Page 390 highlights

xStack® DGS-3620 Series Managed Switch Web UI Reference Guide 1 Key Exchange: The first part of the Cipher suite string specifies the public key algorithm to be used. This switch utilizes the Rivest Shamir Adleman (RSA) public key algorithm and the Digital Signature Algorithm (DSA), specified here as the DHE DSS Diffie-Hellman (DHE) public key algorithm. This is the first authentication process between client and host as they "exchange keys" in looking for a match and therefore authentication to be accepted to negotiate encryptions on the following level. 2 Encryption: The second part of the cipher suite that includes the encryption used for encrypting the messages sent between client and host. The Switch supports two types of cryptology algorithms: Stream Ciphers - There are two types of stream ciphers on the Switch, RC4 with 40-bit keys and RC4 with 128-bit keys. These keys are used to encrypt messages and need to be consistent between client and host for optimal use. CBC Block Ciphers - CBC refers to Cipher Block Chaining, which means that a portion of the previously encrypted block of encrypted text is used in the encryption of the current block. The Switch supports the 3DES EDE encryption code defined by the Data Encryption Standard (DES) to create the encrypted text. 3 Hash Algorithm: This part of the cipher suite allows the user to choose a message digest function which will determine a Message Authentication Code. This Message Authentication Code will be encrypted with a sent message to provide integrity and prevent against replay attacks. The Switch supports two hash algorithms, MD5 (Message Digest 5) and SHA (Secure Hash Algorithm). These three parameters are uniquely assembled in four choices on the Switch to create a three-layered encryption code for secure communication between the server and the host. The user may implement any one or combination of the cipher suites available, yet different cipher suites will affect the security level and the performance of the secured connection. The information included in the cipher suites is not included with the Switch and requires downloading from a third source in a file form called a certificate. This function of the Switch cannot be executed without the presence and implementation of the certificate file and can be downloaded to the Switch by utilizing a TFTP server. The Switch supports SSLv3. Other versions of SSL may not be compatible with this Switch and may cause problems upon authentication and transfer of messages from client to host. The SSL Settings window located on the next page will allow the user to enable SSL on the Switch and implement any one or combination of listed cipher suites on the Switch. A cipher suite is a security string that determines the exact cryptographic parameters, specific encryption algorithms and key sizes to be used for an authentication session. The Switch possesses four possible cipher suites for the SSL function, which are all enabled by default. To utilize a particular cipher suite, disable the unwanted cipher suites, leaving the desired one for authentication. When the SSL function has been enabled, the web will become disabled. To manage the Switch through the web based management while utilizing the SSL function, the web browser must support SSL encryption and the header of the URL must begin with https://. (Ex. https://xx.xx.xx.xx) Any other method will result in an error and no access can be authorized for the web-based management. Users can download a certificate file for the SSL function on the Switch from a TFTP server. The certificate file is a data record used for authenticating devices on the network. It contains information on the owner, keys for authentication and digital signatures. Both the server and the client must have consistent certificate files for optimal use of the SSL function. The Switch only supports certificate files with .der file extensions. Currently, the Switch comes with a certificate pre-loaded though the user may need to download more, depending on user circumstances. To view this window, click Security > SSL Settings as shown below: 380

Section	Page
Intended Readers	11
Typographical Conventions	11
Notes, Notices and Cautions	11
Safety Instructions	11
Safety Cautions	12
General Precautions for Rack-Mountable Products	13
Protecting Against Electrostatic Discharge	14
Chapter 1 Web-based Switch Configuration	15
Introduction	15
Login to the Web Manager	15
Web-based User Interface	16
Areas of the User Interface	16
Web Pages	17
Chapter 2 System Configuration	18
Device Information	18
System Information Settings	19
Port Configuration	20
Port Settings	20
Port Description Settings	21
Port Error Disabled	22
Port Auto Negotiation Information	23
Jumbo Frame Settings	24
PoE	24
PoE System Settings	25
PoE Port Settings	26
Serial Port Settings	27
Warning Temperature Settings	27
System Log configuration	28
System Log Settings	28
System Log Server Settings	28
System Log	29
System Log & Trap Settings	30
System Severity Settings	31
Time Range Settings	31
Port Group Settings	32
Time Settings	32
User Accounts Settings	33
Command Logging Settings	34
Stacking	34
Stacking Device Table	36
Stacking Mode Settings	36
Chapter 3 Management	38
ARP	38
Static ARP Settings	38
Proxy ARP Settings	39
ARP Table	39
Gratuitous ARP	40
Gratuitous ARP Global Settings	40
Gratuitous ARP Settings	40
IPv6 Neighbor Settings	41
IP Interface	42
System IP Address Settings	42
Interface Settings	43
Loopback Interface Settings	47
Management Settings	48
Out of Band Management Settings	49
Session Table	49
Single IP Management	50
Single IP Settings	51
Topology	52
Firmware Upgrade	58
Configuration File Backup/Restore	59
Upload Log File	59
SNMP Settings	59
SNMP Global Settings	60
SNMP Traps Settings	61
SNMP Linkchange Traps Settings	61
SNMP View Table Settings	62
SNMP Community Table Settings	63
SNMP Group Table Settings	64
SNMP Engine ID Settings	65
SNMP User Table Settings	65
SNMP Host Table Settings	66
SNMPv6 Host Table Settings	67
RMON Settings	68
SNMP Community Encryption Settings	68
SNMP Community Masking Settings	68
Telnet Settings	69
Web Settings	69
Chapter 4 L2 Features	71
VLAN	71
802.1Q VLAN Settings	76
802.1v Protocol VLAN	79
802.1v Protocol Group Settings	79
802.1v Protocol VLAN Settings	80
Asymmetric VLAN Settings	81
GVRP	81
GVRP Global Settings	81
GVRP Port Settings	82
MAC-based VLAN Settings	83
Private VLAN Settings	83
PVID Auto Assign Settings	85
Subnet VLAN	85
Subnet VLAN Settings	85
VLAN Precedence Settings	86
Super VLAN	87
Super VLAN Settings	87
Sub VLAN Settings	88
Voice VLAN	89
Voice VLAN Global Settings	89
Voice VLAN Port Settings	90
Voice VLAN OUI Settings	91
Voice VLAN Device	91
Voice VLAN LLDP-MED Voice Device	91
VLAN Trunk Settings	92
Browse VLAN	93
Show VLAN Ports	93
QinQ	93
QinQ Settings	95
VLAN Translation Settings	96
Layer 2 Protocol Tunneling Settings	97
Spanning Tree	97
STP Bridge Global Settings	99
STP Port Settings	101
MST Configuration Identification	102
STP Instance Settings	103
MSTP Port Information	103
Link Aggregation	104
Port Trunking Settings	106
LACP Port Settings	106
FDB	107
Static FDB Settings	107
Unicast Static FDB Settings	107
Multicast Static FDB Settings	108
MAC Notification Settings	109
MAC Address Aging Time Settings	110
MAC Address Table	110
ARP & FDB Table	111
L2 Multicast Control	112
IGMP Proxy	112
IGMP Proxy Settings	112
IGMP Proxy Downstream Settings	113
IGMP Proxy Group	113
IGMP Snooping	114
IGMP Snooping Settings	114
IGMP Snooping Rate Limit Settings	116
IGMP Snooping Static Group Settings	117
IGMP Router Port	118
IGMP Snooping Group	119
IGMP Snooping Forwarding Table	119
IGMP Snooping Counter	120
MLD Proxy	121
MLD Proxy Settings	121
MLD Proxy Downstream Settings	121
MLD Proxy Group	122
MLD Snooping	122
MLD Snooping Settings	123
MLD Snooping Rate Limit Settings	125
MLD Snooping Static Group Settings	126
MLD Router Port	127
MLD Snooping Group	127
MLD Snooping Forwarding Table	128
MLD Snooping Counter	129
Multicast VLAN	130
IGMP Multicast Group Profile Settings	130
IGMP Snooping Multicast VLAN Settings	131
MLD Multicast Group Profile Settings	133
MLD Snooping Multicast VLAN Settings	134
Multicast Filtering	136
IPv4 Multicast Filtering	136
IPv4 Multicast Profile Settings	136
IPv4 Limited Multicast Range Settings	137
IPv4 Max Multicast Group Settings	138
IPv6 Multicast Filtering	138
IPv6 Multicast Profile Settings	139
IPv6 Limited Multicast Range Settings	140
IPv6 Max Multicast Group Settings	140
Multicast Filtering Mode	141
ERPS Settings	141
LLDP	145
LLDP	145
LLDP Global Settings	145
LLDP Port Settings	146
LLDP Management Address List	147
LLDP Basic TLVs Settings	147
LLDP Dot1 TLVs Settings	148
LLDP Dot3 TLVs Settings	149
LLDP Statistic System	151
LLDP Local Port Information	151
LLDP Remote Port Information	152
LLDP-MED	153
LLDP-MED System Settings	153
LLDP-MED Port Settings	153
LLDP-MED Local Port Information	154
LLDP-MED Remote Port Information	155
NLB FDB Settings	155
PTP	156
PTP Global Settings	156
PTP Port Settings	157
PTP Boundary Clock Settings	158
PTP Boundary Port Settings	159
PTP Peer to Peer Transparent Port Settings	160
PTP Clock Information	161
PTP Port Information	161
PTP Foreign Master Records Port Information	161
Chapter 5 L3 Features	163
IPv4 Static/Default Route Settings	163
IPv4 Route Table	164
IPv6 Static/Default Route Settings	165
IPv6 Route Table	166
Policy Route Settings	166
IP Forwarding Table	167
IP Multicast Forwarding Table	167
IP Multicast Interface Table	168
Static Multicast Route Settings	168
Route Preference Settings	169
ECMP Algorithm Settings	169
Route Redistribution Settings	170
IP Tunnel (EI Mode Only)	171
IP Tunnel Settings	171
IP Tunnel GRE Settings	172
OSPF	173
OSPFv2	193
OSPF Global Settings	193
OSPF Area Settings	193
OSPF Interface Settings	194
OSPF Virtual Link Settings	196
OSPF Area Aggregation Settings	197
OSPF Host Router Settings	198
OSPF LSDB Table	198
OSPF Neighbor Table	199
OSPF Virtual Neighbor Table	199
OSPFv3 (EI Mode Only)	200
OSPFv3 Global Settings	200
OSPFv3 Area Settings	200
OSPFv3 Interface Settings	201
OSPFv3 Virtual Interface Settings	203
OSPFv3 Area Aggregation Settings	204
OSPFv3 LSDB Table	204
OSPFv3 LSDB AS External LSA Table	205
OSPFv3 LSDB Link LSA Interface Table	205
OSPFv3 Neighbor Table	206
OSPFv3 Virtual Neighbor Table	206
RIP	207
RIP Settings	208
RIPng (EI Mode Only)	210
RIPng Global Settings	210
RIPng Interface Settings	211
IP Multicast Routing Protocol	211
IGMP	211
IGMP Interface Settings	213
IGMP Check Subscriber Source Network Settings	214
IGMP Group Table	215
MLD	216
MLD Interface Settings	216
MLD Group Table	217
DVMRP (EI Mode Only)	218
DVMRP Interface Settings	218
DVMRP Routing Table	219
DVMRP Neighbor Table	219
DVMRP Routing Next Hop Table	220
PIM	220
PIM for IPv4	222
PIM Global Settings	222
PIM Interface Settings	223
PIM Candidate BSR Settings	224
PIM Candidate RP Settings	225
PIM Static RP Settings	226
PIM Register Checksum Settings	226
PIM Neighbor Table	227
PIM Multicast Route Table	227
PIM RP-Set Table	227
PIM SSM Settings	228
PIM for IPv6 (EI Mode Only)	228
PIM for IPv6 Global Settings	228
PIM for IPv6 Interface Settings	229
PIM for IPv6 Candidate BSR Settings	231
PIM for IPv6 Candidate RP Settings	231
PIM for IPv6 Static RP Settings	232
PIM for IPv6 Neighbor Table	232
PIM for IPv6 Multicast Route Table	233
PIM for IPv6 RP-Set Table	234
PIM for IPv6 Multicast Route Star-G Table	235
PIM for IPv6 Multicast Route S-G Table	236
VRRP	238
VRRP Global Settings	238
VRRP Virtual Router Settings	239
VRRP Authentication Settings	241
BGP (EI Mode Only)	242
BGP Global Settings	242
BGP Aggregate Address Settings	244
BGP Network Settings	244
BGP Dampening Settings	245
BGP Peer Group Settings	246
BGP Neighbor	247
BGP Neighbor Group Settings	247
BGP Neighbor Description Settings	248
BGP Neighbor Password Settings	248
BGP Neighbor Session Settings	249
BGP Neighbor Maximum Prefix Settings	249
BGP Neighbor General Settings	250
BGP Neighbor Timer Settings	251
BGP Neighbor Map Settings	252
BGP Neighbor Filter Settings	253
BGP Neighbor Table	254
BGP Reflector Settings	255
BGP Confederation Settings	256
BGP AS Path Access Settings	257
BGP Community List Settings	258
BGP Trap Settings	259
BGP Clear Settings	259
BGP Summary Table	260
BGP Routing Table	261
BGP Dampened Route Table	262
BGP Flap Statistic Table	262
IP Route Filter	263
IP Prefix List Settings	263
IP Standard Access List Settings	264
Route Map Settings	265
MD5 Settings	268
IGMP Static Group Settings	269
Chapter 6 QoS	270
802.1p Settings	271
802.1p Default Priority Settings	271
802.1p User Priority Settings	272
Bandwidth Control	273
Bandwidth Control Settings	273
Queue Bandwidth Control Settings	275
Traffic Control Settings	275
HOL Blocking Prevention	278
Scheduling Settings	278
QoS Scheduling	278
QoS Scheduling Mechanism	279
Chapter 7 ACL	281
ACL Configuration Wizard	281
Access Profile List	282
Adding an Ethernet ACL Profile	283
Adding an IPv4 ACL Profile	286
Adding an IPv6 ACL Profile	290
Adding a Packet Content ACL Profile	294
CPU Access Profile List	298
Adding a CPU Ethernet ACL Profile	299
Adding a CPU IPv4 ACL Profile	302
Adding a CPU IPv6 ACL Profile	306
Adding a CPU Packet Content ACL Profile	309
ACL Finder	312
ACL Flow Meter	312
Egress Access Profile List	315
Adding an Ethernet ACL Profile	316
Adding an IPv4 Egress ACL Profile	319
Adding an IPv6 Egress ACL Profile	323
Egress ACL Flow Meter	327
Chapter 8 Security	330
802.1X	330
802.1X Global Settings	333
802.1X Port Settings	334
802.1X User Settings	335
Guest VLAN Settings	336
Authenticator State	337
Authenticator Statistics	338
Authenticator Session Statistics	338
Authenticator Diagnostics	339
Initialize Port-based Port(s)	340
Initialize Host-based Port(s)	341
Reauthenticate Port-based Port(s)	341
Reauthenticate Host-based Port(s)	341
RADIUS	342
Authentication RADIUS Server Settings	342
RADIUS Accounting Settings	343
RADIUS Authentication	343
RADIUS Account Client	345
IP-MAC-Port Binding (IMPB)	346
IMPB Global Settings	346
IMPB Port Settings	347
IMPB Entry Settings	348
MAC Block List	349
DHCP Snooping	349
DHCP Snooping Maximum Entry Settings	349
DHCP Snooping Entry	350
ND Snooping	351
ND Snooping Maximum Entry Settings	351
ND Snooping Entry	352
MAC-based Access Control (MAC)	352
MAC-based Access Control Settings	353
MAC-based Access Control Local Settings	354
MAC-based Access Control Authentication State	355
Web-based Access Control (WAC)	355
WAC Global Settings	358
WAC User Settings	359
WAC Port Settings	359
WAC Authentication State	360
WAC Customize Page	361
Japanese Web-based Access Control (JWAC)	363
JWAC Global Settings	363
JWAC Port Settings	365
JWAC User Settings	366
JWAC Authentication State	367
JWAC Customize Page Language	367
JWAC Customize Page	368
Compound Authentication	368
Compound Authentication Settings	368
Compound Authentication Guest VLAN Settings	370
Compound Authentication MAC Format Settings	370
Port Security	371
Port Security Settings	371
Port Security VLAN Settings	373
Port Security Entries	374
ARP Spoofing Prevention Settings	374
BPDU Attack Protection	375
Loopback Detection Settings	377
Traffic Segmentation Settings	378
NetBIOS Filtering Settings	379
DHCP Server Screening	380
DHCP Server Screening Port Settings	380
DHCP Offer Permit Entry Settings	381
Access Authentication Control	381
Enable Admin	382
Authentication Policy Settings	383
Application Authentication Settings	384
Authentication Server Group Settings	384
Authentication Server Settings	386
Login Method Lists Settings	387
Enable Method Lists Settings	388
Local Enable Password Settings	389
SSL Settings	389
SSH	392
SSH Settings	392
SSH Authentication Method and Algorithm Settings	393
SSH User Authentication List	395
Trusted Host Settings	396
Safeguard Engine Settings	396
Chapter 9 Network Application	399
DHCP	399
DHCP Relay	399
DHCP Relay Global Settings	399
DHCP Relay Interface Settings	401
DHCP Relay Option 60 Server Settings	402
DHCP Relay Option 60 Settings	402
DHCP Relay Option 61 Settings	403
DHCP Server	404
DHCP Server Global Settings	404
DHCP Server Exclude Address Settings	405
DHCP Server Pool Settings	405
DHCP Server Manual Binding	407
DHCP Server Dynamic Binding	407
DHCP Conflict IP	408
DHCPv6 Server	408
DHCPv6 Server Global Settings	408
DHCPv6 Server Pool Settings	409
DHCPv6 Server Dynamic Binding	411
DHCPv6 Server Interface Settings	411
DHCPv6 Relay	412
DHCPv6 Relay Global Settings	412
DHCPv6 Relay Settings	412
DHCP Local Relay Settings	413
DNS	413
DNS Relay	414
DNS Relay Global Settings	414
DNS Relay Static Settings	414
DNS Resolver	415
DNS Resolver Global Settings	415
DNS Resolver Static Name Server Settings	415
DNS Resolver Dynamic Name Server Table	416
DNS Resolver Static Host Name Settings	416
DNS Resolver Dynamic Host Name Table	417
RCP Server Settings	417
SNTP	417
SNTP Settings	417
Time Zone Settings	418
Flash File System Settings	420
Chapter 10 OAM	422
CFM (EI Mode Only)	422
CFM Settings	422
CFM Port Settings	428
CFM MIPCCM Table	429
CFM Loopback Settings	429
CFM Linktrace Settings	430
CFM Packet Counter	431
CFM Fault Table	431
CFM MP Table	432
Ethernet OAM	432
Ethernet OAM Settings	432
Ethernet OAM Configuration Settings	433
Ethernet OAM Event Log	434
Ethernet OAM Statistics	435
DULD Settings	436
Cable Diagnostics (EI Mode Only)	437
Chapter 11 Monitoring	439
Utilization	439
CPU Utilization	439
DRAM & Flash Utilization	440
Port Utilization	440
Statistics	441
Port Statistics	441
Packets	441
Received (RX)	441
UMB_Cast (RX)	442
Transmitted (TX)	444
Errors	445
Received (RX)	445
Transmitted (TX)	447
Packet Size	448
Mirror	450
Port Mirror Settings	450
RSPAN Settings	451
sFlow	452
sFlow Global Settings	452
sFlow Analyzer Server Settings	453
sFlow Flow Sampler Settings	454
sFlow Counter Poller Settings	454

Match case Limit results 1 per page

xStack® DGS-3620 Series Managed Switch Web UI Reference Guide

380

Key Exchange:

The first part of the Cipher suite string specifies the public key algorithm to be used. This

switch utilizes the Rivest Shamir Adleman (RSA) public key algorithm and the Digital Signature Algorithm

(DSA), specified here as the DHE DSS Diffie-Hellman (DHE) public key algorithm. This is the first

authentication process between client and host as they “exchange keys” in looking for a match and

therefore authentication to be accepted to negotiate encryptions on the following level.

Encryption:

The second part of the cipher suite that includes the encryption used for encrypting the

messages sent between client and host. The Switch supports two types of cryptology algorithms:

Stream Ciphers – There are two types of stream ciphers on the Switch,

RC4 with 40-bit keys

and

RC4 with

128-bit keys

. These keys are used to encrypt messages and need to be consistent between client and host

for optimal use.

CBC Block Ciphers – CBC refers to Cipher Block Chaining, which means that a portion of the previously

encrypted block of encrypted text is used in the encryption of the current block. The Switch supports the

3DES EDE

encryption code defined by the Data Encryption Standard (DES) to create the encrypted text.

Hash Algorithm:

This part of the cipher suite allows the user to choose a message digest function which

will determine a Message Authentication Code. This Message Authentication Code will be encrypted with a

sent message to provide integrity and prevent against replay attacks. The Switch supports two hash

algorithms, MD5 (Message Digest 5) and SHA (Secure Hash Algorithm).

These three parameters are uniquely assembled in four choices on the Switch to create a three-layered encryption

code for secure communication between the server and the host. The user may implement any one or combination

of the cipher suites available, yet different cipher suites will affect the security level and the performance of the

secured connection. The information included in the cipher suites is not included with the Switch and requires

downloading from a third source in a file form called a

certificate

. This function of the Switch cannot be executed

without the presence and implementation of the certificate file and can be downloaded to the Switch by utilizing a

TFTP server. The Switch supports SSLv3. Other versions of SSL may not be compatible with this Switch and may

cause problems upon authentication and transfer of messages from client to host.

The SSL Settings window located on the next page will allow the user to enable SSL on the Switch and implement

any one or combination of listed cipher suites on the Switch. A cipher suite is a security string that determines the

exact cryptographic parameters, specific encryption algorithms and key sizes to be used for an authentication

session. The Switch possesses four possible cipher suites for the SSL function, which are all enabled by default.

To utilize a particular cipher suite, disable the unwanted cipher suites, leaving the desired one for authentication.

When the SSL function has been enabled, the web will become disabled. To manage the Switch through the web

based management while utilizing the SSL function, the web browser must support SSL encryption and the header

of the URL must begin with https://. (Ex. https://xx.xx.xx.xx) Any other method will result in an error and no access

can be authorized for the web-based management.

Users can download a certificate file for the SSL function on the Switch from a TFTP server. The certificate file is a

data record used for authenticating devices on the network. It contains information on the owner, keys for

authentication and digital signatures. Both the server and the client must have consistent certificate files for optimal

use of the SSL function. The Switch only supports certificate files with .der file extensions. Currently, the Switch

comes with a certificate pre-loaded though the user may need to download more, depending on user

circumstances.

To view this window, click

Security > SSL Settings

as shown below: