Home » D-Link Manuals » Wireless » D-Link DXS-3400 » Manual Viewer

D-Link DXS-3400 User Manual - Page 316

Authentication Process, Port-based Access Control

Add to My Manuals
Save this manual to your list of manuals

Page 316 highlights

DXS-3400 Series Lite Layer 3 Stackable 10GbE Managed Switch Web UI Reference Guide Figure 9-8The Client Authentication Process Utilizing the three roles stated above, the 802.1X protocol provides a stable and secure way of authorizing and authenticating users attempting to access the network. Only EAPOL traffic is allowed to pass through the specified port before a successful authentication is made. This port is "locked" until the point when a Client with the correct username and password (and MAC address if 802.1X is enabled by MAC address) is granted access and therefore successfully "unlocks" the port. Once the port is unlocked, normal traffic is allowed to pass through the port. The following figure displays a more detailed explanation of how the authentication process is completed between the three roles stated above. Figure 9-9The 802.1X Authentication Process The D-Link implementation of 802.1X allows network administrators to choose between two types of Access Control used on the Switch, which are: • Port-based Access Control- This method requires only one user to be authenticated per port by a remote RADIUS server to allow the remaining users on the same port access to the network. • Host-based Access Control- Using this method, the Switch will automatically learn up to a maximum of 4096 MAC addresses by port and set them in a list. Each MAC address must be authenticated by the Switch using a remote RADIUS server before being allowed access to the Network. Understanding 802.1X Port-based and Host-based Network Access Control 306

Section	Page
Table of Contents	3
Introduction	11
Intended Readers	11
Other Documentation	11
Typographical Conventions	11
Notes and Cautions	11
Web-based Switch Configuration	12
Management Options	12
Logging into the Web UI	12
Web User Interface (Web UI)	13
Areas of the User Interface	13
System	15
Device Information	15
System Information Settings	15
Peripheral Settings	16
Port Configuration	17
Port Settings	17
Port Status	20
Port GBIC	20
Port Auto Negotiation	21
Error Disable Settings	22
Jumbo Frame	23
Loopback Test	24
System Log	26
System Log Settings	26
System Log Discriminator Settings	27
System Log Server Settings	28
System Log	29
System Attack Log	29
Time and SNTP	30
Clock Settings	30
Time Zone Settings	30
SNTP Settings	32
Time Range	33
PTP (Precise Time Protocol)	34
PTP Global Settings	34
USB Console Settings	34
SRM	35
SRM Prefer Current Settings	35
SRM Prefer Mode	35
Management	37
Command Logging	37
User Account Settings	37
Password Encryption	39
Password Recovery	39
Login Method	40
SNMP	41
SNMP Global Settings	42
SNMP Linkchange Trap Settings	43
SNMP View Table Settings	44
SNMP Community Table Settings	45
SNMP Group Table Settings	46
SNMP Engine ID Local Settings	47
SNMP User Table Settings	47
SNMP Host Table Settings	49
RMON	50
RMON Global Settings	50
RMON Statistics Settings	50
RMON History Settings	51
RMON Alarm Settings	52
RMON Event Settings	53
Telnet/Web	54
Session Timeout	55
DHCP	56
Service DHCP	56
DHCP Class Settings	57
DHCP Server	58
DHCP Server Global Settings	58
DHCP Server Pool Settings	59
DHCP Server Exclude Address	62
DHCP Server Manual Binding	62
DHCP Server Dynamic Binding	63
DHCP Server IP Conflict	64
DHCP Server Statistic	64
DHCPv6 Server	65
DHCPv6 Server Pool Settings	65
DHCPv6 Server Local Pool Settings	67
DHCPv6 Server Exclude Address	67
DHCPv6 Server Binding	68
DHCPv6 Server Interface Settings	68
DHCPv6 Server Operational Information	69
DHCP Relay	69
DHCP Relay Global Settings	69
DHCP Relay Pool Settings	70
DHCP Relay Information Settings	72
DHCP Relay Information Option Format Settings	73
DHCP Relay Information Profile Settings	75
DHCP Local Relay VLAN	77
DHCPv6 Relay	78
DHCPv6 Relay Global Settings	78
DHCPv6 Relay Interface Settings	78
DHCPv6 Local Relay VLAN	79
DHCP Auto Configuration	80
DNS	80
DNS Global Settings	81
DNS Name Server Settings	81
DNS Host Settings	82
NTP	82
NTP Global Settings	82
NTP Server Settings	84
NTP Peer Settings	84
NTP Access Group Settings	85
NTP Key Settings	86
NTP Interface Settings	87
NTP Associations	88
NTP Status	89
IP Source Interface	89
File System	91
Stacking	92
Physical Stacking	96
Stacking Bandwidth	97
Virtual Stacking (SIM)	98
Single IP Settings	99
Topology	101
File	101
Print Topology	101
Preference	101
Group	102
Add to Group	102
Remove from Group	102
Device	103
Configure	103
View	103
Refresh	103
Topology	103
Help	105
About	105
Firmware Upgrade	106
Configuration File Backup/Restore	106
Upload Log File	107
D-Link Discovery Protocol	107
SMTP Settings	109
NLB FDB Settings	110
Layer 2 Features	112
FDB	112
Static FDB	112
Unicast Static FDB	112
Multicast Static FDB	113
MAC Address Table Settings	113
MAC Address Table	115
MAC Notification	116
VLAN	117
VLAN Configuration Wizard	117
Step 1 -Select VLAN	117
Step 2 - Create/Configure VLAN	117
802.1Q VLAN	119
VLAN Interface	120
802.1v Protocol VLAN	128
Protocol VLAN Profile	128
Protocol VLAN Profile Interface	129
GVRP	130
GVRP Global	130
GVRP Port	130
GVRP Advertise VLAN	131
GVRP Forbidden VLAN	132
GVRP Statistics Table	132
Asymmetric VLAN	133
MAC VLAN	133
L2VLAN Interface Description	134
Subnet VLAN	134
Auto Surveillance VLAN	135
Auto Surveillance Properties	135
MAC Settings and Surveillance Device	137
Voice VLAN	138
Voice VLAN Global	138
Voice VLAN Port	139
Voice VLAN OUI	140
Voice VLAN Device	140
Voice VLAN LLDP-MED Device	141
Private VLAN	141
VLAN Tunnel	142
Dot1q Tunnel	142
VLAN Mapping	144
VLAN Mapping Profile	145
STP	151
STP Global Settings	151
STP Port Settings	152
MST Configuration Identification	154
STP Instance	155
MSTP Port Information	156
ERPS (G.8032)	157
ERPS	157
ERPS Profile	161
Loopback Detection	162
Link Aggregation	164
MLAG	166
MLAG Settings	167
MLAG Group	169
Flex Links	169
L2 Protocol Tunnel	170
L2 Multicast Control	171
IGMP Snooping	171
IGMP Snooping Settings	172
IGMP Snooping AAA Settings	174
IGMP Snooping Groups Settings	175
IGMP Snooping Filter Settings	176
IGMP Snooping Mrouter Settings	179
IGMP Snooping Statistics Settings	180
MLD Snooping	181
MLD Snooping Settings	181
MLD Snooping Groups Settings	184
MLD Snooping Filter Settings	185
MLD Snooping Mrouter Settings	188
MLD Snooping Statistics Settings	189
Multicast VLAN	190
Multicast VLAN Settings	190
Multicast VLAN Group Settings	192
PIM Snooping	194
PIM Snooping Global Settings	194
PIM Snooping Neighbor Table	195
PIM Snooping Mroute Table	195
PIM Snooping Statistics Table	196
Multicast Filtering	196
LLDP	197
LLDP Global Settings	197
LLDP Port Settings	199
LLDP Management Address List	200
LLDP Basic TLVs Settings	200
LLDP Dot1 TLVs Settings	201
LLDP Dot3 TLVs Settings	202
LLDP-MED Port Settings	203
LLDP-DCBX Port Settings	203
LLDP Statistics Information	204
LLDP Local Port Information	205
LLDP Neighbor Port Information	207
Layer 3 Features	208
ARP	208
ARP Aging Time	208
Static ARP	208
Proxy ARP	209
ARP Table	210
Gratuitous ARP	210
IPv6 Neighbor	211
Interface	212
IPv4 Interface	212
IPv6 Interface	214
Loopback Interface	217
Null Interface	219
UDP Helper	219
IP Forward Protocol	219
IP Helper Address	220
IPv4 Static/Default Route	220
IPv4 Static Route BFD	221
IPv4 Route Table	222
IPv6 Static/Default Route	223
IPv6 Static Route BFD	223
IPv6 Route Table	224
Route Preference	225
IPv6 General Prefix	225
RIP	226
RIP Settings	226
RIP Distribute List	227
RIP Interface Settings	228
RIP Database	228
RIPng	229
RIPng Settings	229
RIPng Interface Settings	230
RIPng Database	231
IP Multicast Routing Protocol	232
IPMC	232
IP Multicast Global Settings	232
IP Multicast Forwarding Cache	232
Control Packet CPU Filtering	233
IPv6MC	234
IPv6 Multicast Routing Forwarding Cache Table	234
BFD	234
BFD Settings	234
BFD Neighbor Table	235
IP Route Filter	236
Route Map	236
Policy Route	238
VRRP Settings	239
VRRPv3 Settings	241
Quality of Service (QoS)	244
Basic Settings	244
Port Default CoS	244
Port Scheduler Method	244
Queue Settings	246
CoS to Queue Mapping	246
Port Rate Limiting	247
Queue Rate Limiting	248
Advanced Settings	249
DSCP Mutation Map	249
Port Trust State and Mutation Binding	250
DSCP CoS Mapping	250
CoS Color Mapping	251
DSCP Color Mapping	252
Class Map	253
Aggregate Policer	254
Policy Map	258
Policy Binding	261
QoS PFC	262
Network QoS Class Map	262
Network QoS Policy Map	263
Network QoS Policy Binding	264
PFC Port Settings	265
WRED	266
WRED Profile	266
WRED Queue	267
WRED Drop Counter	268
ETS	268
ETS Port Settings	268
ETS Recommend Settings	270
QCN	271
QCN CNPV Status	271
QCN CNPV Settings	271
QCN CNPV Interface Settings	273
QCN CNPV Interface Simple	274
QCN CP Interface Settings	275
QCN CP Counters	276
QCN CPID Table	276
iSCSI	277
iSCSI Settings	277
iSCSI Sessions	278
Access Control List (ACL)	279
ACL Configuration Wizard	279
Step 1 - Create/Update	279
Step 2 - Select Packet Type	280
Step 3 - Add Rule	280
MAC	280
IPv4	283
IPv6	286
Step 4 - Apply Port	288
ACL Access List	289
Standard IP ACL	291
Extended IP ACL	292
Standard IPv6 ACL	295
Extended IPv6 ACL	296
Extended MAC ACL	298
Extended Expert ACL	300
ACL Interface Access Group	304
ACL VLAN Access Map	305
ACL VLAN Filter	307
CPU ACL	307
Security	310
Port Security	310
Port Security Global Settings	310
Port Security Port Settings	311
Port Security Address Entries	313
802.1X	313
802.1X Global Settings	318
802.1X Port Settings	318
Authentication Sessions Information	320
Authenticator Statistics	320
Authenticator Session Statistics	321
Authenticator Diagnostics	321
AAA	322
AAA Global Settings	322
Application Authentication Settings	323
Application Accounting Settings	324
Authentication Settings	325
Accounting Settings	328
RADIUS	330
RADIUS Global Settings	330
RADIUS Server Settings	331
RADIUS Group Server Settings	332
RADIUS Statistic	334
TACACS+	334
TACACS+ Global Settings	334
TACACS+ Server Settings	335
TACACS+ Group Server Settings	336
TACACS+ Statistic	337
IMPB	338
IPv4	338
DHCPv4 Snooping	338
DHCP Snooping Global Settings	338
DHCP Snooping Port Settings	339
DHCP Snooping VLAN Settings	340
DHCP Snooping Database	340
DHCP Snooping Binding Entry	341
Dynamic ARP Inspection	342
ARP Access List	342
ARP Inspection Settings	343
ARP Inspection Port Settings	344
ARP Inspection VLAN	345
ARP Inspection Statistics	345
ARP Inspection Log	346
IP Source Guard	346
IP Source Guard Port Settings	346
IP Source Guard Binding	347
IP Source Guard HW Entry	348
Advanced Settings	348
IP-MAC-Port Binding Settings	348
IP-MAC-Port Binding Blocked Entry	349
IPv6	350
IPv6 Snooping	350
IPv6 ND Inspection	351
IPv6 RA Guard	352
IPv6 DHCP Guard	353
IPv6 Source Guard	354
IPv6 Source Guard Settings	354
IPv6 Neighbor Binding	355
DHCP Server Screening	356
DHCP Server Screening Global Settings	356
DHCP Server Screening Port Settings	357
ARP Spoofing Prevention	357
BPDU Attack Protection	358
NetBIOS Filtering	359
MAC Authentication	360
Web-based Access Control	362
Web Authentication	364
WAC Port Settings	364
WAC Customize Page	365
Network Access Authentication	366
Guest VLAN	366
Network Access Authentication Global Settings	366
Network Access Authentication Port Settings	368
Network Access Authentication Sessions Information	369
Safeguard Engine	370
Safeguard Engine Settings	371
CPU Protect Counters	372
CPU Protect Sub-Interface	372
CPU Protect Type	373
Trusted Host	374
Traffic Segmentation Settings	374
Storm Control	375
DoS Attack Prevention Settings	377
SSH	379
SSH Global Settings	379
Host Key	380
SSH Server Connection	381
SSH User Settings	381
SSH Client Settings	382
SSL	382
SSL Global Settings	383
Crypto PKI Trustpoint	384
SSL Service Policy	384
SFTP Server Settings	386
OAM	388
CFM	388
CFM Settings	388
CFM Port Settings	398
CFM Loopback Test	399
CFM Linktrace Settings	400
CFM Packet Counter	401
CFM Counter CCM	402
CFM MIP CCM Table	402
CFM MEP Fault Table	402
Cable Diagnostics	402
Ethernet OAM	403
Ethernet OAM Settings	403
Ethernet OAM Configuration Settings	405
Ethernet OAM Event Log Table	408
Ethernet OAM Statistics Table	408
Ethernet OAM DULD Settings	409
DDM	410
DDM Settings	411
DDM Temperature Threshold Settings	412
DDM Voltage Threshold Settings	412
DDM Bias Current Threshold Settings	413
DDM TX Power Threshold Settings	413
DDM RX Power Threshold Settings	414
DDM Status Table	415
Monitoring	416
VLAN Counter	416
Utilization	417
Port Utilization	417
History Utilization	418
Statistics	419
Port	419
CPU Port	420
Interface Counters	421
Interface History Counters	423
Counters	425
Mirror Settings	427
sFlow	429
sFlow Agent Information	429
sFlow Receiver Settings	430
sFlow Sampler Settings	430
sFlow Poller Settings	431
Device Environment	432
External Alarm Settings	432
Green	434
Power Saving	434
EEE	435
Save and Tools	437
Save Configuration	437
Firmware Upgrade & Backup	437
Firmware Upgrade from HTTP	437
Firmware Upgrade from TFTP	438
Firmware Upgrade from FTP	438
Firmware Upgrade from RCP	439
Firmware Backup to HTTP	440
Firmware Backup to TFTP	440
Firmware Backup to FTP	441
Firmware Backup to RCP	442
Configuration Restore & Backup	442
Configuration Restore from HTTP	442
Configuration Restore from TFTP	443
Configuration Restore from FTP	443
Configuration Restore from RCP	444
Configuration Backup to HTTP	445
Configuration Backup to TFTP	445
Configuration Backup to FTP	446
Configuration Backup to RCP	447
Log Backup	448
Log Backup to HTTP	448
Log Backup to TFTP	448
Log Backup to RCP	449
Ping	449

Match case Limit results 1 per page

DXS-3400 Series Lite Layer 3 Stackable 10GbE Managed Switch Web UI Reference Guide

306

Figure 9-8The Client

Figure 9-9The 802.1X Authentication Process

The D-Link implementation of 802.1X allows network administrators to choose between two types of Access Control

used on the Switch, which are:

Authentication Process

Utilizing the three roles stated above, the 802.1X protocol provides a stable and secure way of authorizing and

authenticating users attempting to access the network. Only EAPOL traffic is allowed to pass through the specified

port before a successful authentication is made. This port is “locked” until the point when a Client with the correct

username and password (and MAC address if 802.1X is enabled by MAC address) is granted access and therefore

successfully “unlocks” the port. Once the port is unlocked, normal traffic is allowed to pass through the port. The

following figure displays a more detailed explanation of how the authentication process is completed between the

three roles stated above.

•

Port-based Access Control

- This method requires only one user to be authenticated per port by a remote

RADIUS server to allow the remaining users on the same port access to the network.

•

Host-based Access Control

- Using this method, the Switch will automatically learn up to a maximum of 4096

MAC addresses by port and set them in a list. Each MAC address must be authenticated by the Switch using a

remote RADIUS server before being allowed access to the Network.

Understanding 802.1X Port-based and Host-based Network Access Control