Home » D-Link Manuals » Hubs & Switches » D-Link DES-3526DC » Manual Viewer

D-Link DES-3526DC Product Manual - Page 127

IP-MAC Binding, ACL Mode

Add to My Manuals
Save this manual to your list of manuals

Page 127 highlights

xStack DES-3500 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual IP-MAC Binding The IP network layer uses a four-byte address. The Ethernet link layer uses a six-byte MAC address. Binding these two address types together allows the transmission of data between the layers. The primary purpose of IP-MAC binding is to restrict the access to a switch to a number of authorized users. Only the authorized client can access the Switch's port by checking the pair of IPMAC addresses with the pre-configured database. If an unauthorized user tries to access an IP-MAC binding enabled port, the system will block the access by dropping its packet. The maximum number of IP-MAC binding entries is dependant on chip capability (e.g. the ARP table size) and storage size of the device. For the xStack DES-3500 Series switches, the maximum number of IP-MAC Binding entries is 512. The creation of authorized users can be manually configured by CLI or Web. The function is port-based, meaning a user can enable or disable the function on the individual port. ACL Mode Due to some special cases that have arisen with the IP-MAC binding, this Switch has been equipped with a special ACL Mode for IP-MAC Binding, which should alleviate this problem for users. When enabled in the IP-MAC Binding Port window, the Switch will create two entries in the Access Profile Table as shown below. The entries may only be created if there are at least two Access Profile IDs available on the Switch. If not, when the ACL Mode is enabled, an error message will be prompted to the user. When the ACL Mode is enabled, the Switch will only accept IP packets from a created entry in the IP-MAC Binding Setting window. All others will be discarded. Figure 6- 96. Access Profile Table -IP-MAC ACL Mode Enabled To view the particular configurations associated with these two entries, click their corresponding hyperlinked Profile IDs, which will display the following: Figure 6- 97. Access Profile Entry Display for IP-MAC ACL Mode Enabled Entries These two entries cannot be modified or deleted using the Access Profile Table, and any attempt to do so will result in the following warning message: Figure 6- 98. IP-MAC ACL Mode warning 113

Section	Page
	1
Table of Contents	3
	8
Preface	9
	9
Intended Readers	10
Typographical Conventions	10
Bold font	10
	10
Notes, Notices, and Cautions	10
Safety Instructions	11
Safety Cautions	11
General Precautions for Rack-Mountable Products	12
Protecting Against Electrostatic Discharge	13
Gigabit Ethernet Technology	14
Switch Description	14
Features	14
Ports	14
Front-Panel Components	14
Side Panel Description	14
Rear Panel Description	14
Gigabit Combo Ports	14
Gigabit Ethernet Technology	14
Switch Description	14
Features	15
Ports	16
Front-Panel Components	16
LED Indicators	17
Rear Panel Description	18
Side Panel Description	18
Gigabit Combo Ports	19
Package Contents	21
Before You Connect to the Network	21
Installing the Switch without the Rack	21
Rack Installation	21
Power On	21
Package Contents	21
Before You Connect to the Network	21
Installing the Switch without the Rack	22
Installing the Switch in a Rack	23
Mounting the Switch in a Standard 19\	24
Power On (AC Power)	25
Power Failure	25
Connecting DC Power to DES-3526DC	25
Switch to End Node	26
Switch to Hub or Switch	26
Connecting To Network Backbone or Server	26
Switch to End Node	26
Switch to Hub or Switch	27
Connecting To Network Backbone or Server	28
Management Options	29
Web-based Management Interface	29
SNMP-Based Management	29
Managing User Accounts	29
Command Line Console Interface through the Serial Port	29
Connecting the Console Port (RS-232 DCE)	29
First Time Connecting to the Switch	29
Password Protection	29
SNMP Settings	29
IP Address Assignment	29
Connecting Devices to the Switch	29
Management Options	29
Web-based Management Interface	29
SNMP-Based Management	29
Connecting the Console Port (RS-232 DCE)	29
First Time Connecting to the Switch	31
Password Protection	31
	32
SNMP Settings	33
	33
Traps	33
MIBs	33
IP Address Assignment	34
Connecting Devices to the Switch	35
Introduction	36
Login to Web manager	36
Web-Based User Interface	36
Basic Setup	36
Reboot	36
Basic Switch Setup	36
Network Management	36
Switch Utilities	36
Network Monitoring	36
IGMP Snooping Status	36
Introduction	36
Login to Web Manager	36
Web-based User Interface	37
Areas of the User Interface	37
Web Pages	38
Switch Information	39
IP Address	39
Advanced Settings	39
Port Configuration	39
Port Description	39
Port Mirroring	39
Link Aggregation	39
LACP Port Setting	39
MAC Notification	39
IGMP	39
Spanning Tree	39
Forward Filtering	39
VLANs	39
Traffic Control	39
Port Security	39
QoS	39
System Log Servers	39
SNTP Settings	39
Access Profile Table	39
CPU Interface Filtering	39
Port Access Entity	39
IP-MAC Binding	39
Limited IP Multicast Range Settings	39
Layer 3 IP Networking	39
	39
Switch Information	40
IP Address	40
Advanced Settings	43
Port Configurations	45
Port Description	46
Port Mirroring	47
	47
Link Aggregation	48
Understanding Port Trunk Groups	48
LACP Port Setting	51
MAC Notification	52
MAC Notification Global Settings	52
MAC Notification Port Settings	53
IGMP	54
IGMP Snooping	54
Static Router Ports Entry	56
Forbidden Router Ports Entry	57
Spanning Tree	58
802.1s MSTP	58
802.1w Rapid Spanning Tree	58
Port Transition States	58
Edge Port	59
P2P Port	59
802.1d/802.1w/802.1s Compatibility	59
STP Loopback Detection	59
Setting the Loopback Timer	59
Regulations and Restrictions for the Loopback Detection Function	60
STP Bridge Global Settings	60
MST Configuration Table	63
MSTI Settings	65
STP Instance Settings	66
MSTP Port Information	67
Forwarding Filtering	69
Unicast Forwarding	69
Multicast Forwarding	69
Multicast Port Filtering Mode	71
VLANs	72
Understanding IEEE 802.1p Priority	72
VLAN Description	72
Notes about VLANs on the xStack DES-3500 Series switches	72
IEEE 802.1Q VLANs	72
802.1Q VLAN Tags	74
Port VLAN ID	74
Tagging and Untagging	75
Ingress Filtering	75
Default VLANs	75
Port-based VLANs	76
VLAN Segmentation	76
Asymmetric VLANs	77
VLAN and Trunk Groups	78
Static VLAN Entry	78
GVRP Setting	80
Traffic Control	81
Port Security	83
QoS	84
Advantages of QoS	84
Understanding QoS	85
Port Bandwidth	86
Scheduling	87
802.1p Default Priority	88
802.1p User Priority	88
Traffic Segmentation	89
System Severity Alerts	90
System Log Server	90
SNTP Settings	92
Time Setting	92
Time Zone and DST	93
Access Profile Table	95
Configuring the Access Profile Table	95
CPU Interface Filtering	106
CPU Interface Filtering Profile Table	106
Port Access Entity (802.1X)	116
802.1x Port-Based and MAC-Based Access Control	116
Authentication Server	117
Authenticator	117
Client	118
Authentication Process	118
Port-Based Network Access Control	119
MAC-Based Network Access Control	120
Configure Authenticator	121
PAE System Control	123
Port Capability	123
Initializing Ports for Port Based 802.1x	124
Initializing Ports for MAC Based 802.1x	125
Reauthenticate Port(s) for Port Based 802.1x	125
RADIUS Server	126
IP-MAC Binding	127
ACL Mode	127
IP-MAC Binding Port	129
IP-MAC Binding Table	130
IP-MAC Binding Blocked	131
Limited IP Multicast Range Settings	132
Layer 3 IP Networking	133
Static ARP Table	133
DHCP/BOOTP Relay	134
DHCP / BOOTP Relay Global Settings	134
The Implementation of DHCP Information Option 82 in the xStack DES-3500 Series switches	136
DHCP/BOOTP Relay Interface Settings	137
	137
Security IP	138
User Accounts	138
Access Authentication Control (TACACS)	138
Secure Sockets Layer (SSL)	138
Secure Shell (SSH)	138
SNMP Manager	138
Safeguard Engine Settings	138
Security IP	138
User Accounts	138
Admin and User Privileges	139
Access Authentication Control	140
Policy & Parameters	141
Application's Authentication Settings	141
Authentication Server Group Settings	142
Authentication Server Hosts	143
Login Method Lists	145
Enable Method Lists	146
Local Enable Password	147
Enable Admin	148
Secure Socket Layer (SSL)	149
Download Certificate	149
Configuration	150
Secure Shell (SSH)	151
SSH Configuration	151
SSH Algorithm	152
SSH User Authentication	154
SNMP Manager	155
SNMP Settings	155
Traps	155
MIBs	155
SNMP User Table	156
SNMP View Table	158
SNMP Group Table	159
SNMP Community Table Configuration	160
SNMP Host Table	161
SNMP Engine ID	162
Safeguard Engine	163
Port Utilization	165
CPU Utilization	165
Packets	165
Errors	165
Size	165
MAC Address	165
Switch History Log	165
IGMP Snooping Group	165
IGMP Snooping Forwarding	165
VLAN Status	165
Router Port	165
Port Access Control	165
Layer 3 Feature	165
Safeguard Engine Status	165
Port Utilization	165
CPU Utilization	166
	166
Packets	167
Received (RX)	167
UMB Cast (RX)	168
Transmitted (TX)	170
	171
Errors	172
Received (RX)	172
Transmitted (TX)	173
Size	175
	176
MAC Address	177
Switch History Log	178
	178
IGMP Snooping Group	179
IGMP Snooping Forwarding	180
	180
VLAN Status	181
Router Port	181
Port Access Control	182
Authenticator State	182
Layer 3 Feature	184
Browse ARP Table	184
Safeguard Engine Status	185
TFTP Services	186
Multiple Image Services	186
Switch History	186
Ping Test	186
Save Changes	186
Reboot Services	186
Logout	186
TFTP Services	186
Download Firmware from TFTP Server	186
Download Configuration File	187
Upload Configuration	187
Upload Log	188
Multiple Image Services	189
Firmware Information	189
Config Firmware Image	190
Ping Test	190
Save Changes	191
Reset	191
Reset System	192
Reset Config	192
Reboot Device	192
Logout	192
Single IP Management (SIM) Overview	193
Topology	193
Firmware Upgrade	193
Configuration Backup/Restore	193
Single IP Management (SIM) Overview	193
The Upgrade to v1.6	194
SIM Using the Web Interface	195
Topology	196
Tool Tips	198
Right-Click	199
Group Icon	199
Commander Switch Icon	200
Member Switch Icon	201
Candidate Switch Icon	201
Menu Bar	203
File	203
Group	203
Device	203
View	203
Firmware Upgrade	204
Configuration File Backup/Restore	204
Upload Log File	204
Copyright Statement: No part of this publication or documentation accompanying this product may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation without permission from D-Link Corporation/D-Link Systems, Inc., as stipulated by the United States Copyright Act of 1976 and any amendments thereto. Contents are subject to change without prior notice. Copyright 2004 by D-Link Corporation/D-Link Systems, Inc. All rights reserved.	227
FCC Statement: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a commercial installation. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communication. However, there is no guarantee that interference will not occur in a particular installation. Operation of this equipment in a residential environment is likely to cause harmful interference to radio or television reception. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:	227
Warranty beneficiary	229
Duration of Limited Lifetime Warranty	229
Replacement, Repair or Refund Procedure for Hardware	229
	229
D-Link Limited Lifetime Warranty	230

Match case Limit results 1 per page

xStack DES-3500 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual

113

IP-MAC Binding

The IP network layer uses a four-byte address. The Ethernet link layer uses a six-byte MAC address. Binding these two address

types together allows the transmission of data between the layers. The primary purpose of IP-MAC binding is to restrict the access

to a switch to a number of authorized users. Only the authorized client can access the Switch’s port by checking the pair of IP-

MAC addresses with the pre-configured database. If an unauthorized user tries to access an IP-MAC binding enabled port, the

system will block the access by dropping its packet. The maximum number of IP-MAC binding entries is dependant on chip

capability (e.g. the ARP table size) and storage size of the device. For the xStack DES-3500 Series switches, the maximum

number of IP-MAC Binding entries is 512. The creation of authorized users can be manually configured by CLI or Web. The

function is port-based, meaning a user can enable or disable the function on the individual port.

ACL Mode

Figure 6- 96. Access Profile Table –IP-MAC ACL Mode Enabled

To view the particular configurations associated with these two entries, click their corresponding hyperlinked Profile IDs, which

will display the following:

Figure 6- 97. Access Profile Entry Display for IP-MAC ACL Mode Enabled Entries

These two entries cannot be modified or deleted using the Access Profile Table, and any attempt to do so will result in the

following warning message:

Figure 6- 98. IP-MAC ACL Mode warning

Due to some special cases that have arisen with the

IP-MAC binding, this Switch has been equipped

with a special ACL Mode for IP-MAC Binding,

which should alleviate this problem for users.

When enabled in the

IP-MAC Binding Port

window, the Switch will create two entries in the

Access Profile Table as shown below. The entries

may only be created if there are at least two Access

Profile IDs available on the Switch. If not, when

the ACL Mode is enabled, an error message will be

prompted to the user. When the ACL Mode is

enabled, the Switch will only accept IP packets

from a created entry in the IP-MAC Binding

Setting window. All others will be discarded.