Home » D-Link Manuals » Hubs & Switches » D-Link DGS-1510-28P » Manual Viewer

D-Link DGS-1510-28P User Manual - Page 345

Safeguard Engine, MAC Address, Protocol, DOT1X, Apply, Clear by Port, Clear by MAC, Clear by Protocol

View all D-Link DGS-1510-28P manuals

Add to My Manuals
Save this manual to your list of manuals

Page 345 highlights

DGS-1510 Series Gigabit Ethernet SmartPro Switch Web UI Reference Guide Figure 9-76 Network Access Authentication Sessions Information window The fields that can be configured are described below: Parameter Port MAC Address Protocol Description Select the appropriate switch unit and port used for the query here. Enter the MAC address used here. Select the protocol option used here. Options to choose from are MAC, WAC, JWAC, and DOT1X. Click the Apply button to accept the changes made. Click the Clear by Port button to the clear the information based on the port selected. Click the Clear by MAC button to the clear the information based on the MAC address entered. Click the Clear by Protocol button to the clear the information based on the protocol selected. Click the Clear All button to clear all the information in this table. Click the Find button to locate a specific entry based on the information entered. Click the View All button to locate and display all the entries. Safeguard Engine Periodically, malicious hosts on the network will attack the Switch by utilizing packet flooding (ARP Storm) or other methods. These attacks may increase the switch's CPU load beyond its capability. To alleviate this problem, the Safeguard Engine function was added to the Switch's software. The Safeguard Engine can help the overall operability of the Switch by minimizing the workload of the Switch while the attack is ongoing, thus making it capable to forward essential packets over its network in a limited bandwidth. If the CPU load rises above the rising threshold value, the Safeguard Engine function will be activated and the Switch will enter the exhausted mode. In the exhausted mode, the Switch will limit the bandwidth available for ARP and broadcast IP packets. If the CPU load falls below the falling threshold value, the Safeguard Engine will be deactivated and the Switch will exit the exhausted mode and enter the normal mode. Packets that are destined to the CPU can be classified into three groups. These groups, otherwise known as sub-interfaces, are logical interfaces that the CPU will use to identify certain types of traffic. The three groups are Protocol, Manage, and Route. Generally, the Protocol group should receive the highest priority when the Switch's CPU processes received packets and the Route group should receive the lowest priority as the Switch's CPU usually does get involved in the processing of routing packets. In the Protocol group, packets are protocol control packets identified by the router. In the Manage group, 337

Section	Page
Table of Contents	3
1. Introduction	9
Audience	9
Other Documentation	9
Conventions	9
Notes, Notices, and Cautions	9
2. Web-based Switch Configuration	11
Management Options	11
Connecting using the Web User Interface	11
Logging onto the Web Manager	11
Smart Wizard	12
Web User Interface (Web UI)	16
Areas of the User Interface	16
3. System	17
Device Information	17
System Information Settings	17
Peripheral Settings	18
Port Configuration	19
Port Settings	19
Port Status	20
Port Auto Negotiation	21
Error Disable Settings	22
Jumbo Frame	23
PoE (DGS-1510-28P Only)	24
PoE System	24
PoE Status	25
PoE Configuration	26
PoE Statistics	27
PoE Measurement	28
PoE LLDP Classification	29
System Log	30
System Log Settings	30
System Log Discriminator Settings	31
System Log Server Settings	32
System Log	33
System Attack Log	33
Time and SNTP	34
Clock Settings	34
Time Zone Settings	34
SNTP Settings	36
Time Range	37
4. Management	39
User Account Settings	39
Password Encryption	40
Login Method	41
SNMP	42
SNMP Global Settings	43
SNMP Linkchange Trap Settings	44
SNMP View Table Settings	45
SNMP Community Table Settings	46
SNMP Group Table Settings	47
SNMP Engine ID Local Settings	49
SNMP User Table Settings	49
SNMP Host Table Settings	50
RMON	51
RMON Global Settings	51
RMON Statistics Settings	52
RMON History Settings	53
RMON Alarm Settings	53
RMON Event Settings	54
Telnet/Web	55
Session Timeout	56
DHCP	57
Service DHCP	57
DHCP Class Settings	57
DHCP Relay	59
DHCP Relay Global Settings	59
DHCP Relay Pool Settings	59
DHCP Relay Information Settings	61
DHCP Relay Information Option Format Settings	62
DHCP Local Relay VLAN	64
DHCPv6 Relay	64
DHCPv6 Relay Global Settings	64
DHCPv6 Relay Interface Settings	65
DHCP Auto Configuration	66
DNS	66
DNS Global Settings	67
DNS Name Server Settings	68
DNS Host Settings	68
IP Source Interface	69
File System	69
Physical Stacking	71
Virtual Stacking (SIM)	76
Single IP Settings	78
Topology	79
Firmware Upgrade	86
Configuration File Backup/Restore	87
Upload Log File	87
D-Link Discovery Protocol	88
5. Layer 2 Features	90
FDB	90
Static FDB	90
Unicast Static FDB	90
Multicast Static FDB	91
MAC Address Table Settings	91
MAC Address Table	92
MAC Notification	93
VLAN	95
802.1Q VLAN	95
GVRP	96
GVRP Global	96
GVRP Port	96
GVRP Advertise VLAN	97
GVRP Forbidden VLAN	98
GVRP Statistics Table	99
Asymmetric VLAN	99
VLAN Interface	100
Auto Surveillance VLAN	103
Auto Surveillance Properties	103
MAC Settings and Surveillance Device	105
Voice VLAN	106
Voice VLAN Global	106
Voice VLAN Port	106
Voice VLAN OUI	107
Voice VLAN Device	108
Voice VLAN LLDP-MED Device	109
Spanning Tree	109
STP Global Settings	111
STP Port Settings	113
MST Configuration Identification	114
STP Instance	115
MSTP Port Information	116
Loopback Detection	116
Link Aggregation	118
L2 Multicast Control	120
IGMP Snooping	121
IGMP Snooping Settings	121
IGMP Snooping Groups Settings	123
IGMP Snooping Mrouter Settings	124
IGMP Snooping Statistics Settings	125
MLD Snooping	126
MLD Snooping Settings	127
MLD Snooping Groups Settings	130
MLD Snooping Mrouter Settings	131
MLD Snooping Statistics Settings	132
Multicast Filtering	133
LLDP	134
LLDP Global Settings	134
LLDP Port Settings	135
LLDP Management Address List	137
LLDP Basic TLVs Settings	137
LLDP Dot1 TLVs Settings	138
LLDP Dot3 TLVs Settings	139
LLDP-MED Port Settings	140
LLDP Statistics Information	141
LLDP Local Port Information	142
LLDP Neighbor Port Information	144
6. Layer 3 Features	145
ARP	145
ARP Aging Time	145
Static ARP	145
Proxy ARP	146
ARP Table	147
Gratuitous ARP	147
IPv4 Interface	148
IPv4 Static/Default Route	150
IPv4 Route Table	151
IPv6 Interface	152
IPv6 Neighbor	154
IPv6 Static/Default Route	155
IPv6 Route Table	155
7. Quality of Service (QoS)	157
Basic Settings	157
Port Default CoS	157
Port Scheduler Method	157
Queue Settings	159
CoS to Queue Mapping	160
Port Rate Limiting	160
Queue Rate Limiting	161
Advanced Settings	163
DSCP Mutation Map	163
Port Trust State and Mutation Binding	164
DSCP CoS Mapping	164
CoS Color Mapping	165
DSCP Color Mapping	166
Class Map	167
Aggregate Policer	169
Policy Map	172
Policy Binding	175
8. Access Control List (ACL)	177
ACL Configuration Wizard	177
ACL Access List	210
Standard IP ACL	211
Extended IP ACL	214
Standard IPv6 ACL	233
Extended IPv6 ACL	237
Extended MAC ACL	249
Extended Expert ACL	253
ACL Interface Access Group	278
ACL VLAN Access Map	279
ACL VLAN Filter	281
9. Security	283
Port Security	283
Port Security Global Settings	283
Port Security Port Settings	284
Port Security Address Entries	285
802.1X	286
802.1X Global Settings	291
802.1X Port Settings	291
Authentication Session Information	293
Authenticator Statistics	293
Authenticator Session Statistics	294
Authenticator Diagnostics	294
AAA	295
AAA Global Settings	295
Application Authentication Settings	295
Application Accounting Settings	296
Authentication Settings	297
Accounting Settings	299
RADIUS	300
RADIUS Global Settings	300
RADIUS Server Settings	301
RADIUS Group Server Settings	302
RADIUS Statistic	303
TACACS	304
TACACS Server Settings	304
TACACS Group Server Settings	304
TACACS Statistic	305
IMPB	306
IPv4	306
DHCPv4 Snooping	306
DHCP Snooping Global Settings	306
DHCP Snooping Port Settings	307
DHCP Snooping VLAN Settings	308
DHCP Snooping Database	308
DHCP Snooping Binding Entry	309
Dynamic ARP Inspection	310
ARP Access List	310
ARP Inspection Settings	312
ARP Inspection Port Settings	313
ARP Inspection VLAN	314
ARP Inspection Statistics	314
ARP Inspection Log	315
IP Source Guard	315
IP Source Guard Port Settings	315
IP Source Guard Binding	316
IP Source Guard HW Entry	317
Advanced Settings	317
IP-MAC-Port Binding Settings	317
IP-MAC-Port Binding Blocked Entry	319
IPv6	319
IPv6 Snooping	319
IPv6 ND Inspection	320
IPv6 RA Guard	321
IPv6 DHCP Guard	322
IPv6 Source Guard	323
IPv6 Source Guard Settings	323
IPv6 Neighbor Binding	324
DHCP Server Screening	325
DHCP Server Screening Global Settings	325
DHCP Server Screening Port Settings	326
ARP Spoofing Prevention	327
BPDU Attack Protection	327
MAC Authentication	329
Web-based Access Control	330
Web Authentication	333
WAC Port Settings	334
WAC Customize Page	334
Japanese Web-based Access Control	335
JWAC Global Settings	335
JWAC Port Settings	338
JWAC Customize Page Language	339
JWAC Customize Page	339
Network Access Authentication	340
Guest VLAN	340
Network Access Authentication Global Settings	341
Network Access Authentication Port Settings	343
Network Access Authentication Sessions Information	344
Safeguard Engine	345
Safeguard Engine Settings	346
CPU Protect Counters	347
CPU Protect Sub-Interface	348
CPU Protect Type	348
Trusted Host	349
Traffic Segmentation Settings	350
Storm Control	350
DoS Attack Prevention Settings	353
SSH	354
SSH Global Settings	355
Host Key	355
SSH Server Connection	356
SSH User Settings	356
SSL	357
SSL Global Settings	358
Crypto PKI Trustpoint	359
SSL Service Policy	360
10. OAM	361
Cable Diagnostics	361
DDM	361
DDM Settings	362
DDM Temperature Threshold Settings	362
DDM Voltage Threshold Settings	363
DDM Bias Current Threshold Settings	364
DDM TX Power Threshold Settings	364
DDM RX Power Threshold Settings	365
DDM Status Table	366
11. Monitoring	367
Utilization	367
Port Utilization	367
Statistics	368
Port	368
Port Counters	369
Counters	371
Mirror Settings	373
Device Environment	375
12. Green	376
Power Saving	376
EEE	377
13. Save and Tools	379
Save Configuration	379
Firmware Upgrade & Backup	379
Firmware Upgrade from HTTP	379
Firmware Upgrade from TFTP	380
Firmware Backup to HTTP	380
Firmware Backup to TFTP	381
Configuration Restore & Backup	381
Configuration Restore from HTTP	381
Configuration Restore from TFTP	382
Configuration Backup to HTTP	383
Configuration Backup to TFTP	383
Log Backup	384
Log Backup to HTTP	384
Log Backup to TFTP	384
Ping	385
Trace Route	387
Language Management	389
Reset	389
Reboot System	390
Appendix A - System Log Entries	391
802.1X	391
AAA	391
Auto Surveillance VLAN	394
BPDU Attack Protection	394
Configuration/Firmware	394
DAI	396
DDM	397
DHCPv6 Client	398
DHCPv6 Relay	400
DNS Resolver	400
DOS Prevention	400
Interface	401
JWAC	401
LACP	402
LBD	402
LLDP-MED	403
Login/Logout CLI	404
MAC-based Access Control	406
MSTP Debug Enhancement	407
Peripheral	409
PoE	410
Port Security	410
Safeguard	410
SNMP	411
SSH	411
Stacking	411
Storm Control	412
Voice-VLAN	413
Web	413
Web-Authentication	414
Appendix B - Trap Entries	415
802.1X	415
Authentication Fail	415
BPDU Attack Protection	415
DDM	416
DHCP Server Screen Prevention	416
DOS Prevention	416
ErrDisable	416
General Management	417
Gratuitous ARP Function	417
IMPB	417
LACP	417
LBD	418
LLDP	418
MAC-based Access Control	419
MAC-notification	419
MSTP	419
Peripheral	420
PoE	420
Port	421
Port Security	421
RMON	421
Safeguard	422
Stack	422
SIM	423
Start	424
Storm Control	424
System File	424
Web-Authentication	424
Appendix C - RADIUS Attributes Assignment	426

Match case Limit results 1 per page

DGS-1510 Series Gigabit Ethernet SmartPro Switch Web UI Reference Guide

337

Figure 9-76 Network Access Authentication Sessions Information window

The fields that can be configured are described below:

Parameter

Description

Port

Select the appropriate switch unit and port used for the query here.

MAC Address

Enter the MAC address used here.

Protocol

Select the protocol option used here. Options to choose from are

MAC

WAC

JWAC

, and

DOT1X

Click the

Apply

button to accept the changes made.

Click the

Clear by Port

button to the clear the information based on the port selected.

Click the

Clear by MAC

button to the clear the information based on the MAC address entered.

Click the

Clear by Protocol

button to the clear the information based on the protocol selected.

Click the

Clear All

button to clear all the information in this table.

Click the

Find

button to locate a specific entry based on the information entered.

Click the

View All

button to locate and display all the entries.

Safeguard Engine

Periodically, malicious hosts on the network will attack the Switch by utilizing packet flooding (ARP Storm)

or other methods. These attacks may increase the switch’s CPU load beyond its capability. To alleviate

this problem, the Safeguard Engine function was added to the Switch’s software.

The Safeguard Engine can help the overall operability of the Switch by minimizing the workload of the

Switch while the attack is ongoing, thus making it capable to forward essential packets over its network in

a limited bandwidth.

If the CPU load rises above the rising threshold value, the Safeguard Engine function will be activated

and the Switch will enter the exhausted mode. In the exhausted mode, the Switch will limit the bandwidth

available for ARP and broadcast IP packets. If the CPU load falls below the falling threshold value, the

Safeguard Engine will be deactivated and the Switch will exit the exhausted mode and enter the normal

mode.

Packets that are destined to the CPU can be classified into three groups. These groups, otherwise known

as sub-interfaces, are logical interfaces that the CPU will use to identify certain types of traffic. The three

groups are

Protocol

Manage

, and

Route

. Generally, the

Protocol

group should receive the highest

priority when the Switch’s CPU processes received packets and the

Route

group should receive the

lowest priority as the Switch’s CPU usually does get involved in the processing of routing packets. In the

Protocol

group, packets are protocol control packets identified by the router. In the

Manage

group,