Home » D-Link Manuals » Wireless » D-Link DGS-1510 » Manual Viewer

D-Link DGS-1510 User Manual - Page 364

SSL Global Settings, Stream Ciphers, CBC Block Ciphers, Hash Algorithm

Add to My Manuals
Save this manual to your list of manuals

Page 364 highlights

DGS-1510 Series Gigabit Ethernet SmartPro Switch Web UI Reference Guide ○ Stream Ciphers - There are two types of stream ciphers on the Switch, RC4 with 40-bit keys, and RC4 with 128-bit keys. These keys are used to encrypt messages and need to be consistent between client and host for optimal use. ○ CBC Block Ciphers - CBC refers to Cipher Block Chaining, which means that a portion of the previously encrypted block of encrypted text is used in the encryption of the current block. The Switch supports the 3DES EDE encryption code defined by the Data Encryption Standard (DES) and the Advanced Encryption Standard (AES) to create the encrypted text. • Hash Algorithm: This part of the cipher suite allows the user to choose a message digest function, which will determine a Message Authentication Code. This Message Authentication Code will be encrypted with a sent message to provide integrity and prevent against replay attacks. The Switch supports three hash algorithms, MD5 (Message Digest 5), SHA (Secure Hash Algorithm), and SHA256. These three parameters are uniquely assembled in four choices on the Switch to create a threelayered encryption code for secure communication between the server and the client. The user may implement any one or combination of the cipher suites available, yet different cipher suites will affect the security level and the performance of the secured connection. The information included in the cipher suites is not included with the Switch and requires downloading from a third source in a file form called a certificate. This function of the Switch cannot be executed without the presence and implementation of the certificate file and can be downloaded to the Switch by utilizing a TFTP server or the Switch file system. The Switch supports TLS 1.0, TLS 1.1, and TLS 1.2. Other versions of SSL may not be compatible with this Switch and may cause problems upon authentication and transfer of messages from client to server. When the SSL function has been enabled, the web will become disabled. To manage the Switch through the web-based management while utilizing the SSL function, the web browser must support SSL encryption and the header of the URL must begin with https:// (Ex. https://xx.xx.xx.xx). Any other method will result in an error and no access can be authorized for the web-based management. Users can download a certificate file for the SSL function on the Switch from a TFTP server. The certificate file is a data record used for authenticating devices on the network. It contains information on the owner, keys for authentication and digital signatures. Both the server and the client must have consistent certificate files for optimal use of the SSL function. Currently, the Switch comes with a certificate pre-loaded though the user may need to download more, depending on user circumstances. SSL Global Settings This window is used to view and configure the SSL feature's global settings. To view the following window, click Security > SSL > SSL Global Settings, as shown below: Figure 9-93 SSL Global Settings Window The fields that can be configured for SSL Global Settings are described below: Parameter SSL Status Description Select to enable or disable the SSL feature's global status here. 353

Section	Page
Table of Contents	3
1. Introduction	12
Audience	12
Other Documentation	12
Conventions	12
Notes, Notices, and Cautions	12
2. Web-based Switch Configuration	13
Management Options	13
Connecting using the Web UI	13
Logging onto the Web UI	14
Smart Wizard	15
Step 1 - Web Mode	15
Step 2 - System IP Information	16
Step 3 - User Accounts Settings	17
Step 4 - SNMP Settings	18
Web User Interface (Web UI)	20
Areas of the User Interface	20
Standard Mode	20
Surveillance Mode	21
3. System	23
Device Information	23
System Information Settings	23
Peripheral Settings	24
Port Configuration	25
Port Settings	25
Port Status	27
Port GBIC	27
Port Auto Negotiation	28
Error Disable Settings	28
Jumbo Frame	29
Interface Description	30
PoE (PoE Switches Only)	30
PoE System	31
PoE Status	32
PoE Configuration	33
PD Alive	34
PoE Statistics	35
PoE Measurement	36
PoE LLDP Classification	37
System Log	38
System Log Settings	38
System Log Discriminator Settings	40
System Log Server Settings	41
System Log	41
System Attack Log	42
Time and SNTP	42
Clock Settings	42
Time Zone Settings	43
SNTP Settings	44
Time Range	45
4. Management	47
User Account Settings	47
Password Encryption	49
Login Method	49
SNMP	50
SNMP Global Settings	52
SNMP Linkchange Trap Settings	53
SNMP View Table Settings	54
SNMP Community Table Settings	54
SNMP Group Table Settings	56
SNMP Engine ID Local Settings	57
SNMP User Table Settings	57
SNMP Host Table Settings	58
RMON	59
RMON Global Settings	59
RMON Statistics Settings	60
RMON History Settings	61
RMON Alarm Settings	62
RMON Event Settings	63
Telnet/Web	64
Session Timeout	65
DHCP	66
Service DHCP	66
DHCP Class Settings	66
DHCP Server	67
DHCP Server Global Settings	68
DHCP Server Pool Settings	69
DHCP Server Exclude Address	71
DHCP Server Manual Binding	72
DHCP Server Dynamic Binding	73
DHCP Server IP Conflict	73
DHCP Server Statistic	74
DHCPv6 Server	75
DHCPv6 Server Pool Settings	75
DHCPv6 Server Local Pool Settings	77
DHCPv6 Server Exclude Address	77
DHCPv6 Server Binding	78
DHCPv6 Server Interface Settings	79
DHCPv6 Server Operational Information	80
DHCP Relay	80
DHCP Relay Global Settings	80
DHCP Relay Pool Settings	80
DHCP Relay Information Settings	83
DHCP Relay Information Option Format Settings	84
DHCP Relay Information Profile Settings	85
DHCP Local Relay VLAN	88
DHCPv6 Relay	88
DHCPv6 Relay Global Settings	88
DHCPv6 Relay Interface Settings	89
DHCP Auto Configuration	90
DNS	90
DNS Global Settings	91
DNS Name Server Settings	91
DNS Host Settings	92
NTP	93
NTP Global Settings	93
NTP Server Settings	94
NTP Peer Settings	95
NTP Access Group Settings	96
NTP Key Settings	97
NTP Interface Settings	98
NTP Associations	98
NTP Status	99
IP Source Interface	99
File System	100
Physical Stacking	101
Virtual Stacking (SIM)	105
Single IP Settings	108
Topology	109
File	109
Print Topology	109
Preference	110
Group	110
Add to Group	110
Remove from Group	111
Device	111
Configure	111
View	111
Refresh	111
Topology	111
Help	114
About	114
Firmware Upgrade	114
Configuration File Backup/Restore	115
Upload Log File	115
D-Link Discovery Protocol	116
5. Layer 2 Features	117
FDB	117
Static FDB	117
Unicast Static FDB	117
Multicast Static FDB	118
MAC Address Table Settings	118
MAC Address Table	120
MAC Notification	121
VLAN	122
VLAN Configuration Wizard	122
Create/Configure VLAN	122
Create VLAN	123
Configure VLAN	124
802.1Q VLAN	125
VLAN Interface	126
VLAN Interface Settings	126
Port Summary	129
802.1v Protocol VLAN	129
Protocol VLAN Profile	129
Protocol VLAN Profile Interface	130
GVRP	130
GVRP Global	130
GVRP Port	131
GVRP Advertise VLAN	132
GVRP Forbidden VLAN	133
GVRP Statistics Table	134
Asymmetric VLAN	134
MAC VLAN	135
L2VLAN Interface Description	136
Auto Surveillance VLAN	136
Auto Surveillance Properties	136
MAC Settings and Surveillance Device	138
ONVIF IP-Camera Information	139
ONVIF NVR Information	140
Voice VLAN	141
Voice VLAN Global	141
Voice VLAN Port	143
Voice VLAN OUI	144
Voice VLAN Device	144
Voice VLAN LLDP-MED Device	145
STP	145
STP Global Settings	147
STP Port Settings	149
MST Configuration Identification	150
STP Instance	152
MSTP Port Information	152
ERPS (G.8032)	153
ERPS	153
ERPS Profile	156
Loopback Detection	157
Link Aggregation	159
L2 Multicast Control	162
IGMP Snooping	162
IGMP Snooping Settings	162
IGMP Snooping Groups Settings	165
IGMP Snooping Mrouter Settings	166
IGMP Snooping Statistics Settings	167
MLD Snooping	168
MLD Snooping Settings	169
MLD Snooping Groups Settings	171
MLD Snooping Mrouter Settings	172
MLD Snooping Statistics Settings	173
Multicast Filtering	174
LLDP	175
LLDP Global Settings	175
LLDP Port Settings	177
LLDP Management Address List	178
LLDP Basic TLVs Settings	178
LLDP Dot1 TLVs Settings	180
LLDP Dot3 TLVs Settings	181
LLDP-MED Port Settings	182
LLDP Statistics Information	183
LLDP Local Port Information	184
LLDP Neighbor Port Information	185
6. Layer 3 Features	187
ARP	187
ARP Aging Time	187
Static ARP	188
Proxy ARP	188
ARP Table	189
Gratuitous ARP	190
UDP Helper	191
IP Forward Protocol	191
IP Helper Address	191
IPv4 Interface	192
IPv4 Static/Default Route	194
IPv4 Route Table	195
IPv6 Interface	196
IPv6 Neighbor	200
IPv6 Static/Default Route	200
IPv6 Route Table	201
IPMC	202
IP Multicast Global Settings	202
IP Multicast Forwarding Cache	202
7. Quality of Service (QoS)	203
Basic Settings	203
Port Default CoS	203
Port Scheduler Method	204
Queue Settings	205
CoS to Queue Mapping	206
Port Rate Limiting	207
Queue Rate Limiting	208
Advanced Settings	209
DSCP Mutation Map	209
Port Trust State and Mutation Binding	210
DSCP CoS Mapping	211
CoS Color Mapping	212
DSCP Color Mapping	213
Class Map	214
Aggregate Policer	215
Policy Map	218
Policy Binding	221
8. Access Control List (ACL)	222
ACL Configuration Wizard	222
ACL Access List	241
Standard IP ACL	242
Extended IP ACL	245
Standard IPv6 ACL	254
Extended IPv6 ACL	258
Extended MAC ACL	266
Extended Expert ACL	270
ACL Interface Access Group	282
ACL VLAN Access Map	283
ACL VLAN Filter	284
9. Security	286
Port Security	286
Port Security Global Settings	286
Port Security Port Settings	287
Port Security Address Entries	288
802.1X	289
802.1X Global Settings	293
802.1X Port Settings	294
Authentication Session Information	295
Authenticator Statistics	296
Authenticator Session Statistics	296
Authenticator Diagnostics	297
AAA	297
AAA Global Settings	297
Application Authentication Settings	298
Application Accounting Settings	298
Authentication Settings	299
Accounting Settings	301
Server RADIUS Dynamic Author Settings	303
RADIUS	304
RADIUS Global Settings	304
RADIUS Server Settings	305
RADIUS Group Server Settings	306
RADIUS Statistic	307
TACACS+	308
TACACS+ Global Settings	308
TACACS+ Server Settings	309
TACACS+ Group Server Settings	310
TACACS+ Statistic	311
IMPB	311
IPv4	312
DHCPv4 Snooping	312
DHCP Snooping Global Settings	312
DHCP Snooping Port Settings	313
DHCP Snooping VLAN Settings	314
DHCP Snooping Database	314
DHCP Snooping Binding Entry	315
Dynamic ARP Inspection	316
ARP Access List	316
ARP Inspection Settings	317
ARP Inspection Port Settings	319
ARP Inspection VLAN	320
ARP Inspection Statistics	320
ARP Inspection Log	321
IP Source Guard	321
IP Source Guard Port Settings	321
IP Source Guard Binding	322
IP Source Guard HW Entry	323
Advanced Settings	324
IP-MAC-Port Binding Settings	324
IP-MAC-Port Binding Blocked Entry	325
IPv6	326
IPv6 Snooping	326
IPv6 ND Inspection	327
IPv6 RA Guard	328
IPv6 DHCP Guard	328
IPv6 Source Guard	329
IPv6 Source Guard Settings	329
IPv6 Neighbor Binding	330
DHCP Server Screening	331
DHCP Server Screening Global Settings	331
DHCP Server Screening Port Settings	332
ARP Spoofing Prevention	333
BPDU Attack Protection	334
MAC Authentication	335
Web-based Access Control	336
Web Authentication	338
WAC Port Settings	339
WAC Customize Page	340
Japanese Web-based Access Control	341
JWAC Global Settings	341
JWAC Port Settings	343
JWAC Customize Page Language	344
JWAC Customize Page	345
Network Access Authentication	346
Guest VLAN	346
Network Access Authentication Global Settings	347
Network Access Authentication Port Settings	349
Network Access Authentication Sessions Information	350
Safeguard Engine	351
Safeguard Engine Settings	352
CPU Protect Counters	353
CPU Protect Sub-Interface	353
CPU Protect Type	354
Trusted Host	355
Traffic Segmentation Settings	355
Storm Control Settings	357
DoS Attack Prevention Settings	359
SSH	360
SSH Global Settings	361
Host Key	362
SSH Server Connection	362
SSH User Settings	363
SSL	363
SSL Global Settings	364
Crypto PKI Trustpoint	365
SSL Service Policy	366
Network Protocol Port Protection Settings	367
10. OAM	368
Cable Diagnostics	368
DDM	368
DDM Settings	369
DDM Temperature Threshold Settings	370
DDM Voltage Threshold Settings	370
DDM Bias Current Threshold Settings	371
DDM TX Power Threshold Settings	372
DDM RX Power Threshold Settings	372
DDM Status Table	373
11. Monitoring	374
Utilization	374
Port Utilization	374
Statistics	375
Port	375
Port Counters	377
Counters	378
Mirror Settings	379
sFlow	381
sFlow Agent Information	381
sFlow Receiver Settings	382
sFlow Sampler Settings	383
sFlow Poller Settings	384
Device Environment	384
12. Green	385
Power Saving	385
EEE	387
13. Toolbar	388
Save	388
Save Configuration	388
Tools	388
Firmware Upgrade & Backup	388
Firmware Upgrade from HTTP	388
Firmware Upgrade from TFTP	389
Firmware Backup to HTTP	389
Firmware Backup to TFTP	390
Configuration Restore & Backup	391
Configuration Restore from HTTP	391
Configuration Restore from TFTP	391
Configuration Backup to HTTP	392
Configuration Backup to TFTP	393
Log Backup	393
Log Backup to HTTP	393
Log Backup to TFTP	394
Ping	395
Trace Route	397
Language Management	399
Reset	399
Reboot System	400
Wizard	400
Online Help	400
D-Link Support Site	400
User Guide	400
Surveillance Mode	401
Logout	401
14. Surveillance Mode	402
Surveillance Overview	402
Surveillance Topology	402
Device Information	406
Port Information	407
Group Details	408
IP-Camera Information	409
NVR Information	410
PoE Information	412
PoE Scheduling	413
Management	414
File System	414
Time	416
Clock Settings	416
SNTP Settings	417
Surveillance Settings	418
Surveillance Log	419
Health Diagnostic	420
Toolbar	421
Wizard	421
Tools	421
Firmware Upgrade & Backup	421
Firmware Upgrade from HTTP	421
Firmware Backup to HTTP	422
Configuration Restore & Backup	422
Configuration Restore from HTTP	422
Configuration Backup to HTTP	423
Language Management	423
Reset	424
Reboot System	424
Save	425
Save Configuration	425
Help	425
Online Help	426
D-Link Support Site	426
User Guide	426
Standard Mode	426
Logout	426
Appendix A - System Log Entries	427
802.1X	427
AAA	427
ARP Spoofing Prevention	430
Auto Save Configuration	430
Auto Surveillance VLAN	430
BPDU Attack Protection	431
Configuration/Firmware	431
DAI	434
DDM	435
DHCPv6 Client	435
DHCPv6 Relay	436
DNS Resolver	437
DoS Prevention	437
ErrDisable	437
Interface	438
JWAC	438
LACP	439
LBD	439
LLDP-MED	440
Login/Logout CLI	441
MAC-based Access Control	443
MSTP Debug Enhancement	444
Peripheral	446
PoE	447
Port Security	448
Safeguard	448
SNMP	448
SSH	448
Stacking	448
Storm Control	450
System Log Summary	450
Telnet	451
Voice-VLAN	451
Web	452
Web-Authentication	453
Appendix B - Trap Entries	454
802.1X	454
Authentication Fail	454
BPDU Attack Protection	454
DDM	454
DHCP Server Screen Prevention	455
DoS Prevention	455
ErrDisable	455
General Management	456
Gratuitous ARP Function	456
IMPB	456
LACP	456
LBD	457

Match case Limit results 1 per page

DGS-1510 Series Gigabit Ethernet SmartPro Switch Web UI Reference Guide

353

○

Stream Ciphers

- There are two types of stream ciphers on the Switch, RC4 with 40-bit

keys, and RC4 with 128-bit keys. These keys are used to encrypt messages and need to

be consistent between client and host for optimal use.

○

CBC Block Ciphers

- CBC refers to Cipher Block Chaining, which means that a portion

of the previously encrypted block of encrypted text is used in the encryption of the

current block. The Switch supports the 3DES EDE encryption code defined by the Data

Encryption Standard (DES) and the Advanced Encryption Standard (AES) to create the

encrypted text.

•

Hash Algorithm:

This part of the cipher suite allows the user to choose a message digest

function, which will determine a Message Authentication Code. This Message Authentication

Code will be encrypted with a sent message to provide integrity and prevent against replay

attacks. The Switch supports three hash algorithms, MD5 (Message Digest 5), SHA (Secure

Hash Algorithm), and SHA256.

These three parameters are uniquely assembled in four choices on the Switch to create a three-

layered encryption code for secure communication between the server and the client. The user may

implement any one or combination of the cipher suites available, yet different cipher suites will affect

the security level and the performance of the secured connection. The information included in the

cipher suites is not included with the Switch and requires downloading from a third source in a file

form called a certificate. This function of the Switch cannot be executed without the presence and

implementation of the certificate file and can be downloaded to the Switch by utilizing a TFTP server

or the Switch file system. The Switch supports TLS 1.0, TLS 1.1, and TLS 1.2. Other versions of SSL

may not be compatible with this Switch and may cause problems upon authentication and transfer of

messages from client to server.

When the SSL function has been enabled, the web will become disabled. To manage the Switch

through the web-based management while utilizing the SSL function, the web browser must support

SSL encryption and the header of the URL must begin with https:// (Ex. https://xx.xx.xx.xx). Any other

method will result in an error and no access can be authorized for the web-based management.

Users can download a certificate file for the SSL function on the Switch from a TFTP server. The

certificate file is a data record used for authenticating devices on the network. It contains information

on the owner, keys for authentication and digital signatures. Both the server and the client must have

consistent certificate files for optimal use of the SSL function. Currently, the Switch comes with a

certificate pre-loaded though the user may need to download more, depending on user

circumstances.

SSL Global Settings

This window is used to view and configure the SSL feature’s global settings.

To view the following window, click

Security > SSL > SSL Global Settings

, as shown below:

Figure 9-93 SSL Global Settings Window

The fields that can be configured for

SSL Global Settings

are described below:

Parameter

Description

SSL Status

Select to enable or disable the SSL feature’s global status here.