Home » D-Link Manuals » Wireless » D-Link DGS-1520 » Manual Viewer

D-Link DGS-1520 User Manual - Page 595

Parameter, Description, RADIUS Tunnel Attribute, Value, Usage, Forward IPv4 and IPv6 traffic

Add to My Manuals
Save this manual to your list of manuals

Page 595 highlights

DGS-1520 Series Gigabit Ethernet Smart Managed Switch Web UI Reference Guide Parameter any DST-IP-ADDR DST-IP-NET-ADDR DST-IPV6-ADDR DST-IPV6-NET-ADDR tcp, udp, icmp ip IP-PROT-VALUE TCP-PORT-RANGE UDP-PORT-RANGE ICMP-TYPE Description Specifies any source IP address or any destination IP address to be configured. Specifies a specific destination host IP address. Specifies a group of destination IP addresses with a mask width of the form 1.2.3.4/24. Specifies a specific destination host IPv6 address. Specifies a group of destination IPv6 network of the form 2000::1/64. Specifies Layer 4 protocols. Specifies that any protocol will match. Specifies the IP protocol value. The valid value is from 0 to 255. (Optional) Specifies to match TCP port or port range. The form is like 22-23, 80. (Optional) Specifies to match UDP port or port range. The form is like 56, 67-68. (Optional) Specifies the ICMP message type. The valid number for the message type is from 0 to 255. Example This example shows how to deny host's telnet service on the RADIUS server. Nas-filter-Rule="deny in tcp from any to any 23" Nas-filter-Rule+="permit in ip from any to any" This example shows how to limit host to access a group of IP address on the RADIUS server. Nas-filter-Rule="permit in ip from any to 10.10.10.1/24" Nas-filter-Rule+="permit in ip from any to fe80::d1:1/64" The parameters of the Vendor-Specific Attribute are: RADIUS Tunnel Attribute Vendor-ID Vendor-Type Attribute-Specific Field Description Defines the vendor. Defines the attribute. IPv6 filter rule. Used to accept IPv6 address related inputs. Value 171 (DLINK) 14 (for ACL script) This attribute indicates either of the following IP modes for NASFilter-Rule 1=Forward IPv4 and IPv6 traffic 2=Forward IPv4-only traffic (drop any IPv6 traffic) If this attribute is not assigned by RADIUS server, forward IPv4only traffic, any IPv6 packet will be dropped. Usage Required Required Required NOTE: If both proprietary ACL script (VSA14) and standard NAS-Filter-Rule (92) are assigned at the same time, NAS-Filter-Rule (92) will take effect, and VSA14 will be ignored. 585

Section	Page
Table of Contents	3
1. Introduction	11
Audience	11
Other Documentation	11
Typographical Conventions	11
Notes and Cautions	11
2. Web User Interface (Web UI)	12
Connecting to the Web UI	12
Logging into the Web UI	12
Smart Wizard	13
Step 1 - System IP Information	13
Step 2 - User Accounts Settings	14
Step 3 - SNMP Settings	15
Web Interface Navigation	16
3. System	17
Device Information	17
System Information Settings	18
Peripheral Settings	19
Port Configuration	20
Port Settings	20
Port Status	22
Port GBIC	22
Port Auto Negotiation	23
Error Disable Settings	24
Jumbo Frame	25
Interface Description	26
Loopback Test	26
PoE	27
PoE System	28
PoE Status	29
PoE Configuration	29
PD Alive	31
PoE Statistics	32
PoE Measurement	32
PoE LLDP Classification	33
System Log	34
System Log Settings	34
System Log Discriminator Settings	36
System Log Server Settings	37
System Log	38
System Attack Log	39
Time and SNTP	39
Clock Settings	39
Time Zone Settings	40
SNTP Settings	41
Time Range	42
Reset Button Settings	43
4. Management	44
Command Logging	44
User Accounts Settings	45
Password Encryption	46
Password Recovery	47
Login Method	47
SNMP	49
SNMP Global Settings	50
SNMP Linkchange Trap Settings	51
SNMP View Table Settings	52
SNMP Community Table Settings	52
SNMP Group Table Settings	54
SNMP Engine ID Local Settings	55
SNMP User Table Settings	55
SNMP Host Table Settings	57
SNMP Context Mapping Table Settings	58
RMON	58
RMON Global Settings	58
RMON Statistics Settings	59
RMON History Settings	60
RMON Alarm Settings	61
RMON Event Settings	62
Telnet/Web	63
Session Timeout	63
DHCP	64
Service DHCP	64
DHCP Class Settings	65
DHCP Pool Settings	66
DHCP Server	66
DHCP Server Global Settings	67
DHCP Server Pool Settings	68
DHCP Server Exclude Address	71
DHCP Server Manual Binding	72
DHCP Server Dynamic Binding	72
DHCP Server IP Conflict	73
DHCP Server Statistic	74
DHCPv6 Server	74
DHCPv6 Server Pool Settings	74
DHCPv6 Server Local Pool Settings	76
DHCPv6 Server Exclude Address	77
DHCPv6 Server Binding	78
DHCPv6 Server Interface Settings	78
DHCPv6 Server Operational Information	79
DHCP Relay	80
DHCP Relay Global Settings	80
DHCP Relay Pool Settings	80
DHCP Relay Information Settings	83
DHCP Relay Information Option Format Settings	84
DHCP Relay Port Settings	85
DHCP Local Relay VLAN	86
DHCPv6 Relay	87
DHCPv6 Relay Global Settings	87
DHCPv6 Relay Interface Settings	89
DHCPv6 Relay Remote ID Profile Settings	89
DHCPv6 Relay Interface ID Profile Settings	91
DHCPv6 Relay Format Type Settings	93
DHCPv6 Relay Port Settings	94
DHCPv6 Local Relay VLAN	94
DHCP Auto Configuration	95
DHCP Auto Image Settings	95
DNS	96
DNS Global Settings	97
DNS Name Server Settings	97
DNS Host Settings	98
NTP	99
NTP Global Settings	99
NTP Server Settings	100
NTP Peer Settings	101
NTP Access Group Settings	101
NTP Key Settings	103
NTP Interface Settings	104
NTP Associations	104
NTP Status	105
IP Source Interface	106
File System	106
Stacking	108
Physical Stacking	113
Stacking Bandwidth	114
Virtual Stacking (SIM)	115
Single IP Settings	117
Topology	118
File	118
Print Topology	118
Preference	119
Group	119
Add to Group	119
Remove from Group	119
Device	120
Configure	120
View	120
Refresh	120
Topology	120
Help	122
About	122
Firmware Upgrade	123
Configuration File Backup/Restore	123
Upload Log File	124
D-Link Discovery Protocol	124
DDP Settings	124
DDP Neighbors	125
SMTP Settings	126
NLB FDB Settings	127
5. Layer 2 Features	129
FDB	129
Static FDB	129
Unicast Static FDB	129
Multicast Static FDB	130
MAC Address Table Settings	130
MAC Address Table	132
MAC Notification	133
VLAN	134
VLAN Configuration Wizard	134
Create/Configure VLAN	134
Create VLAN	135
Configure VLAN	136
802.1Q VLAN	137
VLAN Interface	138
802.1v Protocol VLAN	143
Protocol VLAN Profile	143
Protocol VLAN Profile Interface	144
GVRP	145
GVRP Global	145
GVRP Port	146
GVRP Advertise VLAN	147
GVRP Forbidden VLAN	148
GVRP Statistics Table	149
Asymmetric VLAN	149
MAC VLAN	150
L2VLAN Interface Description	150
Subnet VLAN	151
Super VLAN	151
Auto Surveillance VLAN	153
Auto Surveillance Properties	153
MAC Settings and Surveillance Device	155
Voice VLAN	156
Voice VLAN Global	156
Voice VLAN Port	157
Voice VLAN OUI	158
Voice VLAN Device	158
Voice VLAN LLDP-MED Device	159
Private VLAN	159
VLAN Tunnel	160
Dot1q Tunnel	160
VLAN Mapping	162
VLAN Mapping Profile	164
STP	169
STP Global Settings	171
STP Port Settings	173
MST Configuration Identification	175
STP Instance	176
MSTP Port Information	176
ERPS (G.8032)	177
ERPS	177
ERPS Profile	182
Loopback Detection	183
Link Aggregation	185
L2 Protocol Tunnel	188
L2 Multicast Control	189
IGMP Snooping	189
IGMP Snooping Settings	189
IGMP Snooping AAA Settings	192
IGMP Snooping Groups Settings	193
IGMP Snooping Filter Settings	194
IGMP Snooping Mrouter Settings	196
IGMP Snooping Statistics Settings	197
MLD Snooping	198
MLD Snooping Settings	199
MLD Snooping Groups Settings	202
MLD Snooping Filter Settings	203
MLD Snooping Mrouter Settings	205
MLD Snooping Statistics Settings	206
Multicast VLAN	208
Multicast VLAN Settings	208
Multicast VLAN Group Settings	211
PIM Snooping	213
PIM Snooping Global Settings	213
PIM Snooping Neighbor Table	214
PIM Snooping Multicast Route Table	214
PIM Snooping Statistics Table	215
Multicast Filtering Mode	215
LLDP	216
LLDP Global Settings	216
LLDP Port Settings	217
LLDP Management Address List	218
LLDP Basic TLVs Settings	219
LLDP Dot1 TLVs Settings	220
LLDP Dot3 TLVs Settings	221
LLDP-MED Port Settings	222
LLDP Statistics Information	223
LLDP Local Port Information	224
LLDP Neighbor Port Information	225
6. Layer 3 Features	228
ARP	228
ARP Aging Time	228
Static ARP	229
Proxy ARP	230
ARP Table	230
Gratuitous ARP	231
IPv6 Neighbor	232
Interface	233
IPv4 Interface	233
IPv6 Interface	236
Loopback Interface	240
Null Interface	241
UDP Helper	242
IP Forward Protocol	242
IP Helper Address	242
IPv4 Static/Default Route	243
IPv4 Route Table	244
IPv6 Static/Default Route	245
IPv6 Route Table	246
Route Preference	247
ECMP Settings	247
IPv6 General Prefix	248
URPF Settings	248
RIP	250
RIP Settings	250
RIP Distribute List	252
RIP Interface Settings	252
RIP Database	254
RIPng	255
RIPng Settings	255
RIPng Interface Settings	256
RIPng Database	257
OSPF	258
OSPFv2	258
OSPFv2 Process Settings	258
OSPFv2 Distribute List	260
OSPFv2 Passive Interface Settings	261
OSPFv2 Area Settings	262
OSPFv2 Interface Settings	264
OSPFv2 Redistribute Settings	266
OSPFv2 Virtual Link Settings	268
OSPFv2 LSDB Table	269
OSPFv2 Neighbor Table	271
OSPFv2 Host Route Settings	272
OSPFv3	273
OSPFv3 Process Settings	273
OSPFv3 Passive Interface Settings	275
OSPFv3 Area Settings	276
OSPFv3 Interface Settings	278
OSPFv3 Redistribute Settings	281
OSPFv3 Virtual Link Settings	282
OSPFv3 LSDB Table	284
OSPFv3 Neighbor Table	285
OSPFv3 Border Router Table	286
IP Multicast Routing Protocol	287
IGMP	287
IGMP Interface Settings	287
IGMP Static Group Settings	289
IGMP Dynamic Group Table	289
MLD	290
MLD Interface Settings	290
MLD Static Group Settings	292
MLD Group Table	293
IGMP Proxy	293
IGMP Proxy Settings	293
IGMP Proxy Group Table	295
IGMP Proxy Forwarding Table	295
MLD Proxy	296
MLD Proxy Settings	296
MLD Proxy Group Table	297
MLD Proxy Forwarding Table	298
DVMRP	298
DVMRP Interface Settings	298
DVMRP Routing Table	299
DVMRP Neighbor Table	300
PIM	300
PIM for IPv4	303
PIM Interface	303
PIM BSR Candidate	305
PIM RP Address	306
PIM RP Candidate	308
PIM RP Table	309
PIM Register Settings	310
PIM SPT Threshold Settings	312
PIM SSM Settings	312
PIM Neighbor Table	314
PIM for IPv6	314
PIM for IPv6 Interface	314
PIM for IPv6 BSR Candidate Settings	316
PIM for IPv6 BSR Table	318
PIM for IPv6 RP Address	318
PIM for IPv6 RP Candidate	320
PIM for IPv6 RP Embedded Settings	322
PIM for IPv6 RP Table	322
PIM for IPv6 Register Settings	323
PIM for IPv6 SPT Threshold Settings	324
PIM for IPv6 SSM Settings	324
PIM for IPv6 (S,G) Keepalive Time	325
PIM for IPv6 Multicast Route Table	326
PIM for IPv6 Neighbor Table	327
MSDP	328
MSDP Global Settings	328
MSDP Peer Settings	329
MSDP SA Cache	332
MSDP Static RPF Settings	333
MSDP Mesh Group Settings	334
IPMC	335
IP Multicast Global Settings	335
IP Multicast Route Settings	337
IP Multicast RPF Table	338
IP Multicast Routing Forwarding Cache Table	338
IP Multicast Protocol Statistics	339
Control Packet CPU Filtering	340
IPv6MC	341
IPv6 Multicast Global Settings	341
IPv6 Multicast Routing Table	342
IPv6 Multicast Routing Forwarding Cache Table	342
IPv6 RPF Table	343
IP Route Filter	343
Route Map	343
Policy Route	347
VRRP Settings	347
VRRPv3 Settings	350
7. Quality of Service (QoS)	353
Basic Settings	353
Port Default CoS	353
Port Scheduler Method	354
Queue Settings	355
CoS to Queue Mapping	356
Port Rate Limiting	356
Queue Rate Limiting	357
Advanced Settings	358
DSCP Mutation Map	358
Port Trust State and Mutation Binding	360
DSCP CoS Mapping	361
CoS Color Mapping	362
DSCP Color Mapping	363
Class Map	363
Aggregate Policer	365
Policy Map	368
Policy Binding	371
QoS PFC	372
Network QoS Class Map	372
Network QoS Policy Map	373
Network QoS Policy Binding	374
PFC Port Settings	375
WRED	375
WRED Profile	376
WRED Queue	377
8. Access Control List (ACL)	378
ACL Configuration Wizard	378
Step 1 - Create/Update	378
Step 2 - Select Packet Type	379
Step 3 - Add Rule	380
Extended MAC ACL	380
Extended/Standard IPv4 ACL	382
Extended/Standard IPv6 ACL	385
Extended Expert ACL	388
Step 4 - Apply Port	391
ACL Access List	392
Standard IP ACL	394
Extended IP ACL	395
Standard IPv6 ACL	397
Extended IPv6 ACL	399
Extended MAC ACL	401
Extended Expert ACL	403
ACL Interface Access Group	406
ACL VLAN Access Map	407
ACL VLAN Filter	409
CPU ACL	409
9. Security	413
Port Security	413
Port Security Global Settings	413
Port Security Port Settings	414
Port Security Address Entries	415
802.1X	416
802.1X Global Settings	420
802.1X Port Settings	421
Authentication Sessions Information	422
Authenticator Statistics	422
Authenticator Session Statistics	423
Authenticator Diagnostics	424
AAA	425
AAA Global Settings	425
Application Authentication Settings	425
Application Accounting Settings	426
Authentication Settings	427
Accounting Settings	430
Server RADIUS Dynamic Author Settings	432
RADIUS	433
RADIUS Global Settings	433
RADIUS Server Settings	434
RADIUS Group Server Settings	435
RADIUS Statistic	437
TACACS+	438
TACACS+ Global Settings	438
TACACS+ Server Settings	439
TACACS+ Group Server Settings	439
TACACS+ Statistic	441
IMPB	441
IPv4	442
DHCPv4 Snooping	442
DHCP Snooping Global Settings	442
DHCP Snooping Port Settings	443
DHCP Snooping VLAN Settings	444
DHCP Snooping Database	444
DHCP Snooping Binding Entry	445
Dynamic ARP Inspection	446
ARP Access List	446
ARP Inspection Settings	447
ARP Inspection Port Settings	449
ARP Inspection Statistics	450
ARP Inspection Log	450
IP Source Guard	451
IP Source Guard Port Settings	451
IP Source Guard Binding	452
IP Source Guard HW Entry	453
Advanced Settings	454
IP-MAC-Port Binding Settings	454
IP-MAC-Port Binding Blocked Entry	455
IPv6	456
IPv6 Snooping	456
IPv6 ND Inspection	459
IPv6 RA Guard	460
IPv6 DHCP Guard	461
IPv6 Source Guard	462
IPv6 Source Guard Settings	462
IPv6 Neighbor Binding	463
DHCP Server Screening	464
DHCP Server Screening Global Settings	464
DHCP Server Screening Port Settings	466
ARP Spoofing Prevention	466
BPDU Attack Protection	467
NetBIOS Filtering	469
MAC Authentication	469
Web-based Access Control	471
Web Authentication	473
WAC Port Settings	474
WAC Customize Page	475
Network Access Authentication	476
Guest VLAN	476
Network Access Authentication Global Settings	477
Network Access Authentication Port Settings	478
Network Access Authentication Sessions Information	480
Safeguard Engine	480
Safeguard Engine Settings	482
CPU Protect Counters	482
CPU Protect Sub-Interface	483
CPU Protect Type	484
Trusted Host	484
Traffic Segmentation Settings	485
Storm Control Settings	486
DoS Attack Prevention Settings	488
Zone Defense Settings	490
SSH	490
SSH Global Settings	491
Host Key	491
SSH Server Connection	492
SSH User Settings	492
SSH Client Settings	493
SSL	494

Match case Limit results 1 per page

DGS-1520 Series Gigabit Ethernet Smart Managed Switch Web UI Reference Guide

585

Parameter

Description

any

Specifies any source IP address or any destination IP address to be configured.

DST-IP-ADDR

Specifies a specific destination host IP address.

DST-IP-NET-ADDR

Specifies a group of destination IP addresses with a mask width of the form

1.2.3.4/24.

DST-IPV6-ADDR

Specifies a specific destination host IPv6 address.

DST-IPV6-NET-ADDR

Specifies a group of destination IPv6 network of the form 2000::1/64.

tcp, udp, icmp

Specifies Layer 4 protocols.

Specifies that any protocol will match.

IP-PROT-VALUE

Specifies the IP protocol value. The valid value is from 0 to 255.

TCP-PORT-RANGE

(Optional) Specifies to match TCP port or port range. The form is like 22-23, 80.

UDP-PORT-RANGE

(Optional) Specifies to match UDP port or port range. The form is like 56, 67-68.

ICMP-TYPE

(Optional) Specifies the ICMP message type. The valid number for the message

type is from 0 to 255.

Example

This example shows how to deny host’s telnet service on the RADIUS server.

Nas-filter-Rule="deny in tcp from any to any 23"

Nas-filter-Rule+="permit in ip from any to any"

This example shows how to limit host to access a group of IP address on the RADIUS server.

Nas-filter-Rule="permit in ip from any to 10.10.10.1/24"

Nas-filter-Rule+="permit in ip from any to fe80::d1:1/64"

The parameters of the Vendor-Specific Attribute are:

RADIUS Tunnel Attribute

Description

Value

Usage

Vendor-ID

Defines the vendor.

171 (DLINK)

Required

Vendor-Type

Defines the attribute.

14 (for ACL script)

Required

Attribute-Specific Field

IPv6 filter rule. Used to accept

IPv6 address related inputs.

This attribute indicates either of

the following IP modes for NAS-

Filter-Rule

1=Forward IPv4 and IPv6 traffic

2=Forward IPv4-only traffic (drop

any IPv6 traffic)

If this attribute is not assigned by

RADIUS server, forward IPv4-

only traffic, any IPv6 packet will

be dropped.

Required

NOTE:

If both proprietary ACL script (VSA14) and standard NAS-Filter-Rule (92) are assigned at the

same time, NAS-Filter-Rule (92) will take effect, and VSA14 will be ignored.