Home » D-Link Manuals » Bridges & Routers » D-Link DGS-3426 » Manual Viewer

D-Link DGS-3426 User Manual - Page 247

SSL Configuration, SSL Configuration and Ciphersuite menu

Add to My Manuals
Save this manual to your list of manuals

Page 247 highlights

xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description Certificate Type Server IP Certificate File Name Key File Name Select Local to specify certificate type. Enter the IPv4 address of the TFTP server where the certificate files are located. Enter the path and the filename of the certificate file to download. This file must have a .der extension. (Ex. c:/cert.der) Enter the path and the filename of the key file to download. This file must have a .der extension (Ex. c:/pkey.der) Click Apply to implement changes made. SSL Configuration This screen will allow the user to enable SSL on the Switch and implement any one or combination of listed ciphersuites on the Switch. A ciphersuite is a security string that determines the exact cryptographic parameters, specific encryption algorithms and key sizes to be used for an authentication session. The Switch possesses four possible ciphersuites for the SSL function, which are all enabled by default. To utilize a particular ciphersuite, disable the unwanted ciphersuites, leaving the desired one for authentication. When the SSL function has been enabled, the web will become disabled. To manage the Switch through the web based management while utilizing the SSL function, the web browser must support SSL encryption and the header of the URL must begin with https://. (Ex. https://xx.xx.xx.xx) Any other method will result in an error and no access can be authorized for the webbased management. To view the following window, click Security > SSL: Figure 10- 39. SSL Configuration and Ciphersuite menu To set up the SSL function on the Switch, configure the following parameters and click Apply. Parameter Description Configuration SSL Status Use the pull down menu to enable or disable the SSL status on the switch. The default is Disabled. Cache Timeout (6086400) This field will set the time between a new key exchange between a client and a host using the SSL function. A new SSL session is established every time the client and host go through a key exchange. Specifying a longer timeout will allow the SSL session to reuse the master key on future connections with that particular host, therefore speeding up the negotiation process. The default setting is 600 seconds. SSL Ciphersuite RSA with RC4 128 MD5 This ciphersuite combines the RSA key exchange, stream cipher RC4 encryption with 128bit keys and the MD5 Hash Algorithm. Use the pull down menu to enable or disable this ciphersuite. This field is Enabled by default. 233

Section	Page
Table of Contents	3
Intended Readers	10
Typographical Conventions	10
Notes, Notices, and Cautions	11
Safety Instructions	12
Safety Cautions	12
General Precautions for Rack-Mountable Products	13
Lithium Battery Precaution	14
Protecting Against Electrostatic Discharge	14
Ethernet Technology	15
Switch Description	15
Features	15
Ports	15
Front-Panel Components	15
Side Panel Description	15
Rear Panel Description	15
Gigabit Combo Ports	15
Ethernet Technology	15
Fast Ethernet Technology	15
Switch Description	15
Features	16
Ports	17
Front-Panel Components	18
DGS-3426	18
DGS-3426P	18
DGS-3427	18
DGS-3450	18
LED Indicators	19
Rear Panel Description	21
DGS-3426	21
DGS-3426P	21
DGS-3427	21
DGS-3450	21
Side Panel Description	22
Package Contents	23
Installation Guidelines	23
Installing the Switch without the Rack	23
Rack Installation	23
Power On	23
The Optional Module	23
Redundant Power System	23
Package Contents	23
Installation Guidelines	23
Installing the Switch without the Rack	24
Installing the Switch in a Rack	24
Mounting the Switch in a Standard 19\	25
Power On	25
Power Failure	25
Installing the SFP ports	26
The Optional Module	27
Installing the Module	28
External Redundant Power System	29
Switch to End Node	31
Switch to Switch	31
Connecting To Network Backbone or Server	31
Switch to End Node	31
Switch to Switch	31
Connecting To Network Backbone or Server	32
Management Options	33
Connecting the Console Port (RS-232 DCE)	33
First Time Connecting to the Switch	33
Password Protection	33
SNMP Settings	33
IP Address Assignment	33
Connecting Devices to the Switch	33
Management Options	33
1. Web-based Management Interface	33
2. SNMP-Based Management	33
3. Command Line Console Interface through the Serial Port	33
Connecting the Console Port (RS-232 DCE)	34
Managing the Switch for the First Time	35
Password Protection	36
SNMP Settings	37
Traps	37
MIBs	37
IP Address Assignment	38
Introduction	40
Logging on to the Web Manager	40
Web-Based User Interface	40
Basic Setup	40
Reboot	40
Basic Switch Setup	40
Network Management	40
Switch Utilities	40
Network Monitoring	40
IGMP Snooping Status	40
Introduction	40
Logging in to the Web Manager	40
Web-based User Interface	41
Areas of the User Interface	41
Web Pages	42
DGS-3400 Web Management Tool	44
IP Address	44
Interface Settings	44
Stacking	44
Port Configuration	44
User Accounts	44
Port Mirroring	44
System Log	44
System Severity Settings	44
SNTP Settings	44
MAC Notification Settings	44
TFTP Services	44
Multiple Image Services	44
Ping Test	44
Safeguard Engine	44
Static ARP Settings	44
IPv6 Neighbor	44
Routing Table	44
DHCP/BOOTP Relay	44
DHCP Auto Configuration	44
SNMP Manager	44
IP-MAC-Port Binding	44
PoE	44
Single IP Management Settings	44
Device Information	45
IPv6	47
Overview	47
Packet Format	48
IPv6 Header	48
Extension Headers	49
Packet Fragmentation	49
Address Format	49
Types	50
ICMPv6	51
Neighbor Discovery	51
Neighbor Unreachability Detection	51
Duplicate Address Detection (DAD)	52
Assigning IP Addresses	52
IP Interface Setup	52
IP Address	53
Setting the Switch's IP Address using the Console Interface	54
Interface Settings	55
IPv4 Interface Settings	55
IPv6 Interface Settings	56
Stacking	60
Stack Switch Swapping	61
Stacking Mode Settings	62
Box Information	62
Port Configuration	63
Port Error Disabled	64
Port Description	65
Cable Diagnostics	65
User Accounts	67
Port Mirroring	68
Mirroing within the Switch Stack	69
System Log	70
System Log Save Mode Settings	71
System Severity Settings	73
SNTP Settings	74
Time Settings	74
Time Zone and DST	75
MAC Notification Settings	77
TFTP Services	78
Multiple Image Services	80
Firmware Information	80
Config Firmware Image	81
Ping Test	82
IPv4 Ping Test	82
IPv6 Ping Test	83
Safeguard Engine	84
Safeguard Engine Settings	85
Static ARP Settings	86
IPv6 Neighbor	87
IPv6 Neighbor Settings	87
Routing Table	89
IPv4 Static/Default Route Settings	89
IPv6 Static/Default Route Settings	90
DHCP/BOOTP Relay	92
DHCP / BOOTP Relay Global Settings	92
The Implementation of DHCP Information Option 82	94
DHCP/BOOTP Relay Interface Settings	95
DHCP Auto Configuration Settings	96
SNMP Manager	97
Traps	97
MIBs	97
SNMP Trap Settings	98
SNMP User Table	98
SNMP View Table	100
SNMP Group Table	101
SNMP Community Table	103
SNMP Host Table	104
SNMP Engine ID	105
IP-MAC-Port Binding	106
ACL Mode	106
IP-MAC Binding Port	108
IP-MAC Binding Table	109
IP-MAC Binding Blocked	110
PoE Configuration	111
PoE System Settings	111
PoE Port Settings	113
Single IP Management (SIM) Overview	115
The Upgrade to v1.61	116
Single IP vs. Switch Stacking	117
SIM Using the Web Interface	117
Topology	118
Tool Tips	121
Right Click	123
Group Icon	123
Commander Switch Icon	124
Member Switch Icon	124
Candidate Switch Icon	124
Menu Bar	125
File	125
Group	125
Device	125
View	126
Help	126
Firmware Upgrade	126
Configuration Backup/Restore	126
Upload Log	127
VLAN	128
Trunking	128
IGMP Snooping	128
MLD Snooping	128
Loopback Detection Global Settings	128
Spanning Tree	128
Forwarding and Filtering	128
VLANs	128
Understanding IEEE 802.1p Priority	128
VLAN Description	128
Notes about VLANs on the DGS-3400 Series	129
IEEE 802.1Q VLANs	129
802.1Q VLAN Tags	130
Port VLAN ID	131
Tagging and Untagging	131
Ingress Filtering	132
Default VLANs	132
Port-based VLANs	132
VLAN Segmentation	133
VLAN and Trunk Groups	133
Protocol VLANs	133
Static VLAN Entry	133
GVRP Settings	137
Double VLANs	138
Regulations for Double VLANs	139
Double VLAN	140
PVID Auto Assign	142
MAC-based VLAN Settings	143
Trunking	144
Understanding Port Trunk Groups	144
Link Aggregation	145
LACP Port Settings	148
IGMP Snooping	151
IGMP Snooping Settings	151
Router Port Settings	152
ISM VLAN	154
Restrictions and Provisos	154
Limited Multicast Address Range	156
MLD Snooping	158
MLD Control Messages	158
MLD Snooping Settings	158
MLD Router Port Settings	160
Loopback Detection Global Settings	162
Spanning Tree	164
802.1s MSTP	164
802.1w Rapid Spanning Tree	164
Port Transition States	164
Edge Port	165
P2P Port	165
802.1D/802.1w/802.1s Compatibility	165
STP Bridge Global Settings	166
MST Configuration Identification	169
MSTP Port Information	171
STP Instance Settings	173
STP Port Settings	174
Forwarding & Filtering	176
Unicast Forwarding	176
Multicast Forwarding	176
Multicast Filtering Mode	177
Bandwidth Control	179
QoS Scheduling Mechanism	179
QoS Output Scheduling	179
802.1P Default Priority	179
802.1P User Priority	179
QoS	179
The Advantages of QoS	179
Understanding QoS	180
Bandwidth Control	182
QoS Scheduling Mechanism	183
QoS Output Scheduling	184
Configuring the Combination Queue	185
802.1P Default Priority	186
802.1P User Priority	187
Time Range	188
Access Profile Table	188
CPU Interface Filtering	188
Time Range	188
Access Profile Table	190
CPU Interface Filtering	203
CPU Interface Filtering State Settings	203
CPU Interface Filtering Table	203
Authorization Network State Settings	216
Traffic Control	216
Port Security	216
802.1X	216
Trust Host	216
Access Authentication Control	216
MAC Based Access Control	216
Traffic Segmentation	216
SSL	216
SSH	216
JWAC	216
Authorization Network State Settings	216
Traffic Control	217
Port Security	219
Port Security Entries	220
802.1X	221
802.1x Port-Based and MAC-Based Access Control	221
Authentication Server	221
Authenticator	222
Client	222
Authentication Process	223
Understanding 802.1x Port-based and MAC-based Network Access Control	223
Port-Based Network Access Control	224
MAC-Based Network Access Control	225
Guest VLANs	226
Limitations Using the Guest VLAN	226
Configure 802.1X Authenticator	227
Configure 802.1x Guest VLAN	229
Authentic RADIUS Server	230
Trust Host	231
Access Authentication Control	232
Authentication Policy & Parameters	233
Application's Authentication Settings	233
Authentication Server Group	234
Authentication Server Host	235
Login Method Lists	237
Enable Method Lists	238
Configure Local Enable Password	241
Enable Admin	241
MAC Based Access Control	242
MAC Based Access Control Global Settings	242
MAC Based Access Control Local MAC Settings	243
Traffic Segmentation	245
Secure Socket Layer (SSL)	246
Download Certificate	246
SSL Configuration	247
Secure Shell (SSH)	249
SSH Server Configuration	249
SSH Authentication Mode	250
SSH User Authentication Mode	252
JWAC (Japanese Web-based Access Control)	254
JWAC Global Configuration	254
JWAC Port Settings	256
JWAC User Account	259
JWAC Host Information	260
Device Status	261
Stacking Information	261
Module Information	261
CPU Utilization	261
Port Utilization	261
Packets	261
Errors	261
Packet Size	261
Browse Router Port	261
Browse MLD Router Port	261
VLAN Status	261
VLAN Status Port	261
Port Access Control	261
MAC Address Table	261
IGMP Snooping Group	261
MLD Snooping Group	261
Switch Logs	261
Browse ARP Table	261
Session Table	261
IP Forwarding Table	261
Browse Routing Table	261
MAC Based Control Authentication Status	261
Device Status	262
Stacking Information	262
Module Information	263
CPU Utilization	264
Port Utilization	265
Packets	266
Received (Rx)	266
UMB Cast (RX)	268
Transmitted (TX)	270
Errors	272
Received (RX)	272
Transmitted (TX)	274
Packet Size	276
Browse Router Port	279
Browse MLD Router Port	280
VLAN Status	281
VLAN Status Port	282
Port Access Control	283
RADIUS Authentication	283
RADIUS Account Client	284
MAC Address Table	286
IGMP Snooping Group	287
MLD Snooping Group	288
Switch Logs	289
Browse ARP Table	290
Session Table	291
IP Forwarding Table	292
Browse Routing Table	293
MAC Based Access Control Authentication Status	294
Reset	295
Reboot System	295
Save Services	295
Logout	295
Reset	295
Reboot System	296
Save Services	297
Save Changes	297
Configuration Information	298
Current Configuration Settings	299
Logout	299
Technical Specifications	300
Cables and Connectors	302
Cable Lengths	303
Switch Log Entries	304
Log Information	304
Copyright Statement: No part of this publication or documentation accompanying this product may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation without permission from D-Link Corporation/D-Link Systems, Inc., as stipulated by the United States Copyright Act of 1976 and any amendments thereto. Contents are subject to change without prior notice. Copyright 2004 by D-Link Corporation/D-Link Systems, Inc. All rights reserved.	323
FCC Statement: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a commercial installation. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communication. However, there is no guarantee that interference will not occur in a particular installation. Operation of this equipment in a residential environment is likely to cause harmful interference to radio or television reception. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:	323
Warranty beneficiary	325
Duration of Limited Lifetime Warranty	325
Replacement, Repair or Refund Procedure for Hardware	325

Match case Limit results 1 per page

xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch

Parameter

Description

Certificate Type

Select Local to specify certificate type.

Server IP

Enter the IPv4 address of the TFTP server where the certificate files are located.

Certificate File Name

Enter the path and the filename of the certificate file to download. This file must have a .der

extension. (Ex. c:/cert.der)

Key File Name

Enter the path and the filename of the key file to download. This file must have a .der

extension (Ex. c:/pkey.der)

Click

Apply

to implement changes made.

SSL Configuration

This screen will allow the user to enable SSL on the Switch and implement any one or combination of listed ciphersuites on the

Switch. A

ciphersuite

is a security string that determines the exact cryptographic parameters, specific encryption algorithms and

key sizes to be used for an authentication session. The Switch possesses four possible ciphersuites for the SSL function, which are

all enabled by default. To utilize a particular ciphersuite, disable the unwanted ciphersuites, leaving the desired one for

authentication.

When the SSL function has been enabled, the web will become disabled. To manage the Switch through the web based

management while utilizing the SSL function, the web browser must support SSL encryption and the header of the URL must

begin with https://. (Ex. https://xx.xx.xx.xx) Any other method will result in an error and no access can be authorized for the web-

based management.

To view the following window, click

Security > SSL

Figure 10- 39. SSL Configuration and Ciphersuite menu

To set up the SSL function on the Switch, configure the following parameters and click

Apply

Parameter

Description

Configuration

SSL Status

Use the pull down menu to enable or disable the SSL status on the switch. The default is

Disabled

Cache Timeout (60-

86400)

This field will set the time between a new key exchange between a client and a host using

the SSL function. A new SSL session is established every time the client and host go

through a key exchange. Specifying a longer timeout will allow the SSL session to reuse

the master key on future connections with that particular host, therefore speeding up the

negotiation process. The default setting is 600 seconds.

SSL Ciphersuite

RSA with RC4 128 MD5

This ciphersuite combines the RSA key exchange, stream cipher RC4 encryption with 128-

bit keys and the MD5 Hash Algorithm. Use the pull down menu to enable or disable this

ciphersuite. This field is

Enabled

by default.

233