D-Link DSL-G604T manual Trusted Host, Secure Socket Layer SSL

Page 100

DGS-3024 Gigabit Ethernet Switch Manual

8

Security

The second Web Manager main folder is Security and includes the following windows and sub-folders: Trusted Host, Secure Socket Layer (SSL), Secure Shell (SSH), and Access Authentication Control, as well as secondary windows.

Trusted Host

Go to the Security folder and click on the Trusted Host link; the following window will appear.

.

Figure 8- 1. Security IP Management window

Use security IP management to permit remote stations to manage the Switch. If you choose to define one or more designated management stations, only the chosen stations, as defined by IP address, will be allowed management privilege through the web manager or Telnet session. To define a management station IP setting, type in the IP address and click the Apply button.

Secure Socket Layer (SSL)

Secure Sockets Layer or SSL is a security feature that will provide a secure communication path between a host and client through the use of authentication, digital signatures and encryption. These security functions are implemented through the use of a ciphersuite, which is a security string that determines the exact cryptographic parameters, specific encryption algorithms and key sizes to be used for an authentication session and consists of three levels:

1.Key Exchange: The first part of the ciphersuite string specifies the public key algorithm to be used. This Switch utilizes the Rivest Shamir Adleman (RSA) public key algorithm and the Digital Signature Algorithm (DSA), specified here as the DHE DSS Diffie-Hellman (DHE) public key algorithm. This is the first authentication process between client and host as they “exchange keys” in looking for a match and therefore authentication to be accepted to negotiate encryptions on the following level.

2.Encryption: The second part of the ciphersuite that includes the encryption used for encrypting the messages sent between client and host. The Switch supports two types of cryptology algorithms:

Stream Ciphers – There are two types of stream ciphers on the Switch, RC4 with 40-bit keys and RC4 with 128-bit keys. These keys are used to encrypt messages and need to be consistent between client and host for optimal use.

CBC Block Ciphers – CBC refers to Cipher Block Chaining, which means that a portion of the previously encrypted block of encrypted text is used in the encryption of the current block. The Switch supports the 3DES EDE encryption code defined by the Data Encryption Standard (DES) to create the encrypted text.

86

Page 99 Page 101
Image 100
Page 99 Page 101
Contents Managed 24-Port Gigabit Ethernet Switch ManualCE Mark Warning FCC WarningVcci Warning Table of Contents Spanning Tree Sntp Settings Secure Shell SSH 117 141 Preface Intended ReadersDGS-3024 Gigabit Ethernet Switch Manual Safety Instructions Safety CautionsGeneral Precautions for Rack-Mountable Products Safety Instructions Battery Handling Reminder Features Performance FeaturesPorts ManagementDGS-3024 Gigabit Ethernet Switch Manual Installation Unpacking and SetupPacking List Desktop or Shelf Installation Rack InstallationPower Failure Power onExternal Redundant Power System DPS-300 in DPS-900 case with DGS-3024 Rear Panel Front PanelSide Panels LED Indicators Side panel views of the SwitchSwitch to End Node Switch connected to an End NodeSwitch to Hub or Switch DGS-3024 Gigabit Ethernet Switch Manual Command Line Console Interface Through the Serial Port Connecting the Console Port RS-232 DCEManagement Options Web-based Management InterfaceInitial screen after first connection First Time Connecting to The Switch Password ProtectionSnmp Settings MIBs TrapsIP Address Assignment Show Switch command Connecting Devices to the Switch Assigning the Switch an IP AddressLogin to Web Manager IntroductionWeb-based User Interface Areas of the User InterfaceArea Default Gateway IP AddressParameter Description Get IP From IP AddressSwitch Information Advanced Settings Igmp Snooping Multicast Router OnlySwitch Telnet StatusTelnet TCP Port NumberPort Configuration Parameter DescriptionFlow Control LearningPort Mirroring Link AggregationExample of Port Trunk Group State Parameter Description Group IDType Igmp Snooping Igmp SnoopingMaster Port Port MapHost Timeout Route TimeoutVlan Name Query IntervalStatic Router Ports Entry Leave TimerQuerier State 802.1s Mstp Spanning Tree802.1w Rapid Spanning Tree Port Transition States Edge PortP2P Port 802.1d/802.1w/802.1s CompatibilitySTP Bridge Global Settings 13. STP Bridge Global Settings window STP compatibleForward Delay 4 Parameter Description STP StatusSTP Version Hello Time 1-10 SecMST Configuration Table ParameterDescription Configuration NameTX Hold Count Forwarding BpduRevision Level VID List19. Instance ID Settings window Modify Parameter Description Instance ID Msti SettingsInternal cost Priority STP Instance Settings Parameter Description Instance TypeInstance Status Instance PriorityParameter Description Designated Root Bridge External Root CostRegional Root Bridge Internal Root CostForward Delay Max AgeLast Topology Change Topology ChangesSTP Port Settings 25. STP Port Settings windowParameter Description From/To External Cost 0 =Auto Hello TimeForwarding Unicast ForwardingMulticast Forwarding Allowed to go portPort Settings VLANsUnderstanding Ieee 802.1p Priority Multicast MACVlan Description Ieee 802.1Q VLANsDGS-3024 Gigabit Ethernet Switch Manual 802.1Q Vlan Tags 29. Ieee 802.1Q Packet ForwardingPort Vlan ID 30. Ieee 802.1Q TagTagging and Untagging Ingress FilteringDefault VLANs Switch PortsVlan and Trunk Groups Static Vlan Entry32. first 802.1Q Static VLANs window 8021Q Port Settings 35. Gvrp Settings window Ingress CheckTime Setting Sntp SettingsFrame Type 36. Current Time Status window ParameterDescription Time Zone and DST Settings Time Zone and DSTMonth DayDaylight Saving Time State Daylight SavingTime Offset Minutes Time Zone OffsetAdvantages of QoS QoSUnderstanding QoS DGS-3024 Gigabit Ethernet Switch Manual 39. Storm Control Type Setting window Traffic Control802.1p Default Priority 40. Port Default Priority assignment window 802.1p User PriorityParameter Description Strict QoS Scheduling MechanismRoundRobin MAC Notification Global Settings MAC NotificationQoS Output Scheduling ParameterDescription Max. PacketsMAC Notification Port Settings Parameter Description StateInterval sec ~2147483647 History size 1~50045. MAC Notification Port Settings window Parameter Description From and ToSystem Log Server Parameter Description IndexServer IP SeverityChoose Enabled or Disabled to activate or deactivate Status802.1x Port-Based Access Control Port Access EntityAuthentication Server Authenticator 50. Authentication ServerPort-Based Network Access Control Authentication ProcessClient Configure Authenticator 53. Example of Typical Port-Based Configuration54. First 802.1x Authenticator Settings window AdmDir PortControl802.1x Capability Settings Local users57 .1x Capability Settings window Initialize Ports Reauthenticate Ports Parameter Description PortAuth State OpenDirRadius Server StatusStatic ARP Settings 61. Static ARP Settings windowTrusted Host Secure Socket Layer SSLConfiguration Download CertificateParameter Description Status RSA with RC4RSA with 3DES EDE DHS DSS with 3DESSSH Configuration Secure Shell SSHParameter Description SSH Server Status Max SessionTime Out Auth. FailParameterDescription Encryption Algorithm SSH AlgorithmBlow-fish CBC Authentication Algorithm PasswordCast128-CBC Twofish128Auth. Mode SSH User AuthenticationParameter Description User Name Host Name Access Authentication ControlHost IP Authentication Policy & Parameters Parameters Description Authentication PolicyResponse Timeout 255Application Authentication Settings Authentication Server GroupLogin Method List Enable Method List10. Authentication Server Group Settings window Authentication Server Host ParameterDescriptionLogin Method Lists TimeoutProtocol Retransmit15. Login Method List Settings window Enable Method Lists 18. Enable Method List Settings window19. Enable Method List Edit window 20. Enable Method List Add windowConfigure Local Enable Password Enable Admin22. Enable Admin window Access Right User AccountsAdmin and User Privileges New PasswordPassword Access Right Confirm NewManagement Admin User Admin and User PrivilegesSnmp Manager User Account ManagementSnmp User Table Group NameSnmp V3 Encryption Auth-ProtocolSnmp View Table Snmp View Table windowSnmp Group Table Parameter Description View NameSubtree OID View TypeParameter Description Group Name Read View NameWrite View Name Notify View NameSnmp Community Table Security ModelSnmp Host Table Parameter Description Community NameSnmp Engine ID Parameter Description Host IP AddressSnmp Version Community String14. Snmp Engine ID Configuration window Port Utilization Utilization windowPackets Received RXBytes PacketsUMB Cast RX Multicast UnicastBroadcast Transmitted TX Tx Packets Analysis window line graph for Bytes and PacketsErrors Tx Packets Analysis window table for Bytes and PacketsRx Error Analysis window line graph CrcError UnderSizeOverSize Fragment10. Tx Error Analysis window line graph ExDefer LateCollExColl SingCollSize 12. Packet Size Analysis window line graph65-127 128-255256-511 512-1023MAC Address 14. MAC Address Table window Vlan ID of the Vlan the port is a memberSwitch History Log LearnedNext View All Entry15. Switch History window Igmp Snooping Group Multicast GroupQueries ReportsIgmp Snooping Forwarding Vlan StatusRouter Port Session TablePort Access Control Radius AuthenticationDownload Configuration File Tftp ServicesDownload Firmware Ping Test Save SettingsSave History Log Save Changes Ping Test windowReboot Reboot ServicesReset Reset System Reset ConfigLogout 12. Logout Web Setups window Technical Specifications Standards ProtocolsData Transfer Rates Ethernet Fast EthernetStandard Media Type Maximum Distance Cable LengthsMini Gbic Glossary Line speed See baud rate DGS-3024 Gigabit Ethernet Switch Manual Limited Warranty What Is Not Covered FCC Warning TrademarksPage Page Product Registration Link Europe Limited Product Warranty General TermsWarrantor Link Europe Limited Produktgarantie Allgemeine BedingungenGarantiegeber Link Europe a limité la garantie des produits Conditions GénéralesGarant Garantía limitada del producto D-LINK Europa Condiciones generalesGarante Link Europe Termini di Garanzia dei Prodotti GeneralitàPrestazioni della Garanzia limitata Technical Support Emailsupport@dlink.com.sg Tech Support for customers within India Tech Support for customers within the Russia Technical Support Technical Support Technical Support Техническая поддержка D-Link Техническая поддержка через ИнтернетAsistencia Técnica Suporte Técnico 友冠技術支援 Technical Support Technische Unterstützung Assistance technique Assistance technique D-Link par téléphoneAsistencia Técnica de D-Link por teléfono 902 Asistencia Técnica de D-Link a través de InternetSupporto tecnico Tech Support for customers within the Netherlands Telefoniczna pomoc techniczna firmy D-Link Pomoc techniczna firmy D-Link świadczona przez InternetTechnická podpora Technikai Támogatás Teknisk Support Link teknisk support på Internettet Teknistä tukea asiakkaille Suomessa 0800-114Teknisk Support för kunder i Sverige 0770-33 00技术支持 Tech Support for customers within the United States International Offices Registration Card All Countries and Regions Excluding USA
Related manuals
Manual 26 pages 8.5 Kb
Top Page Image Contents