D-Link DSL-G604T manual Download Certificate, Configuration

Page 101

DGS-3024 Gigabit Ethernet Switch Manual

3.Hash Algorithm: This part of the ciphersuite allows the user to choose a message digest function which will determine a Message Authentication Code. This Message Authentication Code will be encrypted with a sent message to provide integrity and prevent against replay attacks. The Switch supports two hash algorithms, MD5 (Message Digest 5) and SHA (Secure Hash Algorithm).

These three parameters are uniquely assembled in four choices on the Switch to create a three-layered encryption code for secure communication between the server and the host. The user may implement any one or combination of the ciphersuites available, yet different ciphersuites will affect the security level and the performance of the secured connection. The information included in the ciphersuites is not included with the Switch and requires downloading from a third source in a file form called a certificate. This function of the Switch cannot be executed without the presence and implementation of the certificate file and can be downloaded to the Switch by utilizing a TFTP server. The Switch supports SSLv3. Other versions of SSL may not be compatible with this Switch and may cause problems upon authentication and transfer of messages from client to host.

Download Certificate

This window is used to download a certificate file for the SSL function on the Switch from a TFTP server. The certificate file is a data record used for authenticating devices on the network. It contains information on the owner, keys for authentication and digital signatures. Both the server and the client must have consistent certificate files for optimal use of the SSL function. The Switch only supports certificate files with .der file extensions. Currently, all members of the xStack family come with a certificate pre-loaded though the user may need to download more, depending on user circumstances.

To view the following window, click Security > Secure Socket Layer (SSL) > Download Certificate:

Figure 8- 2. Download Certificate window

To download certificates, set the following parameters and click Apply.

Parameter

Description

 

 

 

Server IP

Enter the IP address of the TFTP server where the certificate files are located.

 

 

 

 

Certificate File Name

Enter the path and the filename of the certificate file to download. This file must have

 

 

a .der extension. (Ex. c:/cert.der)

 

 

 

 

Key File Name

Enter the path and the filename of the key file to download. This file must have a .der

 

 

extension (Ex. c:/pkey.der)

 

 

 

 

Click Apply to implement changes made.

Configuration

This window will allow the user to enable SSL on the Switch and implement any one or combination of listed ciphersuites on the Switch. A ciphersuite is a security string that determines the exact cryptographic parameters, specific encryption algorithms and key sizes to be used for an authentication session. The Switch possesses four possible ciphersuites for the

87

Page 100 Page 102
Image 101
Page 100 Page 102
Contents Manual Managed 24-Port Gigabit Ethernet SwitchVcci Warning FCC WarningCE Mark Warning Table of Contents Spanning Tree Sntp Settings Secure Shell SSH 117 141 Intended Readers PrefaceDGS-3024 Gigabit Ethernet Switch Manual Safety Cautions Safety InstructionsGeneral Precautions for Rack-Mountable Products Safety Instructions Battery Handling Reminder Performance Features FeaturesPorts ManagementDGS-3024 Gigabit Ethernet Switch Manual Packing List Unpacking and SetupInstallation Rack Installation Desktop or Shelf InstallationExternal Redundant Power System Power onPower Failure DPS-300 in DPS-900 case with DGS-3024 Side Panels Front PanelRear Panel Side panel views of the Switch LED IndicatorsSwitch connected to an End Node Switch to End NodeSwitch to Hub or Switch DGS-3024 Gigabit Ethernet Switch Manual Connecting the Console Port RS-232 DCE Command Line Console Interface Through the Serial PortManagement Options Web-based Management InterfaceInitial screen after first connection Password Protection First Time Connecting to The SwitchSnmp Settings IP Address Assignment TrapsMIBs Show Switch command Assigning the Switch an IP Address Connecting Devices to the SwitchIntroduction Login to Web ManagerAreas of the User Interface Web-based User InterfaceArea IP Address Default GatewayParameter Description Get IP From IP AddressSwitch Information Igmp Snooping Multicast Router Only Advanced SettingsTelnet Status SwitchTelnet TCP Port NumberParameter Description Port ConfigurationLearning Flow ControlLink Aggregation Port MirroringExample of Port Trunk Group Type Parameter Description Group IDState Igmp Snooping Igmp SnoopingMaster Port Port MapRoute Timeout Host TimeoutVlan Name Query IntervalQuerier State Leave TimerStatic Router Ports Entry 802.1w Rapid Spanning Tree Spanning Tree802.1s Mstp Edge Port Port Transition StatesP2P Port 802.1d/802.1w/802.1s Compatibility13. STP Bridge Global Settings window STP compatible STP Bridge Global SettingsParameter Description STP Status Forward Delay 4STP Version Hello Time 1-10 SecParameterDescription Configuration Name MST Configuration TableTX Hold Count Forwarding BpduVID List Revision Level19. Instance ID Settings window Modify Internal cost Msti SettingsParameter Description Instance ID Priority Parameter Description Instance Type STP Instance SettingsInstance Status Instance PriorityBridge External Root Cost Parameter Description Designated RootRegional Root Bridge Internal Root CostMax Age Forward DelayLast Topology Change Topology Changes25. STP Port Settings window STP Port SettingsExternal Cost 0 = Parameter Description From/ToAuto Hello TimeUnicast Forwarding ForwardingMulticast Forwarding Allowed to go portVLANs Port SettingsUnderstanding Ieee 802.1p Priority Multicast MACIeee 802.1Q VLANs Vlan DescriptionDGS-3024 Gigabit Ethernet Switch Manual 29. Ieee 802.1Q Packet Forwarding 802.1Q Vlan Tags30. Ieee 802.1Q Tag Port Vlan IDIngress Filtering Tagging and UntaggingSwitch Ports Default VLANsVlan and Trunk Groups Static Vlan Entry32. first 802.1Q Static VLANs window 8021Q Port Settings Ingress Check 35. Gvrp Settings windowFrame Type Sntp SettingsTime Setting 36. Current Time Status window Time Zone and DST ParameterDescription Time Zone and DST SettingsMonth DayTime State Daylight Saving Daylight SavingTime Offset Minutes Time Zone OffsetUnderstanding QoS QoSAdvantages of QoS DGS-3024 Gigabit Ethernet Switch Manual Traffic Control 39. Storm Control Type Setting window802.1p Default Priority 802.1p User Priority 40. Port Default Priority assignment windowRoundRobin QoS Scheduling MechanismParameter Description Strict MAC Notification MAC Notification Global SettingsQoS Output Scheduling ParameterDescription Max. PacketsParameter Description State MAC Notification Port SettingsInterval sec ~2147483647 History size 1~500Parameter Description From and To 45. MAC Notification Port Settings windowParameter Description Index System Log ServerServer IP SeverityStatus Choose Enabled or Disabled to activate or deactivateAuthentication Server Port Access Entity802.1x Port-Based Access Control 50. Authentication Server AuthenticatorClient Authentication ProcessPort-Based Network Access Control 53. Example of Typical Port-Based Configuration Configure Authenticator54. First 802.1x Authenticator Settings window PortControl AdmDirLocal users 802.1x Capability Settings57 .1x Capability Settings window Initialize Ports Parameter Description Port Reauthenticate PortsAuth State OpenDirStatus Radius Server61. Static ARP Settings window Static ARP SettingsSecure Socket Layer SSL Trusted HostDownload Certificate ConfigurationRSA with RC4 Parameter Description StatusRSA with 3DES EDE DHS DSS with 3DESSecure Shell SSH SSH ConfigurationMax Session Parameter Description SSH Server StatusTime Out Auth. FailBlow-fish CBC SSH AlgorithmParameterDescription Encryption Algorithm Password Authentication AlgorithmCast128-CBC Twofish128Parameter Description User Name SSH User AuthenticationAuth. Mode Host IP Access Authentication ControlHost Name Parameters Description Authentication Policy Authentication Policy & ParametersResponse Timeout 255Authentication Server Group Application Authentication SettingsLogin Method List Enable Method List10. Authentication Server Group Settings window ParameterDescription Authentication Server HostTimeout Login Method ListsProtocol Retransmit15. Login Method List Settings window 18. Enable Method List Settings window Enable Method Lists20. Enable Method List Add window 19. Enable Method List Edit windowEnable Admin Configure Local Enable Password22. Enable Admin window User Accounts Access RightNew Password Admin and User PrivilegesPassword Access Right Confirm NewAdmin and User Privileges Management Admin UserSnmp Manager User Account ManagementGroup Name Snmp User TableSnmp V3 Encryption Auth-ProtocolSnmp View Table window Snmp View TableParameter Description View Name Snmp Group TableSubtree OID View TypeRead View Name Parameter Description Group NameWrite View Name Notify View NameSecurity Model Snmp Community TableParameter Description Community Name Snmp Host TableParameter Description Host IP Address Snmp Engine IDSnmp Version Community String14. Snmp Engine ID Configuration window Utilization window Port UtilizationReceived RX PacketsPackets BytesUMB Cast RX Broadcast UnicastMulticast Tx Packets Analysis window line graph for Bytes and Packets Transmitted TXTx Packets Analysis window table for Bytes and Packets ErrorsRx Error Analysis window line graph UnderSize CrcErrorOverSize Fragment10. Tx Error Analysis window line graph LateColl ExDeferExColl SingColl12. Packet Size Analysis window line graph Size128-255 65-127256-511 512-1023MAC Address Vlan ID of the Vlan the port is a member 14. MAC Address Table windowLearned Switch History LogNext View All Entry15. Switch History window Multicast Group Igmp Snooping GroupQueries ReportsVlan Status Igmp Snooping ForwardingSession Table Router PortRadius Authentication Port Access ControlDownload Firmware Tftp ServicesDownload Configuration File Save History Log Save SettingsPing Test Ping Test window Save ChangesReset Reboot ServicesReboot Logout Reset ConfigReset System 12. Logout Web Setups window Technical Specifications Protocols StandardsData Transfer Rates Ethernet Fast EthernetMini Gbic Cable LengthsStandard Media Type Maximum Distance Glossary Line speed See baud rate DGS-3024 Gigabit Ethernet Switch Manual Limited Warranty What Is Not Covered Trademarks FCC WarningPage Page Product Registration General Terms Link Europe Limited Product WarrantyWarrantor Allgemeine Bedingungen Link Europe Limited ProduktgarantieGarantiegeber Conditions Générales Link Europe a limité la garantie des produitsGarant Condiciones generales Garantía limitada del producto D-LINK EuropaGarante Generalità Link Europe Termini di Garanzia dei ProdottiPrestazioni della Garanzia limitata Technical Support Emailsupport@dlink.com.sg Tech Support for customers within India Tech Support for customers within the Russia Technical Support Technical Support Technical Support Техническая поддержка через Интернет Техническая поддержка D-LinkAsistencia Técnica Suporte Técnico 友冠技術支援 Technical Support Technische Unterstützung Assistance technique D-Link par téléphone Assistance techniqueAsistencia Técnica de D-Link a través de Internet Asistencia Técnica de D-Link por teléfono 902Supporto tecnico Tech Support for customers within the Netherlands Pomoc techniczna firmy D-Link świadczona przez Internet Telefoniczna pomoc techniczna firmy D-LinkTechnická podpora Technikai Támogatás Teknisk Support Link teknisk support på Internettet 0800-114 Teknistä tukea asiakkaille Suomessa0770-33 00 Teknisk Support för kunder i Sverige技术支持 Tech Support for customers within the United States International Offices Registration Card All Countries and Regions Excluding USA
Related manuals
Manual 26 pages 8.5 Kb
Top Page Image Contents