D-Link DSL-G604T manual Access Authentication Control, Host Name, Host IP

Page 108

 

 

DGS-3024 Gigabit Ethernet Switch Manual

 

 

 

 

 

 

publickey on a SSH server for authentication.

 

 

 

 

 

Host Name

Enter an alphanumeric string of no more than 32 characters to identify the remote

 

 

 

SSH user. This parameter is only used in conjunction with the Host Based choice in

 

 

 

the Auth. Mode field.

 

 

 

 

 

 

Host IP

Enter the corresponding IP address of the SSH user. This parameter is only used in

 

 

 

conjunction with the Host Based choice in the Auth. Mode field.

 

 

 

 

 

Click Apply to implement changes made.

NOTE: To set the SSH User Authentication parameters on the Switch, a User Account must be previously configured. For more information on configuring local User Accounts on the Switch, see the User Accounts section of this manual located in this section.

Access Authentication Control

The TACACS / XTACACS / TACACS+ / RADIUS commands let you secure access to the Switch using the TACACS / XTACACS / TACACS+ / RADIUS protocols. When a user logs in to the Switch or tries to access the administrator level privilege, he or she is prompted for a password. If TACACS / XTACACS / TACACS+ / RADIUS authentication is enabled on the Switch, it will contact a TACACS / XTACACS / TACACS+ / RADIUS server to verify the user. If the user is verified, he or she is granted access to the Switch.

There are currently three versions of the TACACS security protocol, each a separate entity. The Switch's software supports the following versions of TACACS:

TACACS (Terminal Access Controller Access Control System) - Provides password checking and authentication, and notification of user actions for security purposes utilizing via one or more centralized TACACS servers, utilizing the UDP protocol for packet transmission.

Extended TACACS (XTACACS) - An extension of the TACACS protocol with the ability to provide more types of authentication requests and more types of response codes than TACACS. This protocol also uses UDP to transmit packets.

TACACS+ (Terminal Access Controller Access Control System plus) - Provides detailed access control for authentication for network devices. TACACS+ is facilitated through Authentication commands via one or more centralized servers. The TACACS+ protocol encrypts all traffic between the Switch and the TACACS+ daemon, using the TCP protocol to ensure reliable delivery

In order for the TACACS / XTACACS / TACACS+ / RADIUS security function to work properly, a TACACS / XTACACS

/TACACS+ / RADIUS server must be configured on a device other than the Switch, called an Authentication Server Host and it must include usernames and passwords for authentication. When the user is prompted by the Switch to enter usernames and passwords for authentication, the Switch contacts the TACACS / XTACACS / TACACS+ / RADIUS server to verify, and the server will respond with one of three messages:

The server verifies the username and password, and the user is granted normal user privileges on the Switch.

The server will not accept the username and password and the user is denied access to the Switch.

The server doesn't respond to the verification query. At this point, the Switch receives the timeout from the server and then moves to the next method of verification configured in the method list.

The Switch has four built-in Authentication Server Groups, one for each of the TACACS, XTACACS, TACACS+ and RADIUS protocols. These built-in Authentication Server Groups are used to authenticate users trying to access the Switch. The users will set Authentication Server Hosts in a preferable order in the built-in Authentication Server Groups and when a user tries to gain access to the Switch, the Switch will ask the first Authentication Server Hosts for authentication. If no

94

Image 108
Contents Managed 24-Port Gigabit Ethernet Switch ManualFCC Warning CE Mark WarningVcci Warning Table of Contents Spanning Tree Sntp Settings Secure Shell SSH 117 141 Preface Intended ReadersDGS-3024 Gigabit Ethernet Switch Manual Safety Instructions Safety CautionsGeneral Precautions for Rack-Mountable Products Safety Instructions Battery Handling Reminder Features Performance FeaturesPorts ManagementDGS-3024 Gigabit Ethernet Switch Manual Unpacking and Setup InstallationPacking List Desktop or Shelf Installation Rack InstallationPower on Power FailureExternal Redundant Power System DPS-300 in DPS-900 case with DGS-3024 Front Panel Rear PanelSide Panels LED Indicators Side panel views of the SwitchSwitch to End Node Switch connected to an End NodeSwitch to Hub or Switch DGS-3024 Gigabit Ethernet Switch Manual Command Line Console Interface Through the Serial Port Connecting the Console Port RS-232 DCEManagement Options Web-based Management InterfaceInitial screen after first connection First Time Connecting to The Switch Password ProtectionSnmp Settings Traps MIBsIP Address Assignment Show Switch command Connecting Devices to the Switch Assigning the Switch an IP AddressLogin to Web Manager IntroductionWeb-based User Interface Areas of the User InterfaceArea Default Gateway IP AddressParameter Description Get IP From IP AddressSwitch Information Advanced Settings Igmp Snooping Multicast Router OnlySwitch Telnet StatusTelnet TCP Port NumberPort Configuration Parameter DescriptionFlow Control LearningPort Mirroring Link AggregationExample of Port Trunk Group Parameter Description Group ID StateType Igmp Snooping Igmp SnoopingMaster Port Port MapHost Timeout Route TimeoutVlan Name Query IntervalLeave Timer Static Router Ports EntryQuerier State Spanning Tree 802.1s Mstp802.1w Rapid Spanning Tree Port Transition States Edge PortP2P Port 802.1d/802.1w/802.1s CompatibilitySTP Bridge Global Settings 13. STP Bridge Global Settings window STP compatibleForward Delay 4 Parameter Description STP StatusSTP Version Hello Time 1-10 SecMST Configuration Table ParameterDescription Configuration NameTX Hold Count Forwarding BpduRevision Level VID List19. Instance ID Settings window Modify Msti Settings Parameter Description Instance IDInternal cost Priority STP Instance Settings Parameter Description Instance TypeInstance Status Instance PriorityParameter Description Designated Root Bridge External Root CostRegional Root Bridge Internal Root CostForward Delay Max AgeLast Topology Change Topology ChangesSTP Port Settings 25. STP Port Settings windowParameter Description From/To External Cost 0 =Auto Hello TimeForwarding Unicast ForwardingMulticast Forwarding Allowed to go portPort Settings VLANsUnderstanding Ieee 802.1p Priority Multicast MACVlan Description Ieee 802.1Q VLANsDGS-3024 Gigabit Ethernet Switch Manual 802.1Q Vlan Tags 29. Ieee 802.1Q Packet ForwardingPort Vlan ID 30. Ieee 802.1Q TagTagging and Untagging Ingress FilteringDefault VLANs Switch PortsVlan and Trunk Groups Static Vlan Entry32. first 802.1Q Static VLANs window 8021Q Port Settings 35. Gvrp Settings window Ingress CheckSntp Settings Time SettingFrame Type 36. Current Time Status window ParameterDescription Time Zone and DST Settings Time Zone and DSTMonth DayDaylight Saving Time State Daylight SavingTime Offset Minutes Time Zone OffsetQoS Advantages of QoSUnderstanding QoS DGS-3024 Gigabit Ethernet Switch Manual 39. Storm Control Type Setting window Traffic Control802.1p Default Priority 40. Port Default Priority assignment window 802.1p User PriorityQoS Scheduling Mechanism Parameter Description StrictRoundRobin MAC Notification Global Settings MAC NotificationQoS Output Scheduling ParameterDescription Max. PacketsMAC Notification Port Settings Parameter Description StateInterval sec ~2147483647 History size 1~50045. MAC Notification Port Settings window Parameter Description From and ToSystem Log Server Parameter Description IndexServer IP SeverityChoose Enabled or Disabled to activate or deactivate StatusPort Access Entity 802.1x Port-Based Access ControlAuthentication Server Authenticator 50. Authentication ServerAuthentication Process Port-Based Network Access ControlClient Configure Authenticator 53. Example of Typical Port-Based Configuration54. First 802.1x Authenticator Settings window AdmDir PortControl802.1x Capability Settings Local users57 .1x Capability Settings window Initialize Ports Reauthenticate Ports Parameter Description PortAuth State OpenDirRadius Server StatusStatic ARP Settings 61. Static ARP Settings windowTrusted Host Secure Socket Layer SSLConfiguration Download CertificateParameter Description Status RSA with RC4RSA with 3DES EDE DHS DSS with 3DESSSH Configuration Secure Shell SSHParameter Description SSH Server Status Max SessionTime Out Auth. FailSSH Algorithm ParameterDescription Encryption AlgorithmBlow-fish CBC Authentication Algorithm PasswordCast128-CBC Twofish128SSH User Authentication Auth. ModeParameter Description User Name Access Authentication Control Host NameHost IP Authentication Policy & Parameters Parameters Description Authentication PolicyResponse Timeout 255Application Authentication Settings Authentication Server GroupLogin Method List Enable Method List10. Authentication Server Group Settings window Authentication Server Host ParameterDescriptionLogin Method Lists TimeoutProtocol Retransmit15. Login Method List Settings window Enable Method Lists 18. Enable Method List Settings window19. Enable Method List Edit window 20. Enable Method List Add windowConfigure Local Enable Password Enable Admin22. Enable Admin window Access Right User AccountsAdmin and User Privileges New PasswordPassword Access Right Confirm NewManagement Admin User Admin and User PrivilegesSnmp Manager User Account ManagementSnmp User Table Group NameSnmp V3 Encryption Auth-ProtocolSnmp View Table Snmp View Table windowSnmp Group Table Parameter Description View NameSubtree OID View TypeParameter Description Group Name Read View NameWrite View Name Notify View NameSnmp Community Table Security ModelSnmp Host Table Parameter Description Community NameSnmp Engine ID Parameter Description Host IP AddressSnmp Version Community String14. Snmp Engine ID Configuration window Port Utilization Utilization windowPackets Received RXBytes PacketsUMB Cast RX Unicast MulticastBroadcast Transmitted TX Tx Packets Analysis window line graph for Bytes and PacketsErrors Tx Packets Analysis window table for Bytes and PacketsRx Error Analysis window line graph CrcError UnderSizeOverSize Fragment10. Tx Error Analysis window line graph ExDefer LateCollExColl SingCollSize 12. Packet Size Analysis window line graph65-127 128-255256-511 512-1023MAC Address 14. MAC Address Table window Vlan ID of the Vlan the port is a memberSwitch History Log LearnedNext View All Entry15. Switch History window Igmp Snooping Group Multicast GroupQueries ReportsIgmp Snooping Forwarding Vlan StatusRouter Port Session TablePort Access Control Radius AuthenticationTftp Services Download Configuration FileDownload Firmware Save Settings Ping TestSave History Log Save Changes Ping Test windowReboot Services RebootReset Reset Config Reset SystemLogout 12. Logout Web Setups window Technical Specifications Standards ProtocolsData Transfer Rates Ethernet Fast EthernetCable Lengths Standard Media Type Maximum DistanceMini Gbic Glossary Line speed See baud rate DGS-3024 Gigabit Ethernet Switch Manual Limited Warranty What Is Not Covered FCC Warning TrademarksPage Page Product Registration Link Europe Limited Product Warranty General TermsWarrantor Link Europe Limited Produktgarantie Allgemeine BedingungenGarantiegeber Link Europe a limité la garantie des produits Conditions GénéralesGarant Garantía limitada del producto D-LINK Europa Condiciones generalesGarante Link Europe Termini di Garanzia dei Prodotti GeneralitàPrestazioni della Garanzia limitata Technical Support Emailsupport@dlink.com.sg Tech Support for customers within India Tech Support for customers within the Russia Technical Support Technical Support Technical Support Техническая поддержка D-Link Техническая поддержка через ИнтернетAsistencia Técnica Suporte Técnico 友冠技術支援 Technical Support Technische Unterstützung Assistance technique Assistance technique D-Link par téléphoneAsistencia Técnica de D-Link por teléfono 902 Asistencia Técnica de D-Link a través de InternetSupporto tecnico Tech Support for customers within the Netherlands Telefoniczna pomoc techniczna firmy D-Link Pomoc techniczna firmy D-Link świadczona przez InternetTechnická podpora Technikai Támogatás Teknisk Support Link teknisk support på Internettet Teknistä tukea asiakkaille Suomessa 0800-114Teknisk Support för kunder i Sverige 0770-33 00技术支持 Tech Support for customers within the United States International Offices Registration Card All Countries and Regions Excluding USA
Related manuals
Manual 26 pages 8.5 Kb