D-Link DSL-G604T Authentication Policy & Parameters, Parameters Description Authentication Policy

Page 109

DGS-3024 Gigabit Ethernet Switch Manual

authentication is made, the second server host in the list will be queried, and so on. The built-in Authentication Server Groups can only have hosts that are running the specified protocol. For example, the TACACS Authentication Server Groups can only have TACACS Authentication Server Hosts.

The administrator for the Switch may set up six different authentication techniques per user-defined method list (TACACS / XTACACS / TACACS+ / RADIUS / local / none) for authentication. These techniques will be listed in an order preferable, and defined by the user for normal user authentication on the Switch, and may contain up to eight authentication techniques. When a user attempts to access the Switch, the Switch will select the first technique listed for authentication. If the first technique goes through its Authentication Server Hosts and no authentication is returned, the Switch will then go to the next technique listed in the server group for authentication, until the authentication has been verified or denied, or the list is exhausted.

Please note that users granted access to the Switch will be granted normal user privileges on the Switch. To gain access to administrator level privileges, the user must access the Enable Admin window and then enter a password, which was previously configured by the administrator of the Switch.

NOTE: TACACS, XTACACS and TACACS+ are separate entities and are not compatible. The Switch and the server must be configured exactly the same, using the same protocol. (For example, if the Switch is set up for TACACS authentication, so must be the host server.)

Authentication Policy & Parameters

This feature will enable an administrator-defined authentication policy for users trying to access the Switch. When enabled, the device will check the Login Method List and choose a technique for user authentication upon login.

To access the following window, click Security > Access Authentication Control > Policy and Parameters:

 

Figure 8- 8. Policy & Parameter Settings window

The following parameters can be set:

 

 

 

Parameters

Description

 

 

 

Authentication Policy

Use the pull-down menu to enable or disable the Authentication Policy on the

 

 

Switch.

 

 

 

 

Response Timeout (0-

This field will set the time the Switch will wait for a response of authentication from

 

255)

the user. The user may set a time between 0 and 255 seconds. The default setting

 

 

is 30 seconds.

 

 

 

 

User Attempts (1-255)

This command will configure the maximum number of times the Switch will accept

 

 

authentication attempts. Users failing to be authenticated after the set amount of

 

 

attempts will be denied access to the Switch and will be locked out of further

 

 

authentication attempts. Command line interface users will have to wait 60

 

 

seconds before another authentication attempt. Telnet and web users will be

 

 

disconnected from the Switch. The user may set the number of attempts from 1 to

 

 

255. The default setting is 3.

 

 

 

 

95

Page 108 Page 110
Image 109
Page 108 Page 110
Contents Manual Managed 24-Port Gigabit Ethernet SwitchCE Mark Warning FCC WarningVcci Warning Table of Contents Spanning Tree Sntp Settings Secure Shell SSH 117 141 Intended Readers PrefaceDGS-3024 Gigabit Ethernet Switch Manual Safety Cautions Safety InstructionsGeneral Precautions for Rack-Mountable Products Safety Instructions Battery Handling Reminder Performance Features FeaturesPorts ManagementDGS-3024 Gigabit Ethernet Switch Manual Installation Unpacking and SetupPacking List Rack Installation Desktop or Shelf InstallationPower Failure Power onExternal Redundant Power System DPS-300 in DPS-900 case with DGS-3024 Rear Panel Front PanelSide Panels Side panel views of the Switch LED IndicatorsSwitch connected to an End Node Switch to End NodeSwitch to Hub or Switch DGS-3024 Gigabit Ethernet Switch Manual Connecting the Console Port RS-232 DCE Command Line Console Interface Through the Serial PortManagement Options Web-based Management InterfaceInitial screen after first connection Password Protection First Time Connecting to The SwitchSnmp Settings MIBs TrapsIP Address Assignment Show Switch command Assigning the Switch an IP Address Connecting Devices to the SwitchIntroduction Login to Web ManagerAreas of the User Interface Web-based User InterfaceArea IP Address Default GatewayParameter Description Get IP From IP AddressSwitch Information Igmp Snooping Multicast Router Only Advanced SettingsTelnet Status SwitchTelnet TCP Port NumberParameter Description Port ConfigurationLearning Flow ControlLink Aggregation Port MirroringExample of Port Trunk Group State Parameter Description Group IDType Igmp Snooping Igmp SnoopingMaster Port Port MapRoute Timeout Host TimeoutVlan Name Query IntervalStatic Router Ports Entry Leave TimerQuerier State 802.1s Mstp Spanning Tree802.1w Rapid Spanning Tree Edge Port Port Transition StatesP2P Port 802.1d/802.1w/802.1s Compatibility13. STP Bridge Global Settings window STP compatible STP Bridge Global SettingsParameter Description STP Status Forward Delay 4STP Version Hello Time 1-10 SecParameterDescription Configuration Name MST Configuration TableTX Hold Count Forwarding BpduVID List Revision Level19. Instance ID Settings window Modify Parameter Description Instance ID Msti SettingsInternal cost Priority Parameter Description Instance Type STP Instance SettingsInstance Status Instance PriorityBridge External Root Cost Parameter Description Designated RootRegional Root Bridge Internal Root CostMax Age Forward DelayLast Topology Change Topology Changes25. STP Port Settings window STP Port SettingsExternal Cost 0 = Parameter Description From/ToAuto Hello TimeUnicast Forwarding ForwardingMulticast Forwarding Allowed to go portVLANs Port SettingsUnderstanding Ieee 802.1p Priority Multicast MACIeee 802.1Q VLANs Vlan DescriptionDGS-3024 Gigabit Ethernet Switch Manual 29. Ieee 802.1Q Packet Forwarding 802.1Q Vlan Tags30. Ieee 802.1Q Tag Port Vlan IDIngress Filtering Tagging and UntaggingSwitch Ports Default VLANsVlan and Trunk Groups Static Vlan Entry32. first 802.1Q Static VLANs window 8021Q Port Settings Ingress Check 35. Gvrp Settings windowTime Setting Sntp SettingsFrame Type 36. Current Time Status window Time Zone and DST ParameterDescription Time Zone and DST SettingsMonth DayTime State Daylight Saving Daylight SavingTime Offset Minutes Time Zone OffsetAdvantages of QoS QoSUnderstanding QoS DGS-3024 Gigabit Ethernet Switch Manual Traffic Control 39. Storm Control Type Setting window802.1p Default Priority 802.1p User Priority 40. Port Default Priority assignment windowParameter Description Strict QoS Scheduling MechanismRoundRobin MAC Notification MAC Notification Global SettingsQoS Output Scheduling ParameterDescription Max. PacketsParameter Description State MAC Notification Port SettingsInterval sec ~2147483647 History size 1~500Parameter Description From and To 45. MAC Notification Port Settings windowParameter Description Index System Log ServerServer IP SeverityStatus Choose Enabled or Disabled to activate or deactivate802.1x Port-Based Access Control Port Access EntityAuthentication Server 50. Authentication Server AuthenticatorPort-Based Network Access Control Authentication ProcessClient 53. Example of Typical Port-Based Configuration Configure Authenticator54. First 802.1x Authenticator Settings window PortControl AdmDirLocal users 802.1x Capability Settings57 .1x Capability Settings window Initialize Ports Parameter Description Port Reauthenticate PortsAuth State OpenDirStatus Radius Server61. Static ARP Settings window Static ARP SettingsSecure Socket Layer SSL Trusted HostDownload Certificate ConfigurationRSA with RC4 Parameter Description StatusRSA with 3DES EDE DHS DSS with 3DESSecure Shell SSH SSH ConfigurationMax Session Parameter Description SSH Server StatusTime Out Auth. FailParameterDescription Encryption Algorithm SSH AlgorithmBlow-fish CBC Password Authentication AlgorithmCast128-CBC Twofish128Auth. Mode SSH User AuthenticationParameter Description User Name Host Name Access Authentication ControlHost IP Parameters Description Authentication Policy Authentication Policy & ParametersResponse Timeout 255Authentication Server Group Application Authentication SettingsLogin Method List Enable Method List10. Authentication Server Group Settings window ParameterDescription Authentication Server HostTimeout Login Method ListsProtocol Retransmit15. Login Method List Settings window 18. Enable Method List Settings window Enable Method Lists20. Enable Method List Add window 19. Enable Method List Edit windowEnable Admin Configure Local Enable Password22. Enable Admin window User Accounts Access RightNew Password Admin and User PrivilegesPassword Access Right Confirm NewAdmin and User Privileges Management Admin UserSnmp Manager User Account ManagementGroup Name Snmp User TableSnmp V3 Encryption Auth-ProtocolSnmp View Table window Snmp View TableParameter Description View Name Snmp Group TableSubtree OID View TypeRead View Name Parameter Description Group NameWrite View Name Notify View NameSecurity Model Snmp Community TableParameter Description Community Name Snmp Host TableParameter Description Host IP Address Snmp Engine IDSnmp Version Community String14. Snmp Engine ID Configuration window Utilization window Port UtilizationReceived RX PacketsPackets BytesUMB Cast RX Multicast UnicastBroadcast Tx Packets Analysis window line graph for Bytes and Packets Transmitted TXTx Packets Analysis window table for Bytes and Packets ErrorsRx Error Analysis window line graph UnderSize CrcErrorOverSize Fragment10. Tx Error Analysis window line graph LateColl ExDeferExColl SingColl12. Packet Size Analysis window line graph Size128-255 65-127256-511 512-1023MAC Address Vlan ID of the Vlan the port is a member 14. MAC Address Table windowLearned Switch History LogNext View All Entry15. Switch History window Multicast Group Igmp Snooping GroupQueries ReportsVlan Status Igmp Snooping ForwardingSession Table Router PortRadius Authentication Port Access ControlDownload Configuration File Tftp ServicesDownload Firmware Ping Test Save SettingsSave History Log Ping Test window Save ChangesReboot Reboot ServicesReset Reset System Reset ConfigLogout 12. Logout Web Setups window Technical Specifications Protocols StandardsData Transfer Rates Ethernet Fast EthernetStandard Media Type Maximum Distance Cable LengthsMini Gbic Glossary Line speed See baud rate DGS-3024 Gigabit Ethernet Switch Manual Limited Warranty What Is Not Covered Trademarks FCC WarningPage Page Product Registration General Terms Link Europe Limited Product WarrantyWarrantor Allgemeine Bedingungen Link Europe Limited ProduktgarantieGarantiegeber Conditions Générales Link Europe a limité la garantie des produitsGarant Condiciones generales Garantía limitada del producto D-LINK EuropaGarante Generalità Link Europe Termini di Garanzia dei ProdottiPrestazioni della Garanzia limitata Technical Support Emailsupport@dlink.com.sg Tech Support for customers within India Tech Support for customers within the Russia Technical Support Technical Support Technical Support Техническая поддержка через Интернет Техническая поддержка D-LinkAsistencia Técnica Suporte Técnico 友冠技術支援 Technical Support Technische Unterstützung Assistance technique D-Link par téléphone Assistance techniqueAsistencia Técnica de D-Link a través de Internet Asistencia Técnica de D-Link por teléfono 902Supporto tecnico Tech Support for customers within the Netherlands Pomoc techniczna firmy D-Link świadczona przez Internet Telefoniczna pomoc techniczna firmy D-LinkTechnická podpora Technikai Támogatás Teknisk Support Link teknisk support på Internettet 0800-114 Teknistä tukea asiakkaille Suomessa0770-33 00 Teknisk Support för kunder i Sverige技术支持 Tech Support for customers within the United States International Offices Registration Card All Countries and Regions Excluding USA
Related manuals
Manual 26 pages 8.5 Kb
Top Page Image Contents