Manuals / D-Link / Computer Equipment / Switch

D-Link DES-3018 manual Authentication Server, Authenticator

Models: DES-3018

1 260

Download 260 pages 53.54 Kb

Page 154

DES-3010F/DES-3010FL/DES-3010G/DES-3016/DES-3018/DES-3026 Fast Ethernet Switch Manual

Authentication Server

The Authentication Server is a remote device that is connected to the same network as the Client and Authenticator, must be running a RADIUS Server program and must be configured properly on the Authenticator (Switch). Clients connected to a port on the Switch must be authenticated by the Authentication Server (RADIUS) before attaining any services offered by the Switch on the LAN. The role of the Authentication Server is to certify the identity of the Client attempting to access the network by exchanging secure information between the RADIUS server and the Client through EAPOL packets and, in turn, informs the Switch whether or not the Client is granted access to the LAN and/or switches services.

Figure 10- 6. The Authentication Server

Authenticator

The Authenticator (the Switch) is an intermediary between the Authentication Server and the Client. The Authenticator server has two purposes when utilizing 802.1X. The first purpose is to request certification information from the Client through EAPOL packets, which is the only information allowed to pass through the Authenticator before access is granted to the Client. The second purpose of the Authenticator is to verify the information gathered from the Client with the Authentication Server, and to then relay that information back to the Client.

Three steps must be implemented on the Switch to properly configure the Authenticator.

1.The 802.1X State must be Enabled.

2.The 802.1X settings must be implemented by port.

3.A RADIUS server must be configured on the Switch.

Figure 10- 7. The Authenticator

141

Image 154

D-Link DES-3018 manual Authentication Server, Authenticator

Contents

Manual Copyright 2008. All rights reserved Table of Contents Administration Introduction to Web-based Switch ConfigurationSnmp Manager L2 Features Tool TipsCPU Interface Filtering 122 CoS 109Security 133 Monitoring 165 Appendix D 209 Appendix a 200 Appendix B 203Appendix C 204 Glossary 210Preface Bold font Intended ReadersTypographical Conventions ConventionDescriptionSafety Instructions Safety CautionsGeneral Precautions for Rack-Mountable Products Protecting Against Electrostatic Discharge Features Switch DescriptionIntroduction If MIB Fast Ethernet Switching TechnologyEthernet Technology Gigabit Ethernet TechnologyPage Front-Panel Components and LED Indicators DES-3010F Front PanelDES-3026 LED indicators LED or Button Power Console Link/Act Speed DescriptionRear Panel Description Rear panels of these switches contain an AC power connectorSide Panel Description Package Contents InstallationBefore You Connect to the Network Mounting the Switch in a Standard 19 Rack Installing the Switch without the RackInstalling the Switch in a Rack Power OnOptional Modules DEM-301T Optional ModuleUpgraded DES-3018 / DES-3026 are now ready for use Optional Module SlotsConnecting the Switch Switch to End NodeSwitch to Hub or Switch Switch connected to switch using fiber-optic cablingUplink Connection to a server, PC or switch stack Management Options Introduction to Switch ManagementCommand Line Console Interface through the Serial Port Web-based Management InterfaceTo connect a terminal to the console port First Time Connecting to the Switch Initial screen, first time connecting to the SwitchPassword Protection Snmp SettingsTraps MIBsShow switch command IP Address AssignmentConnecting Devices to the Switch Assigning the Switch an IP AddressIntroduction Introduction to Web-based Switch ConfigurationLogging on to the Web Manager Web-based User Interface Areas of the User InterfaceArea Function AreaArea Web Pages Administration Device Information Device Information screenIP Address Parameter DescriptionClick Apply to implement changes made Setting the Switchs IP Address using the Console Interface Port Configuration Port SettingsParameter Description State Following parameters can be configuredClick Apply to implement the new settings on the Switch Speed/DuplexPort Description Setting and Port Description Table Port DescriptionPort Port Error DisabledFollowing information can be viewed in the preceding window ConnectionUser Accounts User Accounts windowManagement Admin User Admin and User PrivilegesUser Account Management Password Encryption Cable DiagnosticsPort Mirroring 12. Port Mirroring windowParameter Description Index1-4 Host IP Severity Facility System Log SettingsFollowing parameters can be set Numerical Facility CodeUDP Port 514 or Status ParameterDescription Time Settings Current Time Time Source Sntp SettingsTime Settings Time Settings Set Current Time Year Month DayClick Apply to implement your changes Time Zone and DSTTime in HH MM SS DST Repeating Settings DST Annual SettingsGlobal Settings MAC Notification SettingsFollowing parameters may be viewed and modified Ping Test Tftp ServicesTest Snmp Manager Snmp SettingsMIBs Following parameters are displayed Snmp Trap SettingsSnmp User Table ParameterDescription User NameFollowing parameters can set Group Name Snmp Version Auth-Protocol Priv-ProtocolParameterDescription View Name Snmp View TableSnmp View Table Subtree OIDManager Snmp Group Table Snmp Group TableView Type 28. Snmp Group Table Configuration Add window ParameterDescription Community Name View Name Access Right Snmp Community TableUse the Snmp Host Table to set up Snmp trap recipients Snmp Host Table31. Snmp Engine ID Configuration window Snmp Engine IDIP-MAC-Port Binding Impb IP-MAC-Port Binding ImpbIP-MAC Binding Table 32. IP-MAC Binding Ports window33. IP-MAC Binding Table menu IP-MAC Binding Blocked IP-MAC Binding BlockedLink Single IP Management Single IP Management SIM OverviewSIM Using the Web Interface Single IP Settings SIM SettingsHoldtime TopologyParameterDescription Device Name Local Port Speed Remote Port MAC Address Model Name Icon DescriptionTool Tips 39. Device Information Utilizing the Tool Tip40. Port Speed Utilizing the Tool Tip Right Click Commander Switch IconFollowing options may appear for the user to configure Group IconMember Switch Icon 44. Property windowCandidate Switch Icon 46. Property windowClick Close to close the Property window Menu BarThis window holds the following information Five menus on the menu bar are as followsDevice IP Setting Upload Log File Firmware UpgradeConfiguration File Backup/Restore Upload Log File55. Upload Log File window Unicast Forwarding Forwarding & FilteringUnicast Forwarding ParameterDescriptionMulticast MAC Address Port Settings Multicast ForwardingMulticast Filtering Mode 59. Configure Multicast Filtering ModeSmtp Service Smtp Server Settings Smtp Service ParameterDescription Subject ContentDHCP/BOOTP Relay Global Settings DHCP/BOOTP RelayFollowing fields can be set Click Apply to implement any changes that have been made Dhcp Relay Agent Information Option State Check PolicyRelay Interface Settings DHCP/BOOTP Relay Interface SettingsImplementation of Dhcp Information Option 82 on the Switch Circuit ID sub-option formatRelay Option 60 Default Settings Dhcp Relay Option 60 Default SettingsFollowing parameters may be configured or viewed ParameterDescription Relay IP Address ModeFollowing parameters may be configured Dhcp Relay Option 60 SettingsParameterDescription String Server IP Match Type Following parameters may be set Dhcp Relay Option 61 Default SettingsDhcp Relay Option 61 Settings ParameterDescription Client IDRelay Rule Vlan Description L2 FeaturesVLANs Ieee 802.1Q VLANs802.1Q Vlan Tags Ieee 802.1Q Packet ForwardingTagging and Untagging Ingress FilteringVlan Segmentation Default VLANsSwitch Ports Vlan and Trunk GroupsStatic Vlan Entry 1Q Static VLANs windowVlan Name Port Settings Tag None Egress 1Q Static VLANs ModifyLink Aggregation Understanding Port Trunk GroupsPage Vlan Trunk Settings Parameter Description Vlan Trunk Status From…ToLink Aggregation Trunking Link AggregationLacp Port Settings Lacp Port SettingsClick Apply to implement changes made Igmp Snooping 12. Current Igmp Snooping Group EntriesFollowing parameters may be viewed or modified Vlan IDStatic Router Ports Settings Vlan Name Member PortsClick Apply to implement the new settings Igmp Access Control SettingsIgmp Snooping Igmp Access Control Settings ParameterDescription From…To StatusPort Transition States Spanning Tree802.1w Rapid Spanning Tree 802.1w Rstp 802.1D STP Forwarding LearningP2P Port STP Bridge Global SettingsEdge Port 802.1D and 802.1w Compatibility17. STP Bridge Global Settings Spanning Tree Protocol104 STP Port Settings STP can be set up on a port per port basisMigration From/ToPriority EdgeLoopback Detection Following fields may be configuredLoopback Detection ParameterDescription Loopdetect Status IntervalRecover Time From… To State CoS CoSIeee 802.1p Priority An Example of the Default CoS Mapping on the Switch Advantages of CoSUnderstanding CoS Bandwidth Settings and Port Bandwidth Table window Port BandwidthParameterDescription From/To Type No Limit Rate 802.1p Default Priority 1p Default Priority and the 802.1p Default Priority windowScheduling Mechanism has the following parameters 802.1p User PriorityCoS Scheduling Mechanism ParameterDescription StrictCoS Output Scheduling Weight fairParameterDescription Weights Click Apply to let your changes take effectPriority Settings Priority SettingConfigure the following Priority Setting parameters TOS Priority SettingsParameterDescription From/To MainSelect Dscp Priority Settings Dscp Priority SettingPort Mapping Priority Settings 10. Port Mapping Priority CoSMAC Priority Settings 11. MAC Priority SettingCPU Interface Filtering Table CPU Interface Filtering State SettingsCPU Interface Filtering Interface Filtering CPU Interface Filtering StateDestination MAC Profile IDSource MAC 802.1pEthernet type Source IP Mask Destination IP MaskClick Apply to set this entry in the Switch’s memory ProtocolShown below is the Packet Content Mask configuration window Parameter Description Profile ID Type OffsetCPU Interface Filtering Table Ethernet Access ID Parameters DescriptionParameter Description Profile ID Mode Access ID Type 10. CPU Interface Filtering Rule Table IPVlan Name Source IP Destination IP DSCP0-63 Port 12. CPU Interface Filtering Rule Display IPParametersDescription Profile ID Mode Access ID Type Offset 15. CPU Interface Filtering Rule Display Packet Content Security Traffic ControlTraffic Control Settings window Click Apply to implement the settings of each field 136 Port Security Settings and Table window Port SecurityAdmin State Max. Addr0-10 Lock Address Mode Lock Entries Port Lock EntriesDelete 802.1X Port-Based and MAC-Based Access Control 802.1XAuthentication Server AuthenticatorClient ClientAuthentication Process 802.1X Authentication ProcessPort-Based Network Access Control 10. Example of Typical Port-Based ConfigurationMAC-Based Network Access Control 11. Example of Typical MAC-Based Configuration802.1X Authenticator Settings 12 .1X Authenticator Settings windowThis screen allows you to set the following parameters MaxReq SuppTimeoutServerTimeout ReAuthPeriodLocal Users Click Security 802.1X 802.1X Capability 802.1X Capability SettingsSettings to view the following window ParameterDescription From and To CapabilityLimitations Using the Guest Vlan Guest VLANsOperation Configure 802.1X Guest VlanPort List Initializing Ports for Port Based 18. Initialize Port windowReauthenticate Ports for Port Based Initializing Ports for MAC BasedParameter Description Port Reauthenticate Ports for MAC-basedPorts Auth StateRadius Server Trusted Host To view the Trusted Host table, click Security Trusted HostTraffic Segmentation 24. Current Traffic Segmentation Table25. Setup Forwarding Ports window Secure Shell SSHSSH Server Configuration Algorithm Settings SSH Authentication Mode and Algorithm SettingsFollowing algorithms may be set Encryption Algorithm Blow-fish CBCCast128-CBC Twofish128 Twofish192 Twofish256 Data Integrity AlgorithmSSH User Authentication Mode 28. SSH User Authentication Mode windowUser may set the following parameters Auth. ModeParameter Description User Name Monitoring CPU UtilizationPort Utilization Port Utilization windowParameterDescription Time Interval Record Number Received RX PacketsReceived RX Following fields may be set or viewed Rx Packets Analysis TableUMB Cast RX Packets UMB CastRX171 Transmitted TX TransmittedTXTx Packets Analysis window table for Bytes and Packets Packet Errors Rx Error Analysis window line graph10. Rx Error Analysis window table 11. Tx Error Analysis window line graph 12. Tx Error Analysis window table Packet Size Packet SizeFollowing fields can be set or viewed Vlan Status 15. Vlan Status windowFollowing fields can be viewed or set MAC AddressMAC Address ParameterDescription Vlan Name MAC Address Port FindSwitch Log ParameterDescription Sequence Time Log TextLog Settings ParameterDescription Log Mode Time IntervalIgmp Snooping Group Multicast Group MAC Address Reports Port MapBrowse ARP Table Browse Router PortSession Table Radius Authentication Port Access ControlRadius Authentication ParameterDescription Server187 Radius Accounting AccountingAuth Diagnostics BadAuthenticators UnknownTypes PacketsDroppedEntersAuthenticating EntersConnectingEapLogOffsConnecting SuccessAuthenticatingAuth Session Statistics ResponsesFromSupplicant AuthSuccesses AuthFailsAuth Statistics 27. Authenticator Statistics window Rx Invalid Rx Error Last Version Last Source Monitoring Port Access Control Auth State Auth State29. Authenticator State window MAC-Based Reset 30. Factory Reset to Default Value windowFollowing menu is used to restart the Switch Reboot SystemSave Changes 33. Reboot System window LogoutAppendix a Physical and EnvironmentalGeneral CSMA/CDPerformance Appendix B Appendix 1- 2. The standard RJ-45 pin assignmentsAppendix C System Log Entries205 206 207 208 Cable Lengths Appendix DStandard Media Type Maximum Distance Glossary Page Limited Warranty Warranties and RegistrationWhat Is Not Covered Trademarks FCC WarningCopyright Statement Page Page Product Registration Tech Support Technical SupportTechnical Support Technische Unterstützung Assistance technique Asistencia Técnica Supporto tecnico Technical Support Pomoc techniczna Technická podpora Technikai Támogatás Teknisk Support Teknisk Support Teknistä tukea asiakkaille Suomessa Teknisk Support Suporte Técnico Τεχνική Υποστήριξη Tehnička podrška Tehnična podpora Suport tehnica Technical Support Technical Support Техническая поддержка Asistencia Técnica Suporte Técnico Link友訊科技台灣分公司技術支援資訊 Dukungan Teknis 技术支持 International Offices Germany Spain EgyptRegistration Card All Countries and Regions excluding USA247