Manuals / D-Link / Computer Equipment / Switch

D-Link DES-3018 MAC-Based Network Access Control, Example of Typical MAC-Based Configuration

Models: DES-3018

1 260

Download 260 pages 53.54 Kb

Page 158

DES-3010F/DES-3010FL/DES-3010G/DES-3016/DES-3018/DES-3026 Fast Ethernet Switch Manual

MAC-Based Network Access Control

Ethernet Switch

RADIUS

Server

									…
802.1X	802.1X	802.1X	802.1X	802.1X	802.1X	802.1X	802.1X	802.1X	802.1X	802.1X	802.1X
Client	Client	Client	Client	Client	Client	Client	Client	Client	Client	Client	Client

Network access controlled port

Network access uncontrolled port

Figure 10- 11. Example of Typical MAC-Based Configuration

In order to successfully make use of 802.1X in a shared media LAN segment, it would be necessary to create “logical” Ports, one for each attached device that required access to the LAN. The Switch would regard the single physical Port connecting it to the shared media segment as consisting of a number of distinct logical Ports, each logical Port being independently controlled from the point of view of EAPOL exchanges and authorization state. The Switch learns each attached devices’ individual MAC addresses, and effectively creates a logical Port that the attached device can then use to communicate with the LAN via the Switch.

145

Image 158

D-Link DES-3018 manual MAC-Based Network Access Control, Example of Typical MAC-Based Configuration

Contents

Manual Copyright 2008. All rights reserved Table of Contents Snmp Manager Introduction to Web-based Switch ConfigurationAdministration L2 Features Tool TipsSecurity 133 CoS 109CPU Interface Filtering 122 Monitoring 165 Appendix D 209 Appendix a 200 Appendix B 203Appendix C 204 Glossary 210Preface Bold font Intended ReadersTypographical Conventions ConventionDescriptionSafety Instructions Safety CautionsGeneral Precautions for Rack-Mountable Products Protecting Against Electrostatic Discharge Introduction Switch DescriptionFeatures If MIB Fast Ethernet Switching TechnologyEthernet Technology Gigabit Ethernet TechnologyPage Front-Panel Components and LED Indicators DES-3010F Front PanelDES-3026 LED indicators LED or Button Power Console Link/Act Speed DescriptionSide Panel Description Rear panels of these switches contain an AC power connectorRear Panel Description Before You Connect to the Network InstallationPackage Contents Mounting the Switch in a Standard 19 Rack Installing the Switch without the RackInstalling the Switch in a Rack Power OnOptional Modules DEM-301T Optional ModuleUpgraded DES-3018 / DES-3026 are now ready for use Optional Module SlotsConnecting the Switch Switch to End NodeSwitch to Hub or Switch Switch connected to switch using fiber-optic cablingUplink Connection to a server, PC or switch stack Management Options Introduction to Switch ManagementCommand Line Console Interface through the Serial Port Web-based Management InterfaceTo connect a terminal to the console port First Time Connecting to the Switch Initial screen, first time connecting to the SwitchPassword Protection Snmp SettingsTraps MIBsShow switch command IP Address AssignmentConnecting Devices to the Switch Assigning the Switch an IP AddressLogging on to the Web Manager Introduction to Web-based Switch ConfigurationIntroduction Web-based User Interface Areas of the User InterfaceArea AreaArea Function Web Pages Administration Device Information Device Information screenIP Address Parameter DescriptionClick Apply to implement changes made Setting the Switchs IP Address using the Console Interface Port Configuration Port SettingsParameter Description State Following parameters can be configuredClick Apply to implement the new settings on the Switch Speed/DuplexPort Description Setting and Port Description Table Port DescriptionPort Port Error DisabledFollowing information can be viewed in the preceding window ConnectionUser Accounts User Accounts windowUser Account Management Admin and User PrivilegesManagement Admin User Password Encryption Cable DiagnosticsPort Mirroring 12. Port Mirroring windowParameter Description Index1-4 Host IP Severity Facility System Log SettingsFollowing parameters can be set Numerical Facility CodeUDP Port 514 or Status ParameterDescription Time Settings Current Time Time Source Sntp SettingsTime Settings Time Settings Set Current Time Year Month DayTime in HH MM SS Time Zone and DSTClick Apply to implement your changes DST Repeating Settings DST Annual SettingsFollowing parameters may be viewed and modified MAC Notification SettingsGlobal Settings Test Tftp ServicesPing Test MIBs Snmp SettingsSnmp Manager Following parameters are displayed Snmp Trap SettingsSnmp User Table ParameterDescription User NameFollowing parameters can set Group Name Snmp Version Auth-Protocol Priv-ProtocolParameterDescription View Name Snmp View TableSnmp View Table Subtree OIDView Type Snmp Group TableManager Snmp Group Table 28. Snmp Group Table Configuration Add window ParameterDescription Community Name View Name Access Right Snmp Community TableUse the Snmp Host Table to set up Snmp trap recipients Snmp Host Table31. Snmp Engine ID Configuration window Snmp Engine IDIP-MAC-Port Binding Impb IP-MAC-Port Binding ImpbIP-MAC Binding Table 32. IP-MAC Binding Ports window33. IP-MAC Binding Table menu IP-MAC Binding Blocked IP-MAC Binding BlockedLink Single IP Management Single IP Management SIM OverviewSIM Using the Web Interface Single IP Settings SIM SettingsParameterDescription Device Name Local Port TopologyHoldtime Speed Remote Port MAC Address Model Name Icon DescriptionTool Tips 39. Device Information Utilizing the Tool Tip40. Port Speed Utilizing the Tool Tip Right Click Commander Switch IconFollowing options may appear for the user to configure Group IconMember Switch Icon 44. Property windowCandidate Switch Icon 46. Property windowClick Close to close the Property window Menu BarThis window holds the following information Five menus on the menu bar are as followsDevice IP Setting Upload Log File Firmware UpgradeConfiguration File Backup/Restore Upload Log File55. Upload Log File window Unicast Forwarding Forwarding & FilteringUnicast Forwarding ParameterDescriptionMulticast MAC Address Port Settings Multicast ForwardingMulticast Filtering Mode 59. Configure Multicast Filtering ModeSmtp Service Smtp Server Settings Smtp Service ParameterDescription Subject ContentFollowing fields can be set DHCP/BOOTP RelayDHCP/BOOTP Relay Global Settings Click Apply to implement any changes that have been made Dhcp Relay Agent Information Option State Check PolicyRelay Interface Settings DHCP/BOOTP Relay Interface SettingsImplementation of Dhcp Information Option 82 on the Switch Circuit ID sub-option formatRelay Option 60 Default Settings Dhcp Relay Option 60 Default SettingsFollowing parameters may be configured or viewed ParameterDescription Relay IP Address ModeParameterDescription String Server IP Match Type Dhcp Relay Option 60 SettingsFollowing parameters may be configured Following parameters may be set Dhcp Relay Option 61 Default SettingsDhcp Relay Option 61 Settings ParameterDescription Client IDRelay Rule Vlan Description L2 FeaturesVLANs Ieee 802.1Q VLANs802.1Q Vlan Tags Ieee 802.1Q Packet ForwardingTagging and Untagging Ingress FilteringVlan Segmentation Default VLANsSwitch Ports Vlan and Trunk GroupsStatic Vlan Entry 1Q Static VLANs windowVlan Name Port Settings Tag None Egress 1Q Static VLANs ModifyLink Aggregation Understanding Port Trunk GroupsPage Vlan Trunk Settings Parameter Description Vlan Trunk Status From…ToLink Aggregation Trunking Link AggregationLacp Port Settings Lacp Port SettingsClick Apply to implement changes made Igmp Snooping 12. Current Igmp Snooping Group EntriesFollowing parameters may be viewed or modified Vlan IDStatic Router Ports Settings Vlan Name Member PortsClick Apply to implement the new settings Igmp Access Control SettingsIgmp Snooping Igmp Access Control Settings ParameterDescription From…To StatusPort Transition States Spanning Tree802.1w Rapid Spanning Tree 802.1w Rstp 802.1D STP Forwarding LearningP2P Port STP Bridge Global SettingsEdge Port 802.1D and 802.1w Compatibility17. STP Bridge Global Settings Spanning Tree Protocol104 STP Port Settings STP can be set up on a port per port basisMigration From/ToPriority EdgeLoopback Detection Following fields may be configuredLoopback Detection ParameterDescription Loopdetect Status IntervalRecover Time From… To State Ieee 802.1p Priority CoSCoS An Example of the Default CoS Mapping on the Switch Advantages of CoSUnderstanding CoS Bandwidth Settings and Port Bandwidth Table window Port BandwidthParameterDescription From/To Type No Limit Rate 802.1p Default Priority 1p Default Priority and the 802.1p Default Priority windowScheduling Mechanism has the following parameters 802.1p User PriorityCoS Scheduling Mechanism ParameterDescription StrictCoS Output Scheduling Weight fairParameterDescription Weights Click Apply to let your changes take effectPriority Settings Priority SettingParameterDescription From/To MainSelect TOS Priority SettingsConfigure the following Priority Setting parameters Dscp Priority Settings Dscp Priority SettingPort Mapping Priority Settings 10. Port Mapping Priority CoSMAC Priority Settings 11. MAC Priority SettingCPU Interface Filtering Table CPU Interface Filtering State SettingsCPU Interface Filtering Interface Filtering CPU Interface Filtering StateDestination MAC Profile IDSource MAC 802.1pEthernet type Source IP Mask Destination IP MaskClick Apply to set this entry in the Switch’s memory ProtocolShown below is the Packet Content Mask configuration window Parameter Description Profile ID Type OffsetCPU Interface Filtering Table Ethernet Access ID Parameters DescriptionParameter Description Profile ID Mode Access ID Type 10. CPU Interface Filtering Rule Table IPVlan Name Source IP Destination IP DSCP0-63 Port 12. CPU Interface Filtering Rule Display IPParametersDescription Profile ID Mode Access ID Type Offset 15. CPU Interface Filtering Rule Display Packet Content Security Traffic ControlTraffic Control Settings window Click Apply to implement the settings of each field 136 Port Security Settings and Table window Port SecurityAdmin State Max. Addr0-10 Lock Address Mode Delete Port Lock EntriesLock Entries 802.1X Port-Based and MAC-Based Access Control 802.1XAuthentication Server AuthenticatorClient ClientAuthentication Process 802.1X Authentication ProcessPort-Based Network Access Control 10. Example of Typical Port-Based ConfigurationMAC-Based Network Access Control 11. Example of Typical MAC-Based Configuration802.1X Authenticator Settings 12 .1X Authenticator Settings windowThis screen allows you to set the following parameters MaxReq SuppTimeoutServerTimeout ReAuthPeriodLocal Users Click Security 802.1X 802.1X Capability 802.1X Capability SettingsSettings to view the following window ParameterDescription From and To CapabilityLimitations Using the Guest Vlan Guest VLANsPort List Configure 802.1X Guest VlanOperation Initializing Ports for Port Based 18. Initialize Port windowReauthenticate Ports for Port Based Initializing Ports for MAC BasedParameter Description Port Reauthenticate Ports for MAC-basedPorts Auth StateRadius Server Trusted Host To view the Trusted Host table, click Security Trusted HostTraffic Segmentation 24. Current Traffic Segmentation Table25. Setup Forwarding Ports window Secure Shell SSHSSH Server Configuration Following algorithms may be set SSH Authentication Mode and Algorithm SettingsAlgorithm Settings Encryption Algorithm Blow-fish CBCCast128-CBC Twofish128 Twofish192 Twofish256 Data Integrity AlgorithmSSH User Authentication Mode 28. SSH User Authentication Mode windowParameter Description User Name Auth. ModeUser may set the following parameters Monitoring CPU UtilizationPort Utilization Port Utilization windowParameterDescription Time Interval Record Number Received RX PacketsReceived RX Following fields may be set or viewed Rx Packets Analysis TableUMB Cast RX Packets UMB CastRX171 Transmitted TX TransmittedTXTx Packets Analysis window table for Bytes and Packets Packet Errors Rx Error Analysis window line graph10. Rx Error Analysis window table 11. Tx Error Analysis window line graph 12. Tx Error Analysis window table Packet Size Packet SizeFollowing fields can be set or viewed Vlan Status 15. Vlan Status windowFollowing fields can be viewed or set MAC AddressMAC Address ParameterDescription Vlan Name MAC Address Port FindSwitch Log ParameterDescription Sequence Time Log TextLog Settings ParameterDescription Log Mode Time IntervalIgmp Snooping Group Multicast Group MAC Address Reports Port MapSession Table Browse Router PortBrowse ARP Table Radius Authentication Port Access ControlRadius Authentication ParameterDescription Server187 Radius Accounting AccountingAuth Diagnostics BadAuthenticators UnknownTypes PacketsDroppedEntersAuthenticating EntersConnectingEapLogOffsConnecting SuccessAuthenticatingAuth Session Statistics ResponsesFromSupplicant AuthSuccesses AuthFailsAuth Statistics 27. Authenticator Statistics window Rx Invalid Rx Error Last Version Last Source Monitoring Port Access Control Auth State Auth State29. Authenticator State window MAC-Based Reset 30. Factory Reset to Default Value windowSave Changes Reboot SystemFollowing menu is used to restart the Switch 33. Reboot System window LogoutAppendix a Physical and EnvironmentalGeneral CSMA/CDPerformance Appendix B Appendix 1- 2. The standard RJ-45 pin assignmentsAppendix C System Log Entries205 206 207 208 Standard Media Type Maximum Distance Appendix DCable Lengths Glossary Page Limited Warranty Warranties and RegistrationWhat Is Not Covered Copyright Statement FCC WarningTrademarks Page Page Product Registration Tech Support Technical SupportTechnical Support Technische Unterstützung Assistance technique Asistencia Técnica Supporto tecnico Technical Support Pomoc techniczna Technická podpora Technikai Támogatás Teknisk Support Teknisk Support Teknistä tukea asiakkaille Suomessa Teknisk Support Suporte Técnico Τεχνική Υποστήριξη Tehnička podrška Tehnična podpora Suport tehnica Technical Support Technical Support Техническая поддержка Asistencia Técnica Suporte Técnico Link友訊科技台灣分公司技術支援資訊 Dukungan Teknis 技术支持 International Offices Germany Spain EgyptRegistration Card All Countries and Regions excluding USA247