Authentication Process, 101 | D-Link DES-3250TG instruction

D-Link DES-3250TG Standalone Layer 2 Switch

Authentication Process

Utilizing the three roles stated above, the 802.1x protocol provides a stable and secure way of authorizing and authenticating users attempting to access the network. Only EAPOL traffic is allowed to pass through the specified port before a successful authentication is made. This port is “locked” until the point when a Client with the correct username and password (and MAC address if 802.1x is enabled by MAC address) is granted access and therefore successfully “unlocks” the port. Once unlocked, normal traffic is allowed to pass through the port. The following figure displays a more detailed explanation of how the authentication process is completed between the three roles stated above.

Figure 7- 62. The 802.1x Authentication Process

The D-Link implementation of 802.1x allows network administrators to choose between two types of Access Control used on the Switch, which are:

1.Port-Based Access Control – This method requires only one user to be authenticated per port by a remote RADIUS server to allow the remaining users on the same port access to the network.

2.MAC-Based Access Control – Using this method, the Switch will automatically learn up to three MAC addresses by port and set them in a list. Each MAC address must be authenticated by the Switch using a remote RADIUS server before being allowed access to the Network.

Understanding 802.1x Port-based and MAC-based Network Access Control

The original intent behind the development of 802.1X was to leverage the characteristics of point-to-point in LANs. As any single LAN segment in such infrastructures has no more than two devices attached to it, one of which is a Bridge Port. The Bridge Port detects events that indicate the attachment of an active device at the remote end of the link, or an active device becoming inactive. These events can be used to control the authorization state of the Port and initiate the process of authenticating the attached device if the Port is unauthorized. This is the Port-Based Network Access Control.

101

Image 111

D-Link DES-3250TG manual Authentication Process, 101

Contents

User’s Guide Link DES-3250TG Standalone Layer 2 Switch Table of Contents Igmp SNMPV3 Link DES-3250TG Standalone Layer 2 Switch Preface Intended ReadersVii Safety Instructions Safety CautionsViii Safety Instructions General Precautions for Rack-Mountable Products Protecting Against Electrostatic Discharge Gigabit Ethernet Technology Switch StackingSection Introduction Fast Ethernet Technology Ports Features Management Traffic Classification and Prioritization Unpacking Installation Power On Section Unpacking and SetupInstallation Desktop or Shelf Installation Installing rubber feet for desktop installation Rack Installation Power Failure Power on Section Identifying External Components Front PanelRear Panel LED Indicators Side PanelsGigabit Combo Ports Link DES-3250TG Standalone Layer 2 Switch Section Connecting the Switch Switch to End NodeSwitch to Hub or Switch Stacking vs. Standalone Operation 10BASE-T Device100BASE-TX Device Managing Switch Stacks Convert a Standalone Switch to a Stacked Switch Changes to Switch Stack Structure Convert a Standalone Switch to a Stacked Switch Add a Switch to a Stack Swap a Master from a Stack Download configuration ipaddr pathfilename Stacking with DGS-3312SR DES-3250TG Switches with DGS-3312SR Web-based Management Interface Section Introduction to Switch ManagementCommand Line Console Interface Through the Serial Port Management Options Connecting the Console Port RS-232 DCE Initial screen after first connection First Time Connecting to The Switch Initial screen, first time connecting to the Switch Password Protection Creation of a new Admin level account Snmp Settings IP Address Assignment TrapsMIBs Show switch command Connecting Devices to the Switch Section Web-based Switch Management Login to Web ManagerIntroduction User Accounts Management Admin and User Privileges User Account Management Save Changes Area Areas of the User Interface Web Pages Access Profile Table System Log Hosts PAE Access Entity Section Configuration IP Address To set the switch’s IP address Subnet Mask Default GatewayManual IP Address Click the Switch Information link in the Configuration menu Switch InformationAdvanced Settings Admin. State Algorithm Mac Link Aggregation MAC Notification Serial Port Settings MAC Notification History Size Port ConfigurationClick the Port Configuration link in the Configuration menu MAC Notification Interval Port Configuration window Speed/Duplex Auto State EnabledPort Description From and To Port Mirroring Click Port Mirroring on the Configuration menu Egress Source PortNone Ingress Status Stack SettingClick Stack Setting on the Configuration menu Target Port Auto MAC Address Port Range Mode Version RPS Status Static ARP Settings Igmp Snooping Igmp Query Interval Vlan ID State Static Router Ports Entry Member Ports Spanning Tree P2P Port 802.1w Rapid Spanning TreePort Transition States Edge Port 802.1d/802.1w Compatibility STP Switch Settings Bridge Max Age Protocol DisabledBridge Forward Delay Spanning Tree STP Port Settings 17. STP Port Settings window Edge No CostPriority Migration No MAC Address Forwarding FilteringUnicast Forwarding Multicast Forwarding Port 19. Static Multicast Forwarding Settings window 802.1Q Vlan Packet Forwarding VLANsVLANs on the DES-3250TG Ieee 802.1Q VLANs 21. Ieee 802.1Q Packet Forwarding 802.1Q Vlan Tags 23. Adding an Ieee 802.1Q Tag Static Vlan Entry 25. Add 802.1Q Static Vlan window Advertisement Port Settings Tagged/None Port Vlan Idpvid None EgressForbidden Default Vlan Tagging and UntaggingIngress Checking 26 .1Q Port Settings window Port Bandwidth Ingress Disabled Acceptable Frame Types 27. Bandwidth Settings window Current Time Settings Sntp Settings Time Zone and DST Port Security From & To Port Security Settings Admin State Max Learning Addr.0-10 Lock Address ModePort Security Clear 31. Port Security Clear window Traffic Control QOS Quality of Service Parameter Description 802.1p Default Priority 33 .1p defaultpriority Settings window QOS Output Scheduling 802.1p User Priority Traffic Segmentation 36. Traffic Segmentation Setting window Link Aggregation Lacp 38. Port Link Aggregation Group window Group ID1-6 39. Port Link Aggregation Settings Add window Lacp Port 41. Link Aggregation Settings window Configuring the Access Profile Table Ethernet Part Ethernet type Port Profile IDType Source MAC Destination MAC 802.1p 44. Access Profile Configuration IP Protocol Source IP Mask Destination IP Mask Psh Packet Content Mask 45. Access Profile Configuration window Packet Content Mask Offset Port 46. Access Rule Table window IP Access ID ModePriority Replace Dscp Vlan Name Source IP Destination IP Dscp Protocol 48. Access Rule Display window IP 49. Access Rule Table Ethernet 802.1p Ethernet Type Priority0-7 Vlan Name Source MAC Destination MAC 51. Access Rule Display window Ethernet 53. Access Rule Configuration window Packet Content Mask Access ID Type Offset 54. Access Rule Display window Packet Content Mask Port Access Entity 802.1x Port-Based and MAC-Based Access ControlSystem Log Hosts 57. The Eapol Packet Authentication Server 59. The Authentication Server Authenticator 100 Client 101 Authentication Process 102 Port-Based Network Access Control MAC-Based Network Access Control Configure Authenticator103 104 65. First 802.1X Authenticator Settings window AdmDir Ctl Stat PortControl TxPeriod QuietPeriod105 106 Port Capability Settings 107 67 .1X Capability Settings window PortStatus Initialize Ports for Port BasedCapability Auth PAE State BackendState Oper Dir Reauthenticate Ports for Port Based Initializing Ports for MAC Based109 110 Reauthenticate Ports for MAC-basedRadius Server Auth State 111 Security IP User Accounts Section ManagementSecurity IP User Accounts 113 Snmp User Table 114 Snmp User Table window 115 Snmp View Table 116 View NameSubtree OID View Type 117 Snmp Group Table 118 119 Snmp Community Table Access Right Snmp Host Table120 121 Snmp Engine ID Section Monitoring CPU Utilization122 Utilization Port UtilizationTime Interval 1s Record Number Clear Time Interval 1sRecord Number Show/Hide Packets Received RX125 126 BytesPackets View Table View Line Chart UMB-cast RX127 128 UnicastMulticast Broadcast Transmitted TX View Table129 130 Tx Packets Analysis window table for Bytes and Packets 131 Errors Fragment CrcErrorUnderSize OverSize Clear JabberDrop Show/Hide ExDefer LateColl134 Size Packet Size135 136 65-127128-255 256-511 137 MAC Address512-1023 1024-1518 138 15. MAC Address Table window Next ARP TableFind Learned 140 Igmp Snooping Group 141 Igmp Snooping Forwarding 142 Vlan Status 143 Port Access ControlAuthenticator Status Router Port 144 21. Authenticator Status window 145 Section MaintenanceTftp Utilities Download Firmware from Server 146 Download Settings from Tftp ServerUpload Settings to Tftp Server Upload Log to Tftp Server Switch History Ping Test147 148 Reboot Services 149 RebootReset Reset System Logout Technical SpecificationsReset Config Appendix a 151 Physical and Environmental 152 Performance 153 Appendix BBlocking State Port in the blocking state does the following Port in the listening state does the following Listening State Learning State Port in the learning state does the following155 Port in the forwarding state does the following Forwarding State Disabled State Disabled port does the following157 Troubleshooting STP Spanning Tree Protocol Failure Full/Half Duplex Mismatch Unidirectional Link159 Resource Errors Packet CorruptionIdentifying a Data Loop 161 Attenzione Warranty and RegistrationWarnung Precaución Warranty and Registration Information Warranties Exclusive Page Page Product Registration Link Europe Limited Product Warranty Page Link Europe Limited Produktgarantie Link Europe a limité la garantie des produits Garante Link Europe Termini di Garanzia dei Prodotti Link International Offices All Countries and Regions excluding USA Registration Card