Port-Based Network Access Control, 102 | D-Link DES-3250TG specification

D-Link DES-3250TG Standalone Layer 2 Switch

Port-Based Network Access Control

RADIUS

Server

Ethernet Switch

	802.1X	802.1X	802.1X					…
802.1X	802.1X	802.1X	802.1X	802.1X	802.1X	802.1X	802.1X	802.1X
Client	Client	Client	Client	Client	Client	Client	Client	Client

Network access controlled port

Network access uncontrolled port

Figure 7- 63. Example of Typical Port-Based Configuration

Once the connected device has successfully been authenticated, the Port then becomes Authorized, and all subsequent traffic on the Port is not subject to access control restriction until an event occurs that causes the Port to become Unauthorized. Hence, if the Port is actually connected to a shared media LAN segment with more than one attached device, successfully authenticating one of the attached devices effectively provides access to the LAN for all devices on the shared segment. Clearly, the security offered in this situation is open to attack.

102

Image 112

D-Link DES-3250TG manual Port-Based Network Access Control, 102

Contents

User’s Guide Link DES-3250TG Standalone Layer 2 Switch Table of Contents Igmp SNMPV3 Link DES-3250TG Standalone Layer 2 Switch Intended Readers PrefaceVii Safety Cautions Safety InstructionsViii General Precautions for Rack-Mountable Products Safety Instructions Protecting Against Electrostatic Discharge Switch Stacking Section IntroductionFast Ethernet Technology Gigabit Ethernet Technology Features Ports Traffic Classification and Prioritization Management Section Unpacking and Setup InstallationDesktop or Shelf Installation Unpacking Installation Power On Rack Installation Installing rubber feet for desktop installation Power on Power Failure Front Panel Section Identifying External ComponentsRear Panel Side Panels LED IndicatorsGigabit Combo Ports Link DES-3250TG Standalone Layer 2 Switch Switch to End Node Section Connecting the SwitchSwitch to Hub or Switch 10BASE-T Device Stacking vs. Standalone Operation100BASE-TX Device Managing Switch Stacks Changes to Switch Stack Structure Convert a Standalone Switch to a Stacked Switch Add a Switch to a Stack Convert a Standalone Switch to a Stacked Switch Download configuration ipaddr pathfilename Swap a Master from a Stack DES-3250TG Switches with DGS-3312SR Stacking with DGS-3312SR Section Introduction to Switch Management Command Line Console Interface Through the Serial PortManagement Options Web-based Management Interface Connecting the Console Port RS-232 DCE First Time Connecting to The Switch Initial screen after first connection Password Protection Initial screen, first time connecting to the Switch Snmp Settings Creation of a new Admin level account Traps IP Address AssignmentMIBs Show switch command Connecting Devices to the Switch Login to Web Manager Section Web-based Switch ManagementIntroduction Admin and User Privileges User Accounts Management Save Changes User Account Management Areas of the User Interface Area Web Pages Section Configuration Access Profile Table System Log Hosts PAE Access Entity To set the switch’s IP address IP Address Default Gateway ManualIP Address Subnet Mask Switch Information Advanced SettingsAdmin. State Click the Switch Information link in the Configuration menu Link Aggregation Algorithm Mac Serial Port Settings MAC Notification Port Configuration Click the Port Configuration link in the Configuration menuMAC Notification Interval MAC Notification History Size Port Configuration window State Enabled Port DescriptionFrom and To Speed/Duplex Auto Click Port Mirroring on the Configuration menu Port Mirroring Source Port NoneIngress Egress Stack Setting Click Stack Setting on the Configuration menuTarget Port Status Static ARP Settings Auto MAC Address Port Range Mode Version RPS Status Igmp Igmp Snooping Vlan ID Query Interval Static Router Ports Entry State Spanning Tree Member Ports 802.1w Rapid Spanning Tree Port Transition StatesEdge Port P2P Port STP Switch Settings 802.1d/802.1w Compatibility Protocol Disabled Bridge Forward DelaySpanning Tree Bridge Max Age STP Port Settings 17. STP Port Settings window Cost PriorityMigration No Edge No Forwarding Filtering Unicast ForwardingMulticast Forwarding MAC Address 19. Static Multicast Forwarding Settings window Port VLANs VLANs on the DES-3250TGIeee 802.1Q VLANs 802.1Q Vlan Packet Forwarding 802.1Q Vlan Tags 21. Ieee 802.1Q Packet Forwarding Static Vlan Entry 23. Adding an Ieee 802.1Q Tag 25. Add 802.1Q Static Vlan window Port Settings Tagged/None Advertisement None Egress Port Vlan IdpvidForbidden Tagging and Untagging Default VlanIngress Checking 26 .1Q Port Settings window Ingress Disabled Acceptable Frame Types Port Bandwidth 27. Bandwidth Settings window Sntp Settings Current Time Settings Port Security Time Zone and DST Port Security Settings From & To Max Learning Addr.0-10 Lock Address Mode Admin StatePort Security Clear 31. Port Security Clear window QOS Quality of Service Traffic Control Parameter Description 802.1p Default Priority 33 .1p defaultpriority Settings window 802.1p User Priority QOS Output Scheduling 36. Traffic Segmentation Setting window Traffic Segmentation Lacp Link Aggregation 38. Port Link Aggregation Group window 39. Port Link Aggregation Settings Add window Group ID1-6 Lacp Port Configuring the Access Profile Table 41. Link Aggregation Settings window Part Ethernet Profile ID TypeSource MAC Destination MAC 802.1p Ethernet type Port 44. Access Profile Configuration IP Source IP Mask Destination IP Mask Protocol Packet Content Mask Psh 45. Access Profile Configuration window Packet Content Mask Offset Port 46. Access Rule Table window IP Mode Access IDPriority Replace Dscp 48. Access Rule Display window IP Vlan Name Source IP Destination IP Dscp Protocol 49. Access Rule Table Ethernet Priority0-7 Vlan Name Source MAC Destination MAC 802.1p Ethernet Type 51. Access Rule Display window Ethernet 53. Access Rule Configuration window Packet Content Mask Access ID Type Offset 54. Access Rule Display window Packet Content Mask 802.1x Port-Based and MAC-Based Access Control Port Access EntitySystem Log Hosts Authentication Server 57. The Eapol Packet Authenticator 59. The Authentication Server Client 100 Authentication Process 101 Port-Based Network Access Control 102 Configure Authenticator MAC-Based Network Access Control103 65. First 802.1X Authenticator Settings window 104 Ctl Stat PortControl TxPeriod QuietPeriod AdmDir105 Port Capability Settings 106 67 .1X Capability Settings window 107 Initialize Ports for Port Based CapabilityAuth PAE State BackendState Oper Dir PortStatus Initializing Ports for MAC Based Reauthenticate Ports for Port Based109 Reauthenticate Ports for MAC-based Radius ServerAuth State 110 111 Section Management Security IPUser Accounts Security IP User Accounts Snmp User Table 113 Snmp User Table window 114 Snmp View Table 115 View Name Subtree OIDView Type 116 Snmp Group Table 117 118 Snmp Community Table 119 Snmp Host Table Access Right120 Snmp Engine ID 121 CPU Utilization Section Monitoring122 Port Utilization Time Interval 1sRecord Number Utilization Time Interval 1s Record NumberShow/Hide Clear Received RX Packets125 Bytes PacketsView Table 126 UMB-cast RX View Line Chart127 Unicast MulticastBroadcast 128 View Table Transmitted TX129 Tx Packets Analysis window table for Bytes and Packets 130 Errors 131 CrcError UnderSizeOverSize Fragment Jabber DropShow/Hide Clear LateColl ExDefer134 Packet Size Size135 65-127 128-255256-511 136 MAC Address 512-10231024-1518 137 15. MAC Address Table window 138 ARP Table FindLearned Next Igmp Snooping Group 140 Igmp Snooping Forwarding 141 Vlan Status 142 Port Access Control Authenticator StatusRouter Port 143 21. Authenticator Status window 144 Section Maintenance Tftp UtilitiesDownload Firmware from Server 145 Download Settings from Tftp Server Upload Settings to Tftp ServerUpload Log to Tftp Server 146 Ping Test Switch History147 Reboot Services 148 Reboot ResetReset System 149 Technical Specifications Reset ConfigAppendix a Logout Physical and Environmental 151 Performance 152 Appendix B Blocking StatePort in the blocking state does the following 153 Listening State Port in the listening state does the following Port in the learning state does the following Learning State155 Forwarding State Port in the forwarding state does the following Disabled port does the following Disabled State157 Troubleshooting STP Spanning Tree Protocol Failure Unidirectional Link Full/Half Duplex Mismatch159 Packet Corruption Resource ErrorsIdentifying a Data Loop 161 Warranty and Registration WarnungPrecaución Attenzione Warranty and Registration Information Warranties Exclusive Page Page Product Registration Link Europe Limited Product Warranty Page Link Europe Limited Produktgarantie Link Europe a limité la garantie des produits Garante Link Europe Termini di Garanzia dei Prodotti Link International Offices Registration Card All Countries and Regions excluding USA