Manuals / D-Link / Computer Equipment / Switch

D-Link DGS-3100 user manual Configuring Port Authentication, Description

Models: DGS-3100

1 209

Download 209 pages 46.85 Kb

Page 111

Configuring Port Authentication 802.1X

DGS-3100 Series Gigabit Stackable Managed Switch User Manual

Configuring Port Authentication 802.1X

Port-based authentication authenticates users on a per-port/per mac basis via an external server. Only authenticated and approved system users can transmit and receive data. Ports are authenticated via the RADIUS server using the Extensible Authentication Protocol (EAP). The 802.1x Access Control protocol consists of the following vital components which stabilize Access Control Security:

Component

Authenticators

Supplicants/Clients

Authentication Server

Description

The Authenticator is an intermediary between the Authentication Server and the Client. The authenticator:

Requests certification information via the Client (EAPOL packets). The EAPOL packets are the only information allowed to pass between supplicants and the authentication server until the authenticator is granted system access.

Verifies the information gathered from the Client with the Authentication Server, and relays the information to the Client.

Specifies the host connected to the authenticated port requesting to access the system services.

Specifies the server that performs the authentication on behalf of the authenticator, and indicates whether the supplicant is authorized to access system services. The Authentication Server is a remote device connected to the Client network and Authenticator. The Authentication Server must have RADIUS Server application enabled and configured. Clients connected to a port on the Switch must be authenticated by the Authentication Server before accessing any system services. The Authentication Server certifies the client’s identity attempting to access the network by exchanging secure information between the RADIUS server and the Client.

Port-based authentication creates two access states:

State

Controlled Access

Uncontrolled Access

Description

Permits communication between the supplicant and the system, if the supplicant is authorized.

Permits uncontrolled communication regardless of the port state.

99

Image 111

D-Link DGS-3100 Configuring Port Authentication, Component Authenticators Supplicants/Clients Authentication Server

Contents

D-Link DGS-3100 SERIES GIGABIT STACKABLE MANAGED SWITCH User ManualV2.20 Precaución FCC WarningCE Mark Warning WarnungTable of Contents Defining SNMP Host Table Configuring Port Security System Overview Viewing the Device Device Management Methods PrefaceDGS-3100 Series Gigabit Stackable Managed Switch User Manual Safety Cautions General Precautions for Rack-Mountable ProductsDGS-3100 Series Front Panel System OverviewViewing the Device DGS-3100 Series Front PanelSNMP-Based Management Device Management MethodsCommand Line Console Web Based Management InterfaceUser Guide Overview Safety CautionsUser Guide Overview Notes, Notices, and CautionsAn object has fallen into the product DGS-3100 Series Gigabit Stackable Managed Switch User ManualThe power cable, extension cable, or plug is damaged Unplug the power cable before removing the power supplyGeneral Precautions for Rack-Mountable Products Protecting Against Electrostatic Discharge Battery Handling ReminderView Using the Web-Based User InterfaceGETTING STARTED Understanding the D-Link Embedded Web Interface1. Tree View Figure 1-1. Device Information PageView Description1. Click Device Locator. The Device Locator Page opens Using the Tool MenuDisplaying the Stack Status Locating DevicesDescription Backing up and Restoring Configuration FilesFigure 1-3 Config Backup and Restore Page Field Http TFTPResetting the Device 1. Click Reset. The Factory Reset Page opensFigure 1-4 Factory Reset Page Downloading the Firmware 1. Click Firmware Download. The Firmware Download Page opensFigure 1-5 Firmware Download Page Description Field HTTP Download TFTP Download2. Define the Select Unit to Reboot field Rebooting the System1. Click System Reboot. The System Reboot Page opens Figure 1-6 System Reboot PageDescription Using the Web System ComponentsComponent NameCONFIGURING BASIC CONFIGURATION Firmware Version Hardware Version System Time System Up Time Viewing Device InformationFigure 2-1 Device Information Page Field Device Type System Contact System Name System LocationBPDU Forwarding IGMP Snooping Broadcast Storm Control 802.1X Status Field Boot Version MAC Address IP Address Subnet Mask Default GatewayLogin Timeout minutes Time Source 802.1D Spanning Tree DHCP Client Safeguard Engine SNMP Trap SSL GVRP Setting Jumbo FramesFigure 2-2 System Information Page Defining System InformationSystem Contact System Name System Location Login Timeout minutes 3. Define the System Location and Login Timeout minutes fieldsField Defining IP Addresses1. Click Configuration IP Address. The IP Address Page opens Figure 2-3 IP Address PageAllocating Unit IDs Managing StackingManaging Stacking Modes Advanced StackingDefining a Stacking Back Up Master Master Enabled Stacking MembersAssigning Unit IDs Defining a Stacking MasterStack Startup Process Discovering the Stacking MasterElecting a Stacking Master Allocating Unit IDs/Resolving Unit ID Conflicts Unit and Stacking Port ConfigurationManaging a New Manually Ordered Stack Building Stacks - Quick StartStack Resiliency Managing a Self-Ordered StackAdding Stacking Members to an Existing Manually Ordered Stack Stack Management ExamplesReplacing Failed Stacking-Members in a Running Stack Building New Manually Ordered StacksReplacing a Failed Stack Master Dividing Stacks Page Merging Stacks Stacking Cable FailureInserting Excess Stacking Members When switches are added to a running stack, the Unit ID Allocation and Duplicate ID Conflict Resolution process detects an error if too many switches are present in the stack, and no changes are to stacking members that originally belonged to the group managed by the newly elected master. The original switches retain their ID assignments and configurations. The stacking members that originally belonged to the group managed by the Stack Master that lost the Master Election process are shut down Description Configuring StackingFigure 2-4 Stacking Settings Page Field Stacking Master Current Stack ID New Stack ID after resetField Unit From Port To Port State Speed Configuring Port PropertiesDefining Ports Figure 2-5 Port Setting PageDescription Field Flow Control LearningDescription Viewing Port PropertiesFigure 2-6 Port Description Page FieldStatic ARP Settings ARP Settings1. Click Configuration ARP Settings. The ARP Settings Page opens Figure 2-7 ARP Settings PageFigure 2-8 User Accounts Page Configuring User Accounts1. Click Configuration User Accounts. The User Accounts Page opens Field User Name New Password Access Right Confirm New Password2. Click 3. Define the value DGS-3100 Series Gigabit Stackable Managed Switch User Manual2. Click . The user account is deleted, and the device is updated To edit the User Accounts Page 1. Select a name on the User ListDescription Managing System LogsFigure 2-9 System Log Host Page FieldTime level T1 T2 T3 T4 Configuring SNTPStratum Stratum Stratum Stratum ExampleDescription Figure 2-10 Time Settings PageField Time Setting Time in HH MM SS FieldConfiguring Daylight Savings Time Figure 2-11 TimeZone Settings Page Description DST Repeating Settings SectionsField Daylight Savings Time State Daylight Saving Time Offset in Minutes Time Zone Offsetfrom GMTDST Annual Settings Section Field FromMonth FromDay FromTime ToMonth ToDay ToTimeDescription Configuring SNMP Parameters Authentication Privacy Key ManagementDescription Description Defining SNMP ViewsFigure 2-12 SNMP View Table Page Field View Name Subtree OID View TypeDescription Defining SNMP GroupsFigure 2-13 SNMP Group Table Page Field Group Name Read View Name Write View NameField Notify View Name Security Model Security Level DescriptionCommunity/View TestReadView PWriteView PrivateView Field User Name Group Name SNMP V3 Encryption Defining SNMP UsersAuth-Protocol by Password Password Confirm Password Figure 2-14 SNMP User Table PageConfirm Key FieldDescription Auth-Protocol by KeyFigure 2-15 SNMP Community Table Page Defining SNMP CommunitiesAccess Rights 2. Define the Community Name, and View Name, Access Right fieldsDefining SNMP Host Table To define the SNMP Host Table PageFigure 2-16 SNMP Host Table Page SNMP Version FieldDescription Host IP AddressDescription Defining SNMP Engine IDField Engine ID Use Default Figure 2-17 SNMP Engine ID PageDescription Enabling SNMP TrapsFigure 2-18 SNMP Configuration Trap Page Field SNMP Traps SNMP Authentication TrapsDescription DHCP Auto ConfigurationFigure 2-19 DHCP Auto Configuration Page Field DHCP Auto ConfigurationFigure 2-20 Firmware Information Page Dual Image ServicesFirmware Information Field Unit Image Version Update TimeField Config Firmware ImageFigure 2-21 Config Firmware Image Page Defines the image file used for reboot. The possible values areCONFIGURING L2 FEATURES Field Jumbo Frame Enabling Jumbo Frames1. Click L2 Features Jumbo Frame. The Jumbo Frame Page opens Figure 3-1. Jumbo Frame PageNotes about VLANs on the DGS-3100 Series Configuring VLANsUnderstanding IEEE 802.1p Priority VLAN DescriptionTerm Untagging Ingress port Egress port DescriptionFigure 3-2. IEEE 802.1Q Packet Forwarding 802.1Q VLAN Tags Figure 3-3. IEEE 802.1Q TagFigure 3-4. Adding an IEEE 802.1Q Tag Port VLAN ID Tagging and UntaggingIngress Filtering Switch Ports Default VLANsVLAN and Trunk Groups VLAN StatusField VID VLAN Name Untag VLAN Ports Tag VLAN Ports Defining VLAN Properties1. Click L2 Features 802.1Q VLAN. The VLAN Configuration Page opens Figure 3-5. VLAN Configuration Page1. Click L2 Features 802.1Q VLAN. The VLAN Configuration Page opens Figure 3-6. Add/Edit VLAN Information PageDescription Configuring GVRP 1. Click L2 Features GVRP Settings. The GVRP Setting Page opensFigure 3-7. GVRP Setting Page 4. Define the PVID, GVRP, Ingress, and Acceptable Frame Type fields Field GRVP Global Setting Unit From Port To Port PVID GVRP IngressAcceptable Frame Type DescriptionField Unit Group ID Type Ports Defining Trunking1. Click L2 Features Trunking. The Trunking Configuration Page opens Figure 3-8. Trunking Configuration PageNotes about Trunking on the DGS-3100 Series Description Traffic SegmentationFigure 3-9. Traffic Segmentation Page Field4. Define the Port-Priority and LACP Timeout fields Configuring LACPFigure 3-10. LACP Port Settings Page TimeoutFigure 3-11. IGMP Snooping Page Defining IGMP Snooping1. Click L2 Features IGMP Snooping. The IGMP Snooping Page opens Leave Timer2. Click . The Static Router Ports Settings Page opens Host TimeoutRouter Timeout Static Router Port Setting Edit buttonDescription Host TimeoutRouter Timeout FieldField Status Unit Target Port Source Port Configuring Port Mirroring1. Click L2 Features Port Mirroring. The Port Mirroring Page opens Figure 3-13. Port Mirroring PageDescription DGS-3100 Series Gigabit Stackable Managed Switch User Manual4. Define the Unit, Tx, and Rx. fields under Source Port Setting Field NoneConfiguring Spanning Tree Version Classic STP Rapid STP Multiple STPDescription Description Defining Spanning Tree Global ParametersFigure 3-14. STP Bridge Global Settings Page FieldBridge Priority 0 Bridge Forward DelayField DescriptionDescription Defining STP Port SettingsFigure 3-15. STP Port Settings Page Field Unit From Port To Port Cost 0=AutoDescription Field Edge Forwarding BPDU P2P StateField Defining Multiple Spanning Tree Configuration IdentificationFigure 3-16. MST Configuration Identification Page Configuration NameDescription Defining MSTP Port InformationFigure 3-17. MSTI Config Information Page Field Unit Port Instance ID Internal Path Cost Priority StatusField Role Description4. Define the Internal Path Cost and Priority fields Field Aging Time VID MAC Address Unit Port Defining Forwarding and FilteringDefining Unicast Forwarding Figure 3-18. Unicast Forwarding PageDescription Defining Multicast ForwardingFigure 3-19. Multicast Forwarding Page FieldThe entry is deleted, and the device is updated DGS-3100 Series Gigabit Stackable Managed Switch User Manual4. Click To restore the default settings 1. Click The default settings are restoredConfiguring 1p CONFIGURING QUALITY OF SERVICEFigure 4-1. Mapping QoS on the Switch Understanding QoS Field Defining Bandwidth Settings1. Click QoS Bandwidth Control. The Bandwidth Control Page opens Figure 4-2. Bandwidth Control PageDescription Configuring Storm ControlFigure 4-3. Traffic Control Settings Page Field Unit From Port To Port Storm Control Type State Threshold 35002. Define the Unit, From Port, To Port, Prioirity fields Mapping Ports to Packet PrioritiesFigure 4-4. 802.1P Default Priority Page DescriptionDescription Mapping Priority to Classes QueuesFigure 4-5. 802.1P User Priority Page Field Priority Class IDDescription Configuring QoS Scheduling MechanismField Class ID Mechanism Weight Figure 4-6. QoS Scheduling Mechanism PageFigure 4-7. Multi-Layer CoS Setting Page Defining Multi-Layer CoS SettingsSECURITY FEATURES Field Safeguard Engine Configuring Safeguard Engine1. Click Security Safeguard Engine. The Safeguard Engine Page opens Figure 5-8. Safeguard Engine PageFigure 5-9.Trusted Host Page Configuring Trust HostField IP1 Access to Switch IP2 Access to Switch IP3 Access to Switch 1. Click Security Trusted Host. The Trusted Host Page opensFigure 5-10. Port Security Page Configuring Port SecurityField Unit From Port To Port Admin State Max Address0-64 Port 1. Click Security Port Security. The Port Security Page opens1. Click Security Guest Vlan. The Guest VLAN Page opens Configuring Guest VLANsField Max Learning Addr DescriptionDescription Configuring Port AuthenticationComponent Authenticators Supplicants/Clients Authentication Server State Controlled Access Uncontrolled AccessServerTimeout 1-65535 sec 1. Click Security 802.1X Setting. The 802.1X Setting Page opensFigure 5-12. 802.1X Setting Page SuppTimeout 1-65535 secUnit FieldDescription ControlReAuthEnabled 1. Click Security 802.1X Setting. The 802.1X Setting Page opensSuppTimeout 1-65535 sec ServerTimeout 1-65535 secUnit FieldDescription ControlPage DGS-3100 Series Gigabit Stackable Managed Switch User Manual DGS-3100 Series Gigabit Stackable Managed Switch User Manual Confirm Key Defining RADIUS SettingsFigure 5-13. Authentic RADIUS Server Page Field Succession RADIUS Server Authentic Port Accounting Port Key1. Click Security SSL. The SSL Configuration Settings Page opens Configuring Secure Socket Layer SecurityFigure 5-14. SSL Configuration Settings Page Field SSL Status Ciphersuite StatusDescription Description Configuring Secure Shell SecurityFigure 5 -15. SSH Configuration Page Field SSH Server Status PortDefining SSH Algorithm Settings Public key Figure 5-16. SSH Algorithm Settings PageField DescriptionDescription Defining Application Authentication SettingsFigure 5-17. Application Authentication Settings Page Field Application Login Method List Enable Method ListField Configuring Authentication Server HostsFigure 5-18. Authentication Server Host Page Timeout 1-30secsDescription Defining Login MethodsFigure 5-19. Login Method Lists Page Field Method List Name Method MethodDescription are Field Method MethodDescription Defining Enable MethodsFigure 5-20. Enable Method Lists Page Field Method List Name MethodDescription Field Method Method MethodProvide the current network Enable password Configuring Local Enable PasswordFigure 5-21. Configure Local Enable Password Page Old Local Enable PasswordMONITORING THE DEVICE Description Viewing Stacking InformationField Master ID Backup ID Box ID Runtime version H/W version Figure 6-1 Stacking Information PageField Utilization Time Interval Record Number Show/Hide Viewing CPU Utilization1. Click Monitoring CPU Utilization. The CPU Utilization Page opens Figure 6-2. CPU Utilization PageDescription Viewing Port UtilizationFigure 6-3. Port Utilization Page Field Unit Port Utilization Time Interval Record Number Show/HideField Unit Port Packet Size Analysis - Selected Port Number Viewing Packet Size Information1. Click Monitoring Packet Size. The Packet Size Page opens Figure 6-4. Packet Size PageField Unit Port Bytes Packets Time Interval Record Number Show/Hide Viewing Received Packet Statistics1. Click Monitoring Packets ReceivedRX. The ReceivedRX Page opens Figure 6-5. ReceivedRX PageField Unit Port Unicast Multicast Broadcast Time Interval Viewing UMBcast Packet Statistics1. Click Monitoring Packets UMBcastRX. The UMBcastRX Page opens Figure 6-6. UMBcastRX PageFigure 6-7. TransmittedTX Page Viewing Transmitted Packet StatisticsField DescriptionDescription Field Record Number Show/HideAccepts Rejects Viewing RADIUS Authenticated Session StatisticsFigure 6-8. RADIUS Authentication Page Field Time Interval Server UDP Port Timeouts Requests ChallengesDescription Viewing ARP TableFigure 6-9 Browse ARP Table Page Field VLAN Name IP Address Total Entries MAC Address TypeDescription Viewing Router PortsFigure 6-10 Browse Router Port Page Field VID Unit PortDescription Viewing Session TableFigure 6-11 Browse Session Table Page Field ID From User Privilege NameDescription Viewing IGMP Group InformationFigure 6-12 IGMP Snooping Group Page Field VID VLAN Name VLAN Name Multicast Group MAC Address PortDescription Defining Dynamic and Static MAC AddressesFigure 6-13 MAC Address Table Page Field Unit Port VLAN Name MAC Address VID TypeTo view all entries, click To clear static entries, click DGS-3100 Series Gigabit Stackable Managed Switch User Manual2. Select the Stacking member in the Unit field 3. Define the Port, VLAN Name, and MAC Address fields 4. ClickField ID Time Log Description Severity Viewing System Log1. Click Monitoring System Log. The System Log Page opens Figure 6-14 System Log PageMANAGING POWER OVER ETHERNET DEVICES PoE Enable Defining PoE System Information1. Click PoE PoE Port Setting. The PoE Port Setting Page opens Figure 7-1 PoE Port Setting PageOff - Indicates that the power supply unit is not functioning Indicates the power consumption is 7WIndicates the power consumption is 15.4W Normal - Indicates that the power supply unit is functioningSystem Power Threshold Displaying and Editing PoE System Information1. Click PoE PoE System Setting. The PoE System Setting Page opens Figure 7-2 PoE System Setting PageDEFINING ACCESS PROFILE LISTS Fields ACL Configuration WizardFigure 8-1 ACL Configuration Wizard Page Service TypeTCP Destination Port - Matches the packet to the TCP Destination Port FieldsDescription TCP Source Port - Matches the packet to the TCP Source PortAdding ACL Profiles Defining Access Profile Lists1. Click ACL Access Profile List. The ACL Profile List Page opens Displays the access ruleL2 ACL Figure 8-3 Add ACL Profile PageField DescriptionFigure 8-5 ACL Profile L2 ACL Tagged MAC Address Page Defining Level 2 ACLFigure 8-4 ACL Profile L2 ACL Tagged Page To define L2 MAC Address ACL profileDestination MAC Mask FieldDescription Source MAC MaskFigure 8-7 ACL Profile L2 ACL Tagged Ether Type Page To define L2 Ether Type ACL profileDefining Level 3 ACL Figure 8-8 ACL Profile L2 ACL Untagged PageFigure 8-9 Add ACL Profile L3 Page Figure 8-11 ACL Profile L3 ACL ICMP IPv4 Address Page To define L3 IPv4 DSCP ACL profileFigure 8-10 ACL Profile L3 ACL ICMP IPv4 DSCP Page To define L3 IPv4 Address ACL profileField DescriptionTo define L3 ICMP ACL profile Figure 8-12 ACL Profile L3 ACL ICMP PageTo define L3 IGMP ACL profile Figure 8-13 ACL Profile L3 IGMP PageFigure 8-14 ACL Profile L3 IGMP Selected Page Figure 8-15 ACL Profile L3 TCP Page To define L3 TCP Port ACL profileFigure 8-16 ACL Profile L3 TCP Port Page Description To define L3 TCP Flag ACL ProfileFigure 8-17 ACL Profile L3 TCP Flag Page Figure 8-19 ACL Profile L3 UDP Port Page DGS-3100 Series Gigabit Stackable Managed Switch User ManualIf L3 ACL UDP is selected, the page updates as follows Figure 8-18 ACL Profile L3 UDP PageDescription Filter Defining Access Rules ListsClick ACL Access Profile List The Access Profile List Page opens Figure 8-20 Access Profile List PageField 1. Click . The Add Access Rule Page opensFigure 8-21 Add Access Rule Page IP based ACL Access IDDGS-3100 Series Gigabit Stackable Managed Switch User Manual 3. Click . The rule is changed, and the device is updated2. Define the Rule Detail fields Figure 8-22 ACL Finder Page Finding ACL RulesAccess ID 1. Click ACL ACL Finder The ACL Finder Page opensDescription Access IDFigure 8-23 Rule Detail Page FieldNotes about ‘IP’ and ‘MAC’ Based ACLs in the DGS-3100 Series Notes about ACLs capacity in the DGS-3100 Series Limited Lifetime Warranty for the product is defined as follows Reorient or relocate the receiving antenna Product Registration LIMITED WARRANTY Warranty PeriodProduct Type What Is Not Covered What You Must Do For Warranty Serviceis not contemplated in the documentation for the product, or if the model or serial number has been altered, tampered with, defaced or removed FCC Warning TrademarksCopyright Statement Tech Support for customers within Canada TECHNICAL SUPPORTTechnical Support Tech Support for customers within the United StatesD-Link UK & Ireland Technical Support over the Internet For Customers within The United Kingdom & IrelandFor Customers within Canada Technical SupportTechnische Unterstützung Link Assistance techniqueSupport technique destiné aux clients établis en France Support technique destiné aux clients établis au CanadaAsistencia Técnica Asistencia Técnica de D-Link por teléfonoAsistencia Técnica de D-Link a través de Internet Gli ultimi aggiornamenti e la documentazione sono Supporto tecnicoSupporto tecnico per i clienti residenti in Italia D-Link Mediterraneo S.r.LTech Support for customers within Luxemburg Technical SupportTech Support for customers within the Netherlands Tech Support for customers within BelgiumPomoc techniczna D-Link poskytuje svým zákazníkům bezplatnou technickou podporu Technická podporaAktualizované verze software a uživatelských příruček najdete na webové stránce firmy D-LinkD-Link Magyarország Technikai TámogatásDu kan finne programvare oppdateringer og bruker Teknisk SupportTeknisk Support D-Link Teknisk telefon SupportTlf. 7026 Teknisk SupportD-Link teknisk support på Internettet D-Link teknisk support over telefonenArkisin klo. 9 - 21 numerosta Teknistä tukea asiakkaille SuomessaD-Link tarjoaa teknistä tukea asiakkailleen Tuotteen takuun voimassaoloajan Tekninen tuki palvelee seuraavastiuppdateringar och annan användarinformation Teknisk Support för kunder i SverigeTeknisk Support På vår hemsida kan du hitta mer information om mjukvaruAssistência Técnica Suporte TécnicoSuporte Técnico para clientes no Portugal Você pode encontrar atualizações de software e documentação deΤηλ 210 86 11 Φαξ 210 86 53 Δευτέρα-Παρασκευή Τεχνική ΥποστήριξηΓια πελάτες εντός του Ελλαδικού χώρου Τηλεφωνική υποστήριξη D-LinkIndia Technical SupportTech Support for customers in Australiahttp//support.dlink-me.com Technical SupportTech Support for customers in http//support.dlink-me.comD-Link предоставляет бесплатную поддержку для клиентов Техническая поддержкаОбновления программного обеспечения и документация доступны на Интернет-сайте D-LinkAsistencia Técnica São Paulo +11-2185-9301 Segunda à sexta Das 8h30 às 18h30 Suporte TécnicoSuporte Técnico para clientes no Brasil Telefone0800-002-615 D-Link 友訊科技台灣分公司技術支援資訊電子郵件：dssqaservice@dlink.com.tw D-Link 免付費技術諮詢專線diperoleh pada situs web D-Link Dukungan TeknisDukungan Teknis untuk pelanggan Update perangkat lunak dan dokumentasi pengguna dapat技术支持中心电话：8008296688 技术支持中心传真：02885176948 技术支持您可以在 D-Link 的官方網站找到產品的軟件升級和使用手冊办公地址：北京市东城区北三环东路 36 号环球贸易中心 B 座 26F 02-05 室邮编International Offices Product Serial No Product installed in type of computerRegistration Card All Countries and Regions Excluding USA Product Model