D-Link DGS-3700 802.1X

DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual

155

Client’s MAC Address The MAC address of the DHCP client. Only multiple legal DH CP servers on the network

need to be entered in this field. If there is only one legal DHCP ser ver on the net work, no

input to this field is allowed.

Ports Choose the range of ports that you want to use as the DHCP server, or check the Al l Ports

box if you wish to use all the ports on the switch.

Click Apply to implement changes.

802.1X

802.1X Port-Based and Host-Based Access Control

The IEEE 802.1X standard is a security measure for authorizing and authenticating users to gai n access to various

wired or wireless devices on a specified Local Area Network by using a Client and Server based access control

model. This is accomplished by using a RADIUS server to authenticate users trying to acc ess a network by relaying

Extensible Authentication Protocol over LAN (EAPOL) packets between the Client and the Ser ver . T he f ollowing figure

represents a basic EAPOL packet:

Figure 5 - 14 The EAPOL Packet

Utilizing this method, unauthorized devices are restricted from c onnecting to a LAN thr ough a port to which t he user is

connected. EAPOL packets are the only traffic that can be transmitted through the specif ic port until authorization is

granted. The 802.1X Access Control method holds three roles, each of which are vital to creat ing and upkeeping a

stable and working Access Control security method.

Figure 5 - 15 The three roles of 802.1X

The following section will explain the three roles of Client, Authent icator and Authentication Server in greater detail.

Authentication Server

The Authentication Server is a remote device that is connected to the same network as the Client and Auth enticator,

must be running a RADIUS Server program and must be configured properly on the Authenticator (Switch). Clients

Contents

Main Copyright 2009. All rights reserved User Manual Product Model: DGS-3700 Series Layer 2 Managed Gigabit Ethernet Switch Release 1.00 Page Table of Contents Page Page Page Page Page Page Page Preface Intended Readers Typographical Conventions Notes, Notices, and Cautions Section 1 Web-based Switch Configuration Introduction Login to Web Manager Web-based User Interface Areas of the User Interface Web Pages Page Section 2 Configuration Device Information System Information Serial Port Settings IP Address Page Setting the Swiths IP Address using the Console Interface Interface Settings Page IPv6 Route Settings IPv6 Neighbor Settings Port Configuration Port Settings Port Description Port Error Disabled Static ARP Settings User Accounts Admin, Operator and User Privileges Page System Log Configuration System Log Settings System Log Server Page System Severity Settings DHCP Relay DHCP Relay Global Settings Page The Implementation of DHCP Information Option 82 on the Switch DHCP Relay Interface Settings DHCP Relay Option 60 Default Settings DHCP Relay Option 60 Settings DHCP Relay Option 61 Default Settings DHCP Relay Option 61 Settings Out of Band Management Settings External Alarm Settings DHCP Auto Configuration Settings MAC Addre s s Aging Time Web Settings Telnet Settings Password Encryption Clipaging Settings Firmware Information Dual Configuration Settings Ping Test Local Loopback Ports Settings VLAN Counter Settings SNTP Settings Time Settings TimeZone Settings MAC Notification Settings MAC Notification Global Settings MAC Notification Port Settings SNMP Settings Traps MIBs SNMP Global State Settings SNMP View Table SNMP Group Table SNMP User Table SNMP Community Table SNMP Host Table SNMP v6Host Table SNMP Engine ID SNMP Trap Configuration Time Range Settings sFlow sFlow Global State Settings sFlow Analyzer Server Settings sFlow Flow Sampler Settings sFlow Counter Poller Settings Single IP Management The Upgrade to v1.6 Single IP Settings Topology Page Page Tool Tips Right-Click Group Icon Commander Switch Icon Member Switch Icon Candidate Switch Icon Menu Bar File Group Device View Firmware Upgrade Configuration File Backup/Restore Upload Log File DDM Browse DDM Status List DDM Settings DDM Temperature Threshold Settings DDM Voltage Threshold Settings DDM Bias Current Threshold Settings DDM Tx Power Threshold Settings DDM Rx Power Threshold Settings Page Section 3 L2 Features Jumbo Frame VLANs Understanding IEEE 802.1p Priority VLAN Description Notes About VLANs IEEE 802.1Q VLANs 802.1Q VLAN Tags Port VLAN ID Tagging and Untagging Ingress Filtering Default VLANs Port-based VLANs VLAN Segmentation VLAN and Trunk Groups Double VLANs Regulations for Double VLANs 802.1Q VLAN Page Page Page Subnet VLAN Subnet VLAN Settings VLAN Precedence Settings Q-in-Q Q-in-Q Settings VLAN Translation Settings Q-in-Q and VLAN Translation Rules 802.1v Protocol VLAN 802.1v Protocol Group Settings 802.1v Protocol VLAN Settings RSPAN Settings GVRP Settings GVRP Global Settings MAC-based VLAN Settings PVID Auto Assign Settings Port Trunking Understanding Port Trunk Groups Page LACP Port Settings Traffic Segmentation BPDU Tunneling Settings IGMP Snooping IGMP Snooping Settings Page IGMP Snooping Rate Limit Settings IGMP Snooping Static Group Settings IGMP Multicast Group Profile Settings IGMP Snooping Multicast VLAN Settings IPv4 Multicast Profile Settings IPv4 Limited Multicast Range Settings IPv4 Max Multicast Group Settings MLD Snooping MLD Control Messages MLD Snooping Settings Page MLD Snooping Rate Limit Settings MLD Snooping Static Group Settings MLD Multicast Group Profile Settings MLD Snooping Multicast VLAN Settings IPv6 Multicast Profile Settings IPv6 Limited Multicast Range Settings IPv6 Max Multicast Group Settings Port Mirror Loopback Detection Settings Spanning Tree 802.1w Rapid Spanning Tree Port Transition States Edge Port P2P Port 802.1D and 802.1w Compatibility STP Bridge Global Settings Page STP Port Settings MST Configuration Identification STP Instance Settings MSTP Port Information Forwarding & Filtering Unicast Forwarding Multicast Forwarding Multicast Filtering Mode LLDP LLDP Global Settings LLDP Port Settings LLDP Management Address List LLDP Basic TLVs Settings LLDP Dot1 TLVs Settings LLDP Dot3 TLVs Settings LLDP Statistics System LLDP Local Port Information LLDP Remote Port Information CFM CFM Port Settings CFM CCM PDUs Forwarding Mode CFM MPs Reply LTRs CFM MIPCCM List Connectivity Fault Management Settings CFM Loopback Settings CFM Linktrace Settings Ethernet OAM Ethernet OAM Settings Ethernet OAM Configuration Settings Section 4 QoS Advantages of QoS Understanding QoS Page HOL Blocking Pevention Bandwidth Control Traffic Control Page 802.1p Default Priority 802.1p User Priority QoS Scheduling Mechanism QoS Scheduling In Band Manage Settings SRED SRED Settings Page Page Page 802.1p Map Settings Section 5 Security Safeguard Engine Page Trusted Host IP-MAC-Port Binding IMP Binding Global Settings IMP Binding Port Settings Page IMP Binding Entry Settings DHCP Snooping Entries MAC Block List Port Security Port Security Port Settings Port Security VLAN Settings Port Security Entries DHCP Server Screening Settings DHCP Screening Port Settings DHCP Offer Filtering 802.1X 802.1X Port-Based and Host-Based Access Control Authentication Server Authenticator Client Authentication Process Understanding 802.1X Port-based and Host-based Network Access Control Port-Based Network Access Control Host-Based Network Access Control 802.1X Global Settings 802.1X Port Settings Page 802.1X User Authentication RADIUS Server Initialize Port(s) Reauthenticate Port(s) Guest VLAN Configuration Limitations Using the Guest VLAN Guest VLAN SSL Settings Download Certificate Ciphersuite Page SSH SSH Settings SSH Authmode and Algorithm Settings SSH User Authentication Lists Access Authentication Control Page Authentication Policy Settings Application Authentication Settings Authentication Server Group Authentication Server Login Method Lists Enable Method Lists Local Enable Password Settings RADIUS Accounting Settings MAC-based Access Control Notes About MAC-based Access Control MAC-based Access Control Settings Page MAC-based Access Control Local Settings Web Authentication Conditions and Limitations Web-based Access Control Settings Web-based Access Control User Settings NetBIOS Filtering NetBIOS Filtering Settings Section 6 ACL ACL Configuration Wizard Access Profile List Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page CPU Interface Filtering CPU Access Profile List Page Page Page Page Page Page Page Page Page Page ACL Finder ACL Flow Meter Page Page Section 7 Monitoring Device Status Cable Diagnostic CPU Utilization Port Utilization Packet Size Page Memory Utilization Packets Received (RX) Page UMB_cast (RX) Transmitted (TX) Page Page Errors Received (RX) Transmitted (TX) Page Port Access Control RADIUS Authentication RADIUS Account Client Page Authenticator State Authenticator Statistics Authenticator Session Statistics Authenticator Diagnostics Page Browse ARP Table VLAN Browse VLAN Show VLAN Ports IGMP Snooping Browse IGMP Router Port IGMP Snooping Group IGMP Snooping Forwarding Table Browse IGMP Snooping Counter MLD Snooping Browse MLD Router Port MLD Snooping Group MLD Snooping Forwarding Table Browse MLD Snooping Counter Browse Session Table CFM CFM Packet Counter List CFM Packet Counter CCM List Browse CFM Fault MEP Browse CFM Port MP List MAC Address Table Browse VLAN Counter Statistics Ethernet OAM Browse Ethernet OAM Event Log Browse Ethernet OAM Statistics Page Historical Counter & Utilization Browse Historical Counter Browse Historical Utilization System Log Page Section 8 Save Services and Tools Save Configuration ID 1 Save Configuration ID 2 Save Log Save All Configuration File Backup & Restore Upload Log File Reset Download Firmware Reboot System Appendix A Mitigating ARP Spoofing Attacks Using Packet Content ACL Page Page Page Page Example topology Configuration Page Page Appendix B System Log Entries Page Page Page Page Page Page Page Page DGS-3700 Series Trap List Proprietary Trap List Page Appendix C Glossary Page Appendix D Password Recovery Procedure