Authentication Server | D-Link DGS-3700 instruction

DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual

Figure 5 - 38 Authentication Server Group Settings Edit window

To add an Authentication Server Host to the list, enter its IP address in the IP Address field, choose the protocol associated with the IP address of the Authentication Server Host and click Add to add this Authentication Server Host to the group.

NOTE: The user must configure Authentication Server Hosts using the Authentication Server Hosts window before adding hosts to the list. Authentication Server Hosts must be configured for their specific protocol on a remote centralized server before this function can work properly.

NOTE: The four built in server groups can only have server hosts running the same TACACS daemon. TACACS/XTACACS/TACACS+ protocols are separate entities and are not compatible with each other.

Authentication Server

This window will set user-defined Authentication Server Hosts for the TACACS/XTACACS/TACACS+/RADIUS security protocols on the Switch. When a user attempts to access the Switch with Authentication Policy enabled, the Switch will send authentication packets to a remote TACACS/XTACACS/TACACS+/RADIUS server host on a remote host. The TACACS/XTACACS/TACACS+/RADIUS server host will then verify or deny the request and return the appropriate message to the Switch. More than one authentication protocol can be run on the same physical server host but, remember that TACACS/XTACACS/TACACS+/RADIUS are separate entities and are not compatible with each other. The maximum supported number of server hosts is 16.

To view this window, click Security > Access Authentication Control > Authentication Server as shown below:

Figure 5 - 39 Authentication Server Settings window

Configure the following parameters to add an Authentication Server Host:

Parameter Description

175

Image 186

D-Link DGS-3700 user manual Authentication Server Group Settings Edit window

Contents

Copyright 2009. All rights reserved Page Table of Contents DDM L2 Features QoS Security ACL Save Services and Tools 258 Preface Intended Readers Typographical Conventions Login to Web Manager Introduction Web-based User Interface Areas of the User Interface Web Pages AreaArea Function Page Configuration Device Information System Information Parameter Description Baud Rate Serial Port SettingsFields that can be configured are described below Auto Logout IP Address Settings window IP Address Bootp Dhcp Interface Settings Setting the Swith’s IP Address using the Console Interface Address Parameter Description Interface NameIPv6 Network IPv6 State IPv6 Route Settings IPv6 Neighbor SettingsAutomatic Link Local Address Neighbor IPv6 Port ConfigurationPort Settings Address Link Layer MAC Port Description Static ARP Settings Port Error Disabled User Accounts Password Admin, Operator and User PrivilegesNew Password Management Admin Operator User Admin, Operator and User Privileges User Account Management System Log Configuration System Log SettingsSystem Log Server UDP Port Parameter Description Server IDServer IP Address 514 or Severity System Severity Settings Parameter Description System SeveritySeverity Level Dhcp Relay Global Settings Dhcp Relay Check Dhcp Relay AgentInformation Option Policy Implementation of Dhcp Information Option 82 on the Switch Circuit ID sub-option formatRemote ID sub-option format Parameter Description Relay IP Address Dhcp Relay Interface SettingsDhcp Relay Option 60 Default Settings Mode Dhcp Relay Option 60 Settings Dhcp Relay Option 61 Default Settings Parameter Description Client ID Out of Band Management SettingsDhcp Relay Option 61 Settings Relay Rule Parameter Description IP Address External Alarm SettingsDhcp Auto Configuration Settings Link Status Web Settings Telnet SettingsMAC Address Aging Time Firmware Information Password EncryptionClipaging Settings Parameter Description Version Dual Configuration SettingsUpdate Time Size Bytes Ping Test IPv6 Ping Test Local Loopback Ports SettingsTimeout Size Vlan Counter Settings Sntp Settings Time Settings TimeZone Settings Hhmm MAC Notification Settings MAC Notification Global Settings MAC Notification Port Settings ParameterDescription Snmp Settings TrapsMIBs Parameter Description View Name Snmp Global State SettingsSnmp View Table Subtree OID Snmp Group Table Snmp User Table Snmp Community Table Parameter Description Community Name Snmp Host Table Snmp v6Host Table String/SNMPv3 User Snmp Engine IDCommunity Name Parameter Description Range Name Time Range SettingsSnmp Trap Configuration Hours SFlow SFlow Global State SettingsSFlow Analyzer Server Settings ParameterDescription Analyzer Server ID SFlow Flow Sampler Settings SFlow Counter Poller Settings Following parameters can be configured Single IP Management Single IP Settings Upgrade to Topology Speed Parameter Description Device NameRemote Port Local Port 62 Topology view Icon Description Tool Tips 63 Device Information Utilizing the Tool Tip Right-Click Group Icon Commander Switch Icon Member Switch IconCandidate Switch Icon Menu Bar Firmware Upgrade Configuration File Backup/Restore DDM Settings Upload Log FileBrowse DDM Status List DDM Temperature Threshold Settings DDM Voltage Threshold Settings DDM Bias Current Threshold Settings DDM Tx Power Threshold Settings DDM Rx Power Threshold Settings Parameter Description From Port / To Port Jumbo Frame Jumbo Frame window VLANs Understanding Ieee 802.1p PriorityVlan Description Ieee 802.1Q VLANs Ieee 802.1Q Packet Forwarding 802.1Q Vlan Tags Ieee 802.1Q Tag Port Vlan ID Tagging and UntaggingIngress Filtering Vlan Segmentation Default VLANsPort-based VLANs VID Destination Source Double VLANsVlan and Trunk Groups Spvlan Tpid + Regulations for Double VLANs Double Vlan Example 802.1Q Vlan Current 802.1Q Static VLANs Entries window 802.1Q Vlan window Add/Edit Vlan Tab Tagged Port SettingsAdvertisement Untagged 10 802.1Q Vlan window Vlan Batch Settings window Subnet Vlan Subnet Vlan SettingsVlan Precedence Settings Vlan ID In-Q Settings In-QVlan Precedence Vlan Translation Settings In-Q and Vlan Translation Rules For ingress untagged packets at UNI portsFor ingress tagged packets at UNI ports 802.1v Protocol Group Settings 802.1v Protocol Vlan Check the Select All Ports box 802.1v Protocol Vlan Settings802.1p Priority Search Port List Rspan Settings Gvrp Settings Gvrp Global Settings GvrpPvid Leave All Time MAC-based Vlan SettingsPvid Auto Assign Settings NNI Bpdu Port Trunking Understanding Port Trunk Groups Active Port Parameter Description AlgorithmMaster Port Member Ports Lacp Port Settings Activity Traffic Segmentation Forward Portlist Bpdu Tunneling Settings 27 Bpdu Tunneling window Rate Limit Igmp Snooping SettingsIgmp Snooping Querier IP Robustness Value Time Query IntervalMax Response 255 Igmp Snooping Rate Limit Settings Igmp Snooping Static Group Settings Igmp Multicast Group Profile Settings Igmp Snooping Multicast Vlan SettingsFollowing fields can be set IPv4 Multicast Profile Settings IPv4 Limited Multicast Range Settings IPv4 Max Multicast Group Settings MLD Snooping Settings MLD SnoopingMLD Control Messages Max Response Time Query Expiry TimeQuery Interval 1-65535 sec 25 sec MLD Snooping Rate Limit Settings 43 MLD Snooping Router IP Settings Modify window MLD Snooping Static Group Settings MLD Multicast Group Profile SettingsIPv6 Address MLD Snooping Multicast Vlan Settings 1,6 Source Port1,6 IPv6 Multicast Profile Settings Tagged Member Port e.g.1-4,6 IPv6 Limited Multicast Range Settings IPv6 Max Multicast Group Settings Port Mirror 55 Port Mirror window Parameter Description LBD State Loopback Detection SettingsRecover Time Trap Status Port Transition States Spanning Tree802.1w Rapid Spanning Tree Edge Port P2P Port 802.1D and 802.1w Compatibility STP Bridge Global Settings Max Hops NNI Bpdu Address STP Port Settings External Cost 0=Auto MST Configuration Identification P2P Revision Level STP Instance SettingsParameter Description Configuration Name Msti ID Internal Path cost Mstp Port InformationInstance ID 200000000 Forwarding & Filtering Unicast ForwardingMulticast Forwarding Multicast Filtering Mode Multicast MAC Lldp Global Settings Parameter Description From Port /To Port Lldp Port SettingsAdmin Status Notification Lldp Basic TLVs Settings Lldp Management Address ListParameter Description Address Lldp Dot1 TLVs Settings Vlan Lldp Dot3 TLVs Settings Lldp Statistics SystemMAC/PHY Lldp Local Port Information 72 Lldp Statistics System window CFM Port Settings Lldp Remote Port Information CFM CCM PDUs Forwarding Mode CFM MPs Reply LTRsCFM Mipccm List Connectivity Fault Management SettingsMD Connectivity Fault Management SettingsConnectivity Fault Management CreateMD Parameter Description CFM State MEP CFM Loopback SettingsMIP LBM CFM Linktrace Settings Remote Loopback Ethernet OAM SettingsEthernet OAM Received Remote Ethernet OAM Configuration Settings QoS Advantages of QoS Mapping QoS on the Switch Understanding QoSPage HOL Blocking Pevention Bandwidth ControlNo Limit Traffic Control Traffic Control window Count Down Traffic Trap Setting Traffice TrapSettings Time Interval 802.1p Default Priority 802.1p Default Priority window 802.1p User Priority QoS Scheduling Mechanism QoS Scheduling SchedulingMechanism Band Manage Settings Class ID Sred Settings Band Manage Settings Click Apply to implement changes 141 Dscp Trust Settings Dscp Map SettingsSred Drop Counter Dscp Map Dscp List0-63 802.1p Map Settings Priority List0-7Color Safeguard Engine Security Safeguard Engine window IMP Binding Global Settings Trusted HostIP-MAC-Port Binding IMP Binding Port Settings Parameter ACL Mode Trap / Log Dhcp Snoop State Packet Allow Zero IPForward Dhcp Max Entry IMP Binding Entry Settings Ports Dhcp Snooping Entries Port Security Port SettingsPort Security MAC Block List Lock Address Port Security Vlan SettingsAdmin State Max. Learning Vlan ID e.g.1,4-6 Dhcp Server Screening SettingsPort Security Entries Max Learning Dhcp Screening Port Settings Dhcp Offer FilteringParameterDescription Server IP Address 802.1X 802.1X Port-Based and Host-Based Access ControlAuthentication Server Client’s MAC Address Authenticator 16 The Authentication Server Authentication Process Client Port-Based Network Access Control 20 Example of Typical Port-Based Configuration Host-Based Network Access Control 21 Example of Typical Host-Based Configuration 802.1X Global Settings 802.1X Port SettingsPDU ReAuthentication SuppTimeoutServerTimeout QuietPeriod Authentication Radius Server 802.1X User Reauthenticate Ports Initialize PortsConfirm Key Guest Vlan Configuration Limitations Using the Guest Vlan SSL Settings Guest Vlan Download Certificate Ciphersuite CBC SHA EDE CBC SHA SSH Settings SSH Authmode and Algorithm Settings HMAC-MD5 SSH User Authentication ListsHMAC-SHA1 HMAC-RSA Access Authentication Control Host NamePage Authentication Policy Settings Application Authentication Settings Authentication Server Group 37 Authentication Server Group Settings window Authentication Server 38 Authentication Server Group Settings Edit window Login Method Lists Enable Method Lists ParameterDescription Method List NamePriority 1, 2, 3 Local Enable Password Settings 41 Enable Method List window Radius Accounting Settings 42 Local Enable Password window MAC-based Access Control MAC-based Access Control Settings Guest Vlan Name Parameter Description Settings MBA Global StateMethod Guest Vlan ID MAC-based Access Control Local Settings Hold Time Web Authentication Web-based Access Control Settings Conditions and LimitationsParameterDescription State 1440 Authentication Web-based Access Control User SettingsLogout Timer Redirection NetBIOS Filtering NetBIOS Filtering SettingsConfirmation ACL Configuration Wizard Access IDParameterDescription Type Access Profile List OptionApply To Add Access Profile Ethernet Destination MAC Parameter Description Ethernet ACLSource MAC Mask Mask Select ACL Type Access Profile List Ethernet Ethernet Type Replace Priority Parameter Description Access IDVlan Mask Replace Dscp Rx Rate PrecedenceTime Range Counter Destination IP Mask DscpSource IP Mask Icmp Type 11 Access Profile List IPv4 12 Access Profile Details IPv4 Icmp Time Range Name IPv6 TCP Parameter Description IPv6 ClassIPv6 Flow Label IPv6 UDP 17 Access Profile List IPv6 Class Flow Label 20 Access Rule List IPv6 22 Add Packet Content ACL Profile Parameter Description Chunk 23 Access Profile List Packet Content 25 Access Profile Packet Content 26 Access Rule List Packet Content CPU Interface Filtering CPU Access Profile List 28 CPU Access Profile List window Source MAC Mask Destination MACMask 802.1Q Vlan Parameter Description Select Profile ID IPv4 Dscp 209 33 Add CPU ACL Profile window for IPv6 Parameter Description Select Profile Select ACLOffset 37 CPU Access Rule List window for Ethernet 39 CPU Access Rule Detail Information window for Ethernet 40 CPU Access Rule List window for IP 42 CPU Access Rule Detail Information window for IP 45 CPU Access Rule Detail Information window for IPv6 ACL Finder ACL Flow Meter 50 ACL Flow Meter window Mode Cable Diagnostic Device Status Record Number CPU UtilizationParameter Description Time Interval Show/Hide Port Utilization Packet Size Packet Size window Memory Utilization PacketsReceived RX Received RX window for Bytes and Packets UMBcast RX Transmitted TX 12 Transmitted TX window for Bytes and Packets Bytes Errors 14 Received RX window for errors UnderSize CRCErrorSymbol OverSize 16 Transmitted TX window for errors ExDefer Port Access Control Radius Authentication Radius Account Client Retransmissions ServerAddressRequests Responses Auth PAE State Authenticator StateParameter Description MAC Address Backend State Authenticator Statistics 22 Authenticator Statistics window for MAC-based Authenticator Session Statistics Authenticator Diagnostics Connect LogOff Auth TimeoutConnect Enter Auth Enter Browse ARP Table Browse Vlan 27 Browse ARP Table window Show Vlan Ports Browse Igmp Router PortIgmp Snooping Group Igmp Snooping Forwarding Table Browse Igmp Snooping Counter Browse MLD Router Port MLD Snooping Group MLD Snooping Forwarding Table 35 MLD Snooping Group window Browse Session Table Browse MLD Snooping CounterCFM Packet Counter List Browse CFM Fault MEP CFM Packet Counter CCM ListBrowse CFM Port MP List MAC Address Table Browse Vlan Counter StatisticsFunctions used in the MAC address table are described below Browse Ethernet OAM Event Log Browse Ethernet OAM Statistics 46 Browse Ethernet OAM Statistics window Browse Historical Counter Packet/ErrorHistorical Counter & Utilization Minutes/1 Day System Log Browse Historical Utilization Parameter Description Log Type Date-TimeLog Text Save Configuration ID Save Configuration ID 1 window Save Log Save All Configuration File Backup & Restore ResetUpload Log File Reboot System Download Firmware ARP ARP FCS Ethernet frame format Forwarding Table Destination address Source address Ether-type Port2 00-20-5C-01-22-22 How ARP spoofing attacks a network Ethernet Gratuitous ARP Prevent ARP spoofing via packet content ACL Example topology Ethernet Offset Chunk 266 System Log Entries Category Event Description Log Information Severity SSL AAA Page Page Page IP-MAC DOS DDM DGS-3700 Series Trap List Proprietary Trap ListTrap Name/OID Variable Bind Format MIB Name Severity Equipment Glossary Page Password Recovery Procedure Command Parameters Command Parameters