D-Link DGS-3700 Authentication Server

DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual

175

Figure 5 - 38 Authentication Server Group Settings Edit window

To add an Authentication Server Host to the list, enter its IP addr ess in the IP Address field, choos e the protocol

associated with the IP address of the Authentication Server Host and click Ad d to add this Authentication Server Host

to the group.

NOTE: The user must configure Authentication Server Hosts using the A uthentication

Server Hosts window before adding hosts to the list. Authentication Server H osts m ust be

configured for their specific protocol on a remote centralized server before this function

can work properly.

NOTE: The four built in server groups can only have server hosts running the sam e

TACACS daemon. TACACS/XTACACS/TACACS+ protocols are separ ate entities and

are not compatible with each other.

Authentication Server

This window will set user-defined Authentication Server Hosts for the TACACS/XTACACS/ TACACS+/RADIUS

security protocols on the Switch. When a user attempts to access the Switch with Authenticat ion Policy enabled, the

Switch will send authentication packets to a remote TACACS/XTACACS/TACACS+/ RADIUS ser ver host on a rem ote

host. The TACACS/XTACACS/TACACS+/RADIUS server host will then verif y or deny the request and return the

appropriate message to the Switch. More than one authentication pro tocol can be run on the sam e physical server

host but, remember that TACACS/XTACACS/TACACS+/RADIUS are separ ate entities and are not compatible wit h

each other. The maximum supported number of server hosts is 16.

To view this window, click Security > Access Authentication Control > Authentication Server as shown below:

Figure 5 - 39 Authentication Server Settings window

Configure the following parameters to add an Authentication Server Host:

Parameter Description

Contents

Main Copyright 2009. All rights reserved User Manual Product Model: DGS-3700 Series Layer 2 Managed Gigabit Ethernet Switch Release 1.00 Page Table of Contents Page Page Page Page Page Page Page Preface Intended Readers Typographical Conventions Notes, Notices, and Cautions Section 1 Web-based Switch Configuration Introduction Login to Web Manager Web-based User Interface Areas of the User Interface Web Pages Page Section 2 Configuration Device Information System Information Serial Port Settings IP Address Page Setting the Swiths IP Address using the Console Interface Interface Settings Page IPv6 Route Settings IPv6 Neighbor Settings Port Configuration Port Settings Port Description Port Error Disabled Static ARP Settings User Accounts Admin, Operator and User Privileges Page System Log Configuration System Log Settings System Log Server Page System Severity Settings DHCP Relay DHCP Relay Global Settings Page The Implementation of DHCP Information Option 82 on the Switch DHCP Relay Interface Settings DHCP Relay Option 60 Default Settings DHCP Relay Option 60 Settings DHCP Relay Option 61 Default Settings DHCP Relay Option 61 Settings Out of Band Management Settings External Alarm Settings DHCP Auto Configuration Settings MAC Addre s s Aging Time Web Settings Telnet Settings Password Encryption Clipaging Settings Firmware Information Dual Configuration Settings Ping Test Local Loopback Ports Settings VLAN Counter Settings SNTP Settings Time Settings TimeZone Settings MAC Notification Settings MAC Notification Global Settings MAC Notification Port Settings SNMP Settings Traps MIBs SNMP Global State Settings SNMP View Table SNMP Group Table SNMP User Table SNMP Community Table SNMP Host Table SNMP v6Host Table SNMP Engine ID SNMP Trap Configuration Time Range Settings sFlow sFlow Global State Settings sFlow Analyzer Server Settings sFlow Flow Sampler Settings sFlow Counter Poller Settings Single IP Management The Upgrade to v1.6 Single IP Settings Topology Page Page Tool Tips Right-Click Group Icon Commander Switch Icon Member Switch Icon Candidate Switch Icon Menu Bar File Group Device View Firmware Upgrade Configuration File Backup/Restore Upload Log File DDM Browse DDM Status List DDM Settings DDM Temperature Threshold Settings DDM Voltage Threshold Settings DDM Bias Current Threshold Settings DDM Tx Power Threshold Settings DDM Rx Power Threshold Settings Page Section 3 L2 Features Jumbo Frame VLANs Understanding IEEE 802.1p Priority VLAN Description Notes About VLANs IEEE 802.1Q VLANs 802.1Q VLAN Tags Port VLAN ID Tagging and Untagging Ingress Filtering Default VLANs Port-based VLANs VLAN Segmentation VLAN and Trunk Groups Double VLANs Regulations for Double VLANs 802.1Q VLAN Page Page Page Subnet VLAN Subnet VLAN Settings VLAN Precedence Settings Q-in-Q Q-in-Q Settings VLAN Translation Settings Q-in-Q and VLAN Translation Rules 802.1v Protocol VLAN 802.1v Protocol Group Settings 802.1v Protocol VLAN Settings RSPAN Settings GVRP Settings GVRP Global Settings MAC-based VLAN Settings PVID Auto Assign Settings Port Trunking Understanding Port Trunk Groups Page LACP Port Settings Traffic Segmentation BPDU Tunneling Settings IGMP Snooping IGMP Snooping Settings Page IGMP Snooping Rate Limit Settings IGMP Snooping Static Group Settings IGMP Multicast Group Profile Settings IGMP Snooping Multicast VLAN Settings IPv4 Multicast Profile Settings IPv4 Limited Multicast Range Settings IPv4 Max Multicast Group Settings MLD Snooping MLD Control Messages MLD Snooping Settings Page MLD Snooping Rate Limit Settings MLD Snooping Static Group Settings MLD Multicast Group Profile Settings MLD Snooping Multicast VLAN Settings IPv6 Multicast Profile Settings IPv6 Limited Multicast Range Settings IPv6 Max Multicast Group Settings Port Mirror Loopback Detection Settings Spanning Tree 802.1w Rapid Spanning Tree Port Transition States Edge Port P2P Port 802.1D and 802.1w Compatibility STP Bridge Global Settings Page STP Port Settings MST Configuration Identification STP Instance Settings MSTP Port Information Forwarding & Filtering Unicast Forwarding Multicast Forwarding Multicast Filtering Mode LLDP LLDP Global Settings LLDP Port Settings LLDP Management Address List LLDP Basic TLVs Settings LLDP Dot1 TLVs Settings LLDP Dot3 TLVs Settings LLDP Statistics System LLDP Local Port Information LLDP Remote Port Information CFM CFM Port Settings CFM CCM PDUs Forwarding Mode CFM MPs Reply LTRs CFM MIPCCM List Connectivity Fault Management Settings CFM Loopback Settings CFM Linktrace Settings Ethernet OAM Ethernet OAM Settings Ethernet OAM Configuration Settings Section 4 QoS Advantages of QoS Understanding QoS Page HOL Blocking Pevention Bandwidth Control Traffic Control Page 802.1p Default Priority 802.1p User Priority QoS Scheduling Mechanism QoS Scheduling In Band Manage Settings SRED SRED Settings Page Page Page 802.1p Map Settings Section 5 Security Safeguard Engine Page Trusted Host IP-MAC-Port Binding IMP Binding Global Settings IMP Binding Port Settings Page IMP Binding Entry Settings DHCP Snooping Entries MAC Block List Port Security Port Security Port Settings Port Security VLAN Settings Port Security Entries DHCP Server Screening Settings DHCP Screening Port Settings DHCP Offer Filtering 802.1X 802.1X Port-Based and Host-Based Access Control Authentication Server Authenticator Client Authentication Process Understanding 802.1X Port-based and Host-based Network Access Control Port-Based Network Access Control Host-Based Network Access Control 802.1X Global Settings 802.1X Port Settings Page 802.1X User Authentication RADIUS Server Initialize Port(s) Reauthenticate Port(s) Guest VLAN Configuration Limitations Using the Guest VLAN Guest VLAN SSL Settings Download Certificate Ciphersuite Page SSH SSH Settings SSH Authmode and Algorithm Settings SSH User Authentication Lists Access Authentication Control Page Authentication Policy Settings Application Authentication Settings Authentication Server Group Authentication Server Login Method Lists Enable Method Lists Local Enable Password Settings RADIUS Accounting Settings MAC-based Access Control Notes About MAC-based Access Control MAC-based Access Control Settings Page MAC-based Access Control Local Settings Web Authentication Conditions and Limitations Web-based Access Control Settings Web-based Access Control User Settings NetBIOS Filtering NetBIOS Filtering Settings Section 6 ACL ACL Configuration Wizard Access Profile List Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page CPU Interface Filtering CPU Access Profile List Page Page Page Page Page Page Page Page Page Page ACL Finder ACL Flow Meter Page Page Section 7 Monitoring Device Status Cable Diagnostic CPU Utilization Port Utilization Packet Size Page Memory Utilization Packets Received (RX) Page UMB_cast (RX) Transmitted (TX) Page Page Errors Received (RX) Transmitted (TX) Page Port Access Control RADIUS Authentication RADIUS Account Client Page Authenticator State Authenticator Statistics Authenticator Session Statistics Authenticator Diagnostics Page Browse ARP Table VLAN Browse VLAN Show VLAN Ports IGMP Snooping Browse IGMP Router Port IGMP Snooping Group IGMP Snooping Forwarding Table Browse IGMP Snooping Counter MLD Snooping Browse MLD Router Port MLD Snooping Group MLD Snooping Forwarding Table Browse MLD Snooping Counter Browse Session Table CFM CFM Packet Counter List CFM Packet Counter CCM List Browse CFM Fault MEP Browse CFM Port MP List MAC Address Table Browse VLAN Counter Statistics Ethernet OAM Browse Ethernet OAM Event Log Browse Ethernet OAM Statistics Page Historical Counter & Utilization Browse Historical Counter Browse Historical Utilization System Log Page Section 8 Save Services and Tools Save Configuration ID 1 Save Configuration ID 2 Save Log Save All Configuration File Backup & Restore Upload Log File Reset Download Firmware Reboot System Appendix A Mitigating ARP Spoofing Attacks Using Packet Content ACL Page Page Page Page Example topology Configuration Page Page Appendix B System Log Entries Page Page Page Page Page Page Page Page DGS-3700 Series Trap List Proprietary Trap List Page Appendix C Glossary Page Appendix D Password Recovery Procedure