Web Authentication | D-Link DGS-3700 guide

DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual

Web Authentication

Web authentication, also known as Web-based Access Control, is another port based access control method implemented similarily to the 802.1X port based access control method previously stated. This function will allow user authentication through a RADIUS server or through the local authentication set on the Switch when a user is trying to access the network via the switch, if the port connected to the user is enabled for this feature.

The user attempting to gain web access will be prompted for a username and password before being allowed to accept HTTP packets from the Switch. When a client attempts to access a website, that port is placed in the authentication VLAN set by the user. All clients in this authentication VLAN will be queried for authentication by the local method or through a RADIUS server. Once accepted, the user will be placed in a target VLAN on the Switch where it will have rights and privileges to openly access the Internet. If denied access, no packets will pass through to the user and thus, that user will be returned to the authentication VLAN from where it came and the authentication procedure will have to be reattempted by the user.

Once a client has been authenticated on a particular port, that port will be placed in the pre-configured VLAN and any other clients on that port will be automatically authenticated to access the specified Redirection Path URL, as well as the authenticated client.

Here is an example of the basic six step process all parties of the authentication go through for a successful Web- based Access Control process.

183

Image 194

D-Link DGS-3700 user manual Web Authentication

Contents

Copyright 2009. All rights reserved Page Table of Contents DDM L2 Features QoS Security ACL Save Services and Tools 258 Preface Intended Readers Typographical Conventions Login to Web Manager Introduction Web-based User Interface Areas of the User Interface Area Function Web PagesArea Page Configuration Device Information System Information Parameter Description Baud Rate Serial Port SettingsFields that can be configured are described below Auto Logout IP Address Settings window IP Address Bootp Dhcp Interface Settings Setting the Swith’s IP Address using the Console Interface Address Parameter Description Interface NameIPv6 Network IPv6 State Automatic Link Local Address IPv6 Route SettingsIPv6 Neighbor Settings Neighbor IPv6 Port ConfigurationPort Settings Address Link Layer MAC Port Description Static ARP Settings Port Error Disabled User Accounts Password Admin, Operator and User PrivilegesNew Password Management Admin Operator User Admin, Operator and User Privileges User Account Management System Log Server System Log ConfigurationSystem Log Settings UDP Port Parameter Description Server IDServer IP Address 514 or Severity Severity Level System Severity SettingsParameter Description System Severity Dhcp Relay Global Settings Dhcp Relay Check Dhcp Relay AgentInformation Option Policy Remote ID sub-option format Implementation of Dhcp Information Option 82 on the SwitchCircuit ID sub-option format Parameter Description Relay IP Address Dhcp Relay Interface SettingsDhcp Relay Option 60 Default Settings Mode Dhcp Relay Option 60 Settings Dhcp Relay Option 61 Default Settings Parameter Description Client ID Out of Band Management SettingsDhcp Relay Option 61 Settings Relay Rule Parameter Description IP Address External Alarm SettingsDhcp Auto Configuration Settings Link Status MAC Address Aging Time Web SettingsTelnet Settings Firmware Information Password EncryptionClipaging Settings Parameter Description Version Dual Configuration SettingsUpdate Time Size Bytes Ping Test IPv6 Ping Test Local Loopback Ports SettingsTimeout Size Vlan Counter Settings Sntp Settings Time Settings TimeZone Settings Hhmm MAC Notification Settings MAC Notification Global Settings MAC Notification Port Settings ParameterDescription MIBs Snmp SettingsTraps Parameter Description View Name Snmp Global State SettingsSnmp View Table Subtree OID Snmp Group Table Snmp User Table Snmp Community Table Parameter Description Community Name Snmp Host Table Snmp v6Host Table String/SNMPv3 User Snmp Engine IDCommunity Name Parameter Description Range Name Time Range SettingsSnmp Trap Configuration Hours SFlow SFlow Global State SettingsSFlow Analyzer Server Settings ParameterDescription Analyzer Server ID SFlow Flow Sampler Settings SFlow Counter Poller Settings Following parameters can be configured Single IP Management Single IP Settings Upgrade to Topology Speed Parameter Description Device NameRemote Port Local Port 62 Topology view Icon Description Tool Tips 63 Device Information Utilizing the Tool Tip Right-Click Group Icon Candidate Switch Icon Commander Switch IconMember Switch Icon Menu Bar Firmware Upgrade Configuration File Backup/Restore Browse DDM Status List DDM SettingsUpload Log File DDM Temperature Threshold Settings DDM Voltage Threshold Settings DDM Bias Current Threshold Settings DDM Tx Power Threshold Settings DDM Rx Power Threshold Settings Parameter Description From Port / To Port Jumbo Frame Jumbo Frame window Vlan Description VLANsUnderstanding Ieee 802.1p Priority Ieee 802.1Q VLANs Ieee 802.1Q Packet Forwarding 802.1Q Vlan Tags Ieee 802.1Q Tag Ingress Filtering Port Vlan IDTagging and Untagging Vlan Segmentation Default VLANsPort-based VLANs VID Destination Source Double VLANsVlan and Trunk Groups Spvlan Tpid + Regulations for Double VLANs Double Vlan Example 802.1Q Vlan Current 802.1Q Static VLANs Entries window 802.1Q Vlan window Add/Edit Vlan Tab Tagged Port SettingsAdvertisement Untagged 10 802.1Q Vlan window Vlan Batch Settings window Subnet Vlan Subnet Vlan SettingsVlan Precedence Settings Vlan ID Vlan Precedence In-Q SettingsIn-Q Vlan Translation Settings For ingress tagged packets at UNI ports In-Q and Vlan Translation RulesFor ingress untagged packets at UNI ports 802.1v Protocol Group Settings 802.1v Protocol Vlan Check the Select All Ports box 802.1v Protocol Vlan Settings802.1p Priority Search Port List Rspan Settings Gvrp Settings Pvid Gvrp Global SettingsGvrp Leave All Time MAC-based Vlan SettingsPvid Auto Assign Settings NNI Bpdu Port Trunking Understanding Port Trunk Groups Active Port Parameter Description AlgorithmMaster Port Member Ports Lacp Port Settings Activity Traffic Segmentation Forward Portlist Bpdu Tunneling Settings 27 Bpdu Tunneling window Rate Limit Igmp Snooping SettingsIgmp Snooping Querier IP Robustness Value Time Query IntervalMax Response 255 Igmp Snooping Rate Limit Settings Igmp Snooping Static Group Settings Following fields can be set Igmp Multicast Group Profile SettingsIgmp Snooping Multicast Vlan Settings IPv4 Multicast Profile Settings IPv4 Limited Multicast Range Settings IPv4 Max Multicast Group Settings MLD Control Messages MLD Snooping SettingsMLD Snooping Max Response Time Query Expiry TimeQuery Interval 1-65535 sec 25 sec MLD Snooping Rate Limit Settings 43 MLD Snooping Router IP Settings Modify window IPv6 Address MLD Snooping Static Group SettingsMLD Multicast Group Profile Settings 1,6 MLD Snooping Multicast Vlan Settings1,6 Source Port IPv6 Multicast Profile Settings Tagged Member Port e.g.1-4,6 IPv6 Limited Multicast Range Settings IPv6 Max Multicast Group Settings Port Mirror 55 Port Mirror window Parameter Description LBD State Loopback Detection SettingsRecover Time Trap Status Port Transition States Spanning Tree802.1w Rapid Spanning Tree Edge Port P2P Port 802.1D and 802.1w Compatibility STP Bridge Global Settings Max Hops NNI Bpdu Address STP Port Settings External Cost 0=Auto MST Configuration Identification P2P Revision Level STP Instance SettingsParameter Description Configuration Name Msti ID Internal Path cost Mstp Port InformationInstance ID 200000000 Multicast Forwarding Forwarding & FilteringUnicast Forwarding Multicast Filtering Mode Multicast MAC Lldp Global Settings Parameter Description From Port /To Port Lldp Port SettingsAdmin Status Notification Parameter Description Address Lldp Basic TLVs SettingsLldp Management Address List Lldp Dot1 TLVs Settings Vlan MAC/PHY Lldp Dot3 TLVs SettingsLldp Statistics System Lldp Local Port Information 72 Lldp Statistics System window CFM Port Settings Lldp Remote Port Information CFM Mipccm List CFM CCM PDUs Forwarding ModeCFM MPs Reply LTRs Connectivity Fault Management SettingsMD Connectivity Fault Management SettingsConnectivity Fault Management CreateMD Parameter Description CFM State MEP CFM Loopback SettingsMIP LBM CFM Linktrace Settings Remote Loopback Ethernet OAM SettingsEthernet OAM Received Remote Ethernet OAM Configuration Settings QoS Advantages of QoS Mapping QoS on the Switch Understanding QoSPage No Limit HOL Blocking PeventionBandwidth Control Traffic Control Traffic Control window Count Down Traffic Trap Setting Traffice TrapSettings Time Interval 802.1p Default Priority 802.1p Default Priority window 802.1p User Priority QoS Scheduling Mechanism Mechanism QoS SchedulingScheduling Band Manage Settings Class ID Sred Settings Band Manage Settings Click Apply to implement changes 141 Sred Drop Counter Dscp Trust SettingsDscp Map Settings Dscp Map Dscp List0-63 Color 802.1p Map SettingsPriority List0-7 Safeguard Engine Security Safeguard Engine window IP-MAC-Port Binding IMP Binding Global SettingsTrusted Host IMP Binding Port Settings Parameter ACL Mode Trap / Log Dhcp Snoop State Packet Allow Zero IPForward Dhcp Max Entry IMP Binding Entry Settings Ports Dhcp Snooping Entries Port Security Port SettingsPort Security MAC Block List Lock Address Port Security Vlan SettingsAdmin State Max. Learning Vlan ID e.g.1,4-6 Dhcp Server Screening SettingsPort Security Entries Max Learning ParameterDescription Server IP Address Dhcp Screening Port SettingsDhcp Offer Filtering 802.1X 802.1X Port-Based and Host-Based Access ControlAuthentication Server Client’s MAC Address Authenticator 16 The Authentication Server Authentication Process Client Port-Based Network Access Control 20 Example of Typical Port-Based Configuration Host-Based Network Access Control 21 Example of Typical Host-Based Configuration PDU 802.1X Global Settings802.1X Port Settings ReAuthentication SuppTimeoutServerTimeout QuietPeriod Authentication Radius Server 802.1X User Confirm Key Reauthenticate PortsInitialize Ports Guest Vlan Configuration Limitations Using the Guest Vlan SSL Settings Guest Vlan Download Certificate Ciphersuite CBC SHA EDE CBC SHA SSH Settings SSH Authmode and Algorithm Settings HMAC-MD5 SSH User Authentication ListsHMAC-SHA1 HMAC-RSA Access Authentication Control Host NamePage Authentication Policy Settings Application Authentication Settings Authentication Server Group 37 Authentication Server Group Settings window Authentication Server 38 Authentication Server Group Settings Edit window Login Method Lists Priority 1, 2, 3 Enable Method ListsParameterDescription Method List Name Local Enable Password Settings 41 Enable Method List window Radius Accounting Settings 42 Local Enable Password window MAC-based Access Control MAC-based Access Control Settings Guest Vlan Name Parameter Description Settings MBA Global StateMethod Guest Vlan ID MAC-based Access Control Local Settings Hold Time Web Authentication ParameterDescription State Web-based Access Control SettingsConditions and Limitations 1440 Authentication Web-based Access Control User SettingsLogout Timer Redirection Confirmation NetBIOS FilteringNetBIOS Filtering Settings ParameterDescription Type ACL Configuration WizardAccess ID Apply To Access Profile ListOption Add Access Profile Ethernet Destination MAC Parameter Description Ethernet ACLSource MAC Mask Mask Select ACL Type Access Profile List Ethernet Ethernet Type Replace Priority Parameter Description Access IDVlan Mask Replace Dscp Rx Rate PrecedenceTime Range Counter Destination IP Mask DscpSource IP Mask Icmp Type 11 Access Profile List IPv4 12 Access Profile Details IPv4 Icmp Time Range Name IPv6 TCP Parameter Description IPv6 ClassIPv6 Flow Label IPv6 UDP 17 Access Profile List IPv6 Class Flow Label 20 Access Rule List IPv6 22 Add Packet Content ACL Profile Parameter Description Chunk 23 Access Profile List Packet Content 25 Access Profile Packet Content 26 Access Rule List Packet Content CPU Interface Filtering CPU Access Profile List 28 CPU Access Profile List window Mask 802.1Q Vlan Source MACMask Destination MAC Parameter Description Select Profile ID IPv4 Dscp 209 33 Add CPU ACL Profile window for IPv6 Offset Parameter Description Select ProfileSelect ACL 37 CPU Access Rule List window for Ethernet 39 CPU Access Rule Detail Information window for Ethernet 40 CPU Access Rule List window for IP 42 CPU Access Rule Detail Information window for IP 45 CPU Access Rule Detail Information window for IPv6 ACL Finder ACL Flow Meter 50 ACL Flow Meter window Mode Cable Diagnostic Device Status Record Number CPU UtilizationParameter Description Time Interval Show/Hide Port Utilization Packet Size Packet Size window Received RX Memory UtilizationPackets Received RX window for Bytes and Packets UMBcast RX Transmitted TX 12 Transmitted TX window for Bytes and Packets Bytes Errors 14 Received RX window for errors UnderSize CRCErrorSymbol OverSize 16 Transmitted TX window for errors ExDefer Port Access Control Radius Authentication Radius Account Client Retransmissions ServerAddressRequests Responses Auth PAE State Authenticator StateParameter Description MAC Address Backend State Authenticator Statistics 22 Authenticator Statistics window for MAC-based Authenticator Session Statistics Authenticator Diagnostics Connect LogOff Auth TimeoutConnect Enter Auth Enter Browse ARP Table Browse Vlan 27 Browse ARP Table window Igmp Snooping Group Show Vlan PortsBrowse Igmp Router Port Igmp Snooping Forwarding Table Browse Igmp Snooping Counter Browse MLD Router Port MLD Snooping Group MLD Snooping Forwarding Table 35 MLD Snooping Group window CFM Packet Counter List Browse Session TableBrowse MLD Snooping Counter Browse CFM Port MP List Browse CFM Fault MEPCFM Packet Counter CCM List Functions used in the MAC address table are described below MAC Address TableBrowse Vlan Counter Statistics Browse Ethernet OAM Event Log Browse Ethernet OAM Statistics 46 Browse Ethernet OAM Statistics window Browse Historical Counter Packet/ErrorHistorical Counter & Utilization Minutes/1 Day System Log Browse Historical Utilization Log Text Parameter Description Log TypeDate-Time Save Configuration ID Save Configuration ID 1 window Save Log Save All Upload Log File Configuration File Backup & RestoreReset Reboot System Download Firmware ARP ARP FCS Ethernet frame format Forwarding Table Destination address Source address Ether-type Port2 00-20-5C-01-22-22 How ARP spoofing attacks a network Ethernet Gratuitous ARP Prevent ARP spoofing via packet content ACL Example topology Ethernet Offset Chunk 266 System Log Entries Category Event Description Log Information Severity SSL AAA Page Page Page IP-MAC DOS DDM Trap Name/OID Variable Bind Format MIB Name Severity DGS-3700 Series Trap ListProprietary Trap List Equipment Glossary Page Password Recovery Procedure Command Parameters Command Parameters