Manuals / Brands / Computer Equipment / Switch / D-Link / Computer Equipment / Switch

D-Link DGS-3700 Conditions and Limitations , Web-based Access Control Settings

1 292

Download 292 pages, 6.47 Mb

DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual

184

Conditions and Limitations

1. The subnet of the authentication VLAN’s IP interface must be the same as that of the client. If not configured

properly, the authentication will be permanently denied by the authenticator .

2. If the client is utilizing DHCP to attain an IP address, the authentication VLAN must provide a DHCP server or

a DHCP relay function so that client may obtain an IP address.

3. The authentication VLAN of this function must be configured to access a DN S server to improve CPU

performance, and allow the processing of DNS, UDP and HTTP pack ets.

4. Certain functions exist on the Switch that will filter HTTP packets, s uch as the Access Profile function. The

user needs to be very careful when setting filter functions for the target V LAN, so that these HTTP packets are

not denied by the Switch.

5. The Redirection Path must be set before the Web-based Acces s Control can be enabled. If not, the user will

be prompted with an error message and the Web-based Access Control will not be enabled.

6. If a RADIUS server is to be used for authentication, the user must firs t establish a RADIUS Server with the

appropriate parameters, including the target VLAN, before enabling the W eb-based Access Control on the

Switch.

Web-based Access Control Settings

This window is used to configure the Switch for Web-based Access Control Settings on the Switch.

To view this window, click Security > Web Authenication > Web-based Access Control Settings as shown below:

Figure 5 - 46 Web-based Access Control Settings

To set the Web-based Access Control for the Switch, complete the followin g fields:

Parameter Description

State Toggle the State field to either Enable or Disable for the W eb-based Access Control settings

of the Switch.

Method Use the pull-down menu to choose the authenticator for Web-based Access Control. The user

may choose:

local – Choose this parameter to use the local authentication m ethod of the Switch as the

authenticating method for users trying to access the network via the switch. This is, in f ac t, th e

username and password to access the Switch configured using the User Account Creation

screen seen below.

radius – Choose this parameter to use a remote RADIUS server as th e authen ticat ing m ethod

Contents

Main Copyright 2009. All rights reserved User Manual Product Model: DGS-3700 Series Layer 2 Managed Gigabit Ethernet Switch Release 1.00 Page Table of Contents Page Page Page Page Page Page Page Preface Intended Readers Typographical Conventions Notes, Notices, and Cautions Section 1 Web-based Switch Configuration Introduction Login to Web Manager Web-based User Interface Areas of the User Interface Web Pages Page Section 2 Configuration Device Information System Information Serial Port Settings IP Address Page Setting the Swiths IP Address using the Console Interface Interface Settings Page IPv6 Route Settings IPv6 Neighbor Settings Port Configuration Port Settings Port Description Port Error Disabled Static ARP Settings User Accounts Admin, Operator and User Privileges Page System Log Configuration System Log Settings System Log Server Page System Severity Settings DHCP Relay DHCP Relay Global Settings Page The Implementation of DHCP Information Option 82 on the Switch DHCP Relay Interface Settings DHCP Relay Option 60 Default Settings DHCP Relay Option 60 Settings DHCP Relay Option 61 Default Settings DHCP Relay Option 61 Settings Out of Band Management Settings External Alarm Settings DHCP Auto Configuration Settings MAC Addre s s Aging Time Web Settings Telnet Settings Password Encryption Clipaging Settings Firmware Information Dual Configuration Settings Ping Test Local Loopback Ports Settings VLAN Counter Settings SNTP Settings Time Settings TimeZone Settings MAC Notification Settings MAC Notification Global Settings MAC Notification Port Settings SNMP Settings Traps MIBs SNMP Global State Settings SNMP View Table SNMP Group Table SNMP User Table SNMP Community Table SNMP Host Table SNMP v6Host Table SNMP Engine ID SNMP Trap Configuration Time Range Settings sFlow sFlow Global State Settings sFlow Analyzer Server Settings sFlow Flow Sampler Settings sFlow Counter Poller Settings Single IP Management The Upgrade to v1.6 Single IP Settings Topology Page Page Tool Tips Right-Click Group Icon Commander Switch Icon Member Switch Icon Candidate Switch Icon Menu Bar File Group Device View Firmware Upgrade Configuration File Backup/Restore Upload Log File DDM Browse DDM Status List DDM Settings DDM Temperature Threshold Settings DDM Voltage Threshold Settings DDM Bias Current Threshold Settings DDM Tx Power Threshold Settings DDM Rx Power Threshold Settings Page Section 3 L2 Features Jumbo Frame VLANs Understanding IEEE 802.1p Priority VLAN Description Notes About VLANs IEEE 802.1Q VLANs 802.1Q VLAN Tags Port VLAN ID Tagging and Untagging Ingress Filtering Default VLANs Port-based VLANs VLAN Segmentation VLAN and Trunk Groups Double VLANs Regulations for Double VLANs 802.1Q VLAN Page Page Page Subnet VLAN Subnet VLAN Settings VLAN Precedence Settings Q-in-Q Q-in-Q Settings VLAN Translation Settings Q-in-Q and VLAN Translation Rules 802.1v Protocol VLAN 802.1v Protocol Group Settings 802.1v Protocol VLAN Settings RSPAN Settings GVRP Settings GVRP Global Settings MAC-based VLAN Settings PVID Auto Assign Settings Port Trunking Understanding Port Trunk Groups Page LACP Port Settings Traffic Segmentation BPDU Tunneling Settings IGMP Snooping IGMP Snooping Settings Page IGMP Snooping Rate Limit Settings IGMP Snooping Static Group Settings IGMP Multicast Group Profile Settings IGMP Snooping Multicast VLAN Settings IPv4 Multicast Profile Settings IPv4 Limited Multicast Range Settings IPv4 Max Multicast Group Settings MLD Snooping MLD Control Messages MLD Snooping Settings Page MLD Snooping Rate Limit Settings MLD Snooping Static Group Settings MLD Multicast Group Profile Settings MLD Snooping Multicast VLAN Settings IPv6 Multicast Profile Settings IPv6 Limited Multicast Range Settings IPv6 Max Multicast Group Settings Port Mirror Loopback Detection Settings Spanning Tree 802.1w Rapid Spanning Tree Port Transition States Edge Port P2P Port 802.1D and 802.1w Compatibility STP Bridge Global Settings Page STP Port Settings MST Configuration Identification STP Instance Settings MSTP Port Information Forwarding & Filtering Unicast Forwarding Multicast Forwarding Multicast Filtering Mode LLDP LLDP Global Settings LLDP Port Settings LLDP Management Address List LLDP Basic TLVs Settings LLDP Dot1 TLVs Settings LLDP Dot3 TLVs Settings LLDP Statistics System LLDP Local Port Information LLDP Remote Port Information CFM CFM Port Settings CFM CCM PDUs Forwarding Mode CFM MPs Reply LTRs CFM MIPCCM List Connectivity Fault Management Settings CFM Loopback Settings CFM Linktrace Settings Ethernet OAM Ethernet OAM Settings Ethernet OAM Configuration Settings Section 4 QoS Advantages of QoS Understanding QoS Page HOL Blocking Pevention Bandwidth Control Traffic Control Page 802.1p Default Priority 802.1p User Priority QoS Scheduling Mechanism QoS Scheduling In Band Manage Settings SRED SRED Settings Page Page Page 802.1p Map Settings Section 5 Security Safeguard Engine Page Trusted Host IP-MAC-Port Binding IMP Binding Global Settings IMP Binding Port Settings Page IMP Binding Entry Settings DHCP Snooping Entries MAC Block List Port Security Port Security Port Settings Port Security VLAN Settings Port Security Entries DHCP Server Screening Settings DHCP Screening Port Settings DHCP Offer Filtering 802.1X 802.1X Port-Based and Host-Based Access Control Authentication Server Authenticator Client Authentication Process Understanding 802.1X Port-based and Host-based Network Access Control Port-Based Network Access Control Host-Based Network Access Control 802.1X Global Settings 802.1X Port Settings Page 802.1X User Authentication RADIUS Server Initialize Port(s) Reauthenticate Port(s) Guest VLAN Configuration Limitations Using the Guest VLAN Guest VLAN SSL Settings Download Certificate Ciphersuite Page SSH SSH Settings SSH Authmode and Algorithm Settings SSH User Authentication Lists Access Authentication Control Page Authentication Policy Settings Application Authentication Settings Authentication Server Group Authentication Server Login Method Lists Enable Method Lists Local Enable Password Settings RADIUS Accounting Settings MAC-based Access Control Notes About MAC-based Access Control MAC-based Access Control Settings Page MAC-based Access Control Local Settings Web Authentication Conditions and Limitations Web-based Access Control Settings Web-based Access Control User Settings NetBIOS Filtering NetBIOS Filtering Settings Section 6 ACL ACL Configuration Wizard Access Profile List Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page CPU Interface Filtering CPU Access Profile List Page Page Page Page Page Page Page Page Page Page ACL Finder ACL Flow Meter Page Page Section 7 Monitoring Device Status Cable Diagnostic CPU Utilization Port Utilization Packet Size Page Memory Utilization Packets Received (RX) Page UMB_cast (RX) Transmitted (TX) Page Page Errors Received (RX) Transmitted (TX) Page Port Access Control RADIUS Authentication RADIUS Account Client Page Authenticator State Authenticator Statistics Authenticator Session Statistics Authenticator Diagnostics Page Browse ARP Table VLAN Browse VLAN Show VLAN Ports IGMP Snooping Browse IGMP Router Port IGMP Snooping Group IGMP Snooping Forwarding Table Browse IGMP Snooping Counter MLD Snooping Browse MLD Router Port MLD Snooping Group MLD Snooping Forwarding Table Browse MLD Snooping Counter Browse Session Table CFM CFM Packet Counter List CFM Packet Counter CCM List Browse CFM Fault MEP Browse CFM Port MP List MAC Address Table Browse VLAN Counter Statistics Ethernet OAM Browse Ethernet OAM Event Log Browse Ethernet OAM Statistics Page Historical Counter & Utilization Browse Historical Counter Browse Historical Utilization System Log Page Section 8 Save Services and Tools Save Configuration ID 1 Save Configuration ID 2 Save Log Save All Configuration File Backup & Restore Upload Log File Reset Download Firmware Reboot System Appendix A Mitigating ARP Spoofing Attacks Using Packet Content ACL Page Page Page Page Example topology Configuration Page Page Appendix B System Log Entries Page Page Page Page Page Page Page Page DGS-3700 Series Trap List Proprietary Trap List Page Appendix C Glossary Page Appendix D Password Recovery Procedure