Authenticator, Authentication Server | D-Link DSL-G604T guide

DGS-3024 Gigabit Ethernet Switch Manual

network by exchanging secure information between the RADIUS server and the Client through EAPOL packets and, in turn, informs the Switch whether or not the Client is granted access to the LAN and/or Switch services.

Figure 7- 50. Authentication Server

Authenticator

The Authenticator (the Switch) is an intermediary between the Authentication Server and the Client. The Authenticator serves two purposes when utilizing 802.1x. The first purpose is to request certification information from the Client through EAPOL packets, which is the only information allowed to pass through the Authenticator before access is granted to the Client. The second purpose of the Authenticator is to verify the information gathered from the Client with the Authentication Server, and to then relay that information back to the Client.

Three steps must be implemented on the Switch to properly configure the Authenticator.

1.The 802.1x State must be enabled to Port Base on the Switch Information (Advanced Settings) window under Switch 802.1x (Configuration > Advanced Settings).

2.The 802.1x settings must be implemented by port. (Configuration > Port Access Entity > 802.1x Capability Settings).

3.A RADIUS server must be configured on the Switch on the Authentic RADIUS Server Setting window (Configuration > Port Access Entity > RADIUS Server).

Figure 7- 51. Authenticator

75

Image 89

D-Link DSL-G604T manual Authenticator, Authentication Server

Contents

Manual Managed 24-Port Gigabit Ethernet Switch Vcci Warning FCC WarningCE Mark Warning Table of Contents Spanning Tree Sntp Settings Secure Shell SSH 117 141 Intended Readers Preface DGS-3024 Gigabit Ethernet Switch Manual Safety Cautions Safety Instructions General Precautions for Rack-Mountable Products Safety Instructions Battery Handling Reminder Performance Features FeaturesPorts Management DGS-3024 Gigabit Ethernet Switch Manual Packing List Unpacking and SetupInstallation Rack Installation Desktop or Shelf Installation External Redundant Power System Power onPower Failure DPS-300 in DPS-900 case with DGS-3024 Side Panels Front PanelRear Panel Side panel views of the Switch LED Indicators Switch connected to an End Node Switch to End Node Switch to Hub or Switch DGS-3024 Gigabit Ethernet Switch Manual Connecting the Console Port RS-232 DCE Command Line Console Interface Through the Serial PortManagement Options Web-based Management Interface Initial screen after first connection Password Protection First Time Connecting to The Switch Snmp Settings IP Address Assignment TrapsMIBs Show Switch command Assigning the Switch an IP Address Connecting Devices to the Switch Introduction Login to Web Manager Areas of the User Interface Web-based User Interface Area IP Address Default GatewayParameter Description Get IP From IP Address Switch Information Igmp Snooping Multicast Router Only Advanced Settings Telnet Status SwitchTelnet TCP Port Number Parameter Description Port Configuration Learning Flow Control Link Aggregation Port Mirroring Example of Port Trunk Group Type Parameter Description Group IDState Igmp Snooping Igmp SnoopingMaster Port Port Map Route Timeout Host TimeoutVlan Name Query Interval Querier State Leave TimerStatic Router Ports Entry 802.1w Rapid Spanning Tree Spanning Tree802.1s Mstp Edge Port Port Transition StatesP2P Port 802.1d/802.1w/802.1s Compatibility 13. STP Bridge Global Settings window STP compatible STP Bridge Global Settings Parameter Description STP Status Forward Delay 4STP Version Hello Time 1-10 Sec ParameterDescription Configuration Name MST Configuration TableTX Hold Count Forwarding Bpdu VID List Revision Level 19. Instance ID Settings window Modify Internal cost Msti SettingsParameter Description Instance ID Priority Parameter Description Instance Type STP Instance SettingsInstance Status Instance Priority Bridge External Root Cost Parameter Description Designated RootRegional Root Bridge Internal Root Cost Max Age Forward DelayLast Topology Change Topology Changes 25. STP Port Settings window STP Port Settings External Cost 0 = Parameter Description From/ToAuto Hello Time Unicast Forwarding ForwardingMulticast Forwarding Allowed to go port VLANs Port SettingsUnderstanding Ieee 802.1p Priority Multicast MAC Ieee 802.1Q VLANs Vlan Description DGS-3024 Gigabit Ethernet Switch Manual 29. Ieee 802.1Q Packet Forwarding 802.1Q Vlan Tags 30. Ieee 802.1Q Tag Port Vlan ID Ingress Filtering Tagging and Untagging Switch Ports Default VLANsVlan and Trunk Groups Static Vlan Entry 32. first 802.1Q Static VLANs window 8021Q Port Settings Ingress Check 35. Gvrp Settings window Frame Type Sntp SettingsTime Setting 36. Current Time Status window Time Zone and DST ParameterDescription Time Zone and DST SettingsMonth Day Time State Daylight Saving Daylight SavingTime Offset Minutes Time Zone Offset Understanding QoS QoSAdvantages of QoS DGS-3024 Gigabit Ethernet Switch Manual Traffic Control 39. Storm Control Type Setting window 802.1p Default Priority 802.1p User Priority 40. Port Default Priority assignment window RoundRobin QoS Scheduling MechanismParameter Description Strict MAC Notification MAC Notification Global SettingsQoS Output Scheduling ParameterDescription Max. Packets Parameter Description State MAC Notification Port SettingsInterval sec ~2147483647 History size 1~500 Parameter Description From and To 45. MAC Notification Port Settings window Parameter Description Index System Log ServerServer IP Severity Status Choose Enabled or Disabled to activate or deactivate Authentication Server Port Access Entity802.1x Port-Based Access Control 50. Authentication Server Authenticator Client Authentication ProcessPort-Based Network Access Control 53. Example of Typical Port-Based Configuration Configure Authenticator 54. First 802.1x Authenticator Settings window PortControl AdmDir Local users 802.1x Capability Settings 57 .1x Capability Settings window Initialize Ports Parameter Description Port Reauthenticate PortsAuth State OpenDir Status Radius Server 61. Static ARP Settings window Static ARP Settings Secure Socket Layer SSL Trusted Host Download Certificate Configuration RSA with RC4 Parameter Description StatusRSA with 3DES EDE DHS DSS with 3DES Secure Shell SSH SSH Configuration Max Session Parameter Description SSH Server StatusTime Out Auth. Fail Blow-fish CBC SSH AlgorithmParameterDescription Encryption Algorithm Password Authentication AlgorithmCast128-CBC Twofish128 Parameter Description User Name SSH User AuthenticationAuth. Mode Host IP Access Authentication ControlHost Name Parameters Description Authentication Policy Authentication Policy & ParametersResponse Timeout 255 Authentication Server Group Application Authentication SettingsLogin Method List Enable Method List 10. Authentication Server Group Settings window ParameterDescription Authentication Server Host Timeout Login Method ListsProtocol Retransmit 15. Login Method List Settings window 18. Enable Method List Settings window Enable Method Lists 20. Enable Method List Add window 19. Enable Method List Edit window Enable Admin Configure Local Enable Password 22. Enable Admin window User Accounts Access Right New Password Admin and User PrivilegesPassword Access Right Confirm New Admin and User Privileges Management Admin UserSnmp Manager User Account Management Group Name Snmp User TableSnmp V3 Encryption Auth-Protocol Snmp View Table window Snmp View Table Parameter Description View Name Snmp Group TableSubtree OID View Type Read View Name Parameter Description Group NameWrite View Name Notify View Name Security Model Snmp Community Table Parameter Description Community Name Snmp Host Table Parameter Description Host IP Address Snmp Engine IDSnmp Version Community String 14. Snmp Engine ID Configuration window Utilization window Port Utilization Received RX Packets Packets Bytes UMB Cast RX Broadcast UnicastMulticast Tx Packets Analysis window line graph for Bytes and Packets Transmitted TX Tx Packets Analysis window table for Bytes and Packets Errors Rx Error Analysis window line graph UnderSize CrcErrorOverSize Fragment 10. Tx Error Analysis window line graph LateColl ExDeferExColl SingColl 12. Packet Size Analysis window line graph Size 128-255 65-127256-511 512-1023 MAC Address Vlan ID of the Vlan the port is a member 14. MAC Address Table window Learned Switch History LogNext View All Entry 15. Switch History window Multicast Group Igmp Snooping GroupQueries Reports Vlan Status Igmp Snooping Forwarding Session Table Router Port Radius Authentication Port Access Control Download Firmware Tftp ServicesDownload Configuration File Save History Log Save SettingsPing Test Ping Test window Save Changes Reset Reboot ServicesReboot Logout Reset ConfigReset System 12. Logout Web Setups window Technical Specifications Protocols StandardsData Transfer Rates Ethernet Fast Ethernet Mini Gbic Cable LengthsStandard Media Type Maximum Distance Glossary Line speed See baud rate DGS-3024 Gigabit Ethernet Switch Manual Limited Warranty What Is Not Covered Trademarks FCC WarningPage Page Product Registration General Terms Link Europe Limited Product Warranty Warrantor Allgemeine Bedingungen Link Europe Limited Produktgarantie Garantiegeber Conditions Générales Link Europe a limité la garantie des produits Garant Condiciones generales Garantía limitada del producto D-LINK Europa Garante Generalità Link Europe Termini di Garanzia dei Prodotti Prestazioni della Garanzia limitata Technical Support Emailsupport@dlink.com.sg Tech Support for customers within India Tech Support for customers within the Russia Technical Support Technical Support Technical Support Техническая поддержка через Интернет Техническая поддержка D-Link Asistencia Técnica Suporte Técnico 友冠技術支援 Technical Support Technische Unterstützung Assistance technique D-Link par téléphone Assistance technique Asistencia Técnica de D-Link a través de Internet Asistencia Técnica de D-Link por teléfono 902 Supporto tecnico Tech Support for customers within the Netherlands Pomoc techniczna firmy D-Link świadczona przez Internet Telefoniczna pomoc techniczna firmy D-Link Technická podpora Technikai Támogatás Teknisk Support Link teknisk support på Internettet 0800-114 Teknistä tukea asiakkaille Suomessa 0770-33 00 Teknisk Support för kunder i Sverige 技术支持 Tech Support for customers within the United States International Offices Registration Card All Countries and Regions Excluding USA