Client, Authentication Process | D-Link DSL-G604T manual

DGS-3024 Gigabit Ethernet Switch Manual

Client

The Client is simply the workstation that wishes to gain access to the LAN or Switch services. All workstation must be running software that is compliant with the 802.1x protocol. For users running Windows XP, the software is included within the operating system. All other users are required to attain 802.1x client software from an outside source. The Client will request access to the LAN and or Switch through EAPOL packets and, in turn will respond to requests from the Switch.

Figure 7- 52. Client

Authentication Process

Utilizing the three components stated above, the 802.1x protocol provides a stable and secure way of authorizing and authenticating users attempting to access the network. Only EAPOL traffic is allowed to pass through the specified port before a successful authentication is made. This port is “locked” until the point when a Client with the correct username and password is granted access and therefore successfully “unlocks” the port. Once unlocked, normal traffic is allowed to pass through the port. The implementation of 802.1x allows network administrators to choose Port-Based Access Control. This method requires only one user to be authenticated per port by a remote RADIUS server to allow the remaining users on the same port access to the network.

Port-Based Network Access Control

The original intent behind the development of 802.1x was to leverage the characteristics of point-to-point in LANs. Any single LAN segment in such an infrastructures has no more than two devices attached to it, one of which is a Bridge Port. The Bridge Port detects events that indicate the attachment of an active device at the remote end of the link, or an active device becoming inactive. These events can be used to control the authorization state of the Port and initiate the process of authenticating the attached device if the Port is unauthorized. This is the Port-Based Network Access Control.

76

Image 90

D-Link DSL-G604T manual Client, Authentication Process, Port-Based Network Access Control

Contents

Managed 24-Port Gigabit Ethernet Switch Manual FCC Warning CE Mark WarningVcci Warning Table of Contents Spanning Tree Sntp Settings Secure Shell SSH 117 141 Preface Intended Readers DGS-3024 Gigabit Ethernet Switch Manual Safety Instructions Safety Cautions General Precautions for Rack-Mountable Products Safety Instructions Battery Handling Reminder Ports FeaturesPerformance Features Management DGS-3024 Gigabit Ethernet Switch Manual Unpacking and Setup InstallationPacking List Desktop or Shelf Installation Rack Installation Power on Power FailureExternal Redundant Power System DPS-300 in DPS-900 case with DGS-3024 Front Panel Rear PanelSide Panels LED Indicators Side panel views of the Switch Switch to End Node Switch connected to an End Node Switch to Hub or Switch DGS-3024 Gigabit Ethernet Switch Manual Management Options Command Line Console Interface Through the Serial PortConnecting the Console Port RS-232 DCE Web-based Management Interface Initial screen after first connection First Time Connecting to The Switch Password Protection Snmp Settings Traps MIBsIP Address Assignment Show Switch command Connecting Devices to the Switch Assigning the Switch an IP Address Login to Web Manager Introduction Web-based User Interface Areas of the User Interface Area Parameter Description Get IP From Default GatewayIP Address IP Address Switch Information Advanced Settings Igmp Snooping Multicast Router Only Telnet TCP Port SwitchTelnet Status Number Port Configuration Parameter Description Flow Control Learning Port Mirroring Link Aggregation Example of Port Trunk Group Parameter Description Group ID StateType Master Port Igmp SnoopingIgmp Snooping Port Map Vlan Name Host TimeoutRoute Timeout Query Interval Leave Timer Static Router Ports EntryQuerier State Spanning Tree 802.1s Mstp802.1w Rapid Spanning Tree P2P Port Port Transition StatesEdge Port 802.1d/802.1w/802.1s Compatibility STP Bridge Global Settings 13. STP Bridge Global Settings window STP compatible STP Version Forward Delay 4Parameter Description STP Status Hello Time 1-10 Sec TX Hold Count MST Configuration TableParameterDescription Configuration Name Forwarding Bpdu Revision Level VID List 19. Instance ID Settings window Modify Msti Settings Parameter Description Instance IDInternal cost Priority Instance Status STP Instance SettingsParameter Description Instance Type Instance Priority Regional Root Bridge Parameter Description Designated RootBridge External Root Cost Internal Root Cost Last Topology Change Forward DelayMax Age Topology Changes STP Port Settings 25. STP Port Settings window Auto Parameter Description From/ToExternal Cost 0 = Hello Time Multicast Forwarding ForwardingUnicast Forwarding Allowed to go port Understanding Ieee 802.1p Priority Port SettingsVLANs Multicast MAC Vlan Description Ieee 802.1Q VLANs DGS-3024 Gigabit Ethernet Switch Manual 802.1Q Vlan Tags 29. Ieee 802.1Q Packet Forwarding Port Vlan ID 30. Ieee 802.1Q Tag Tagging and Untagging Ingress Filtering Vlan and Trunk Groups Default VLANsSwitch Ports Static Vlan Entry 32. first 802.1Q Static VLANs window 8021Q Port Settings 35. Gvrp Settings window Ingress Check Sntp Settings Time SettingFrame Type 36. Current Time Status window Month ParameterDescription Time Zone and DST SettingsTime Zone and DST Day Time Offset Daylight SavingTime State Daylight Saving Minutes Time Zone Offset QoS Advantages of QoSUnderstanding QoS DGS-3024 Gigabit Ethernet Switch Manual 39. Storm Control Type Setting window Traffic Control 802.1p Default Priority 40. Port Default Priority assignment window 802.1p User Priority QoS Scheduling Mechanism Parameter Description StrictRoundRobin QoS Output Scheduling MAC Notification Global SettingsMAC Notification ParameterDescription Max. Packets Interval sec MAC Notification Port SettingsParameter Description State ~2147483647 History size 1~500 45. MAC Notification Port Settings window Parameter Description From and To Server IP System Log ServerParameter Description Index Severity Choose Enabled or Disabled to activate or deactivate Status Port Access Entity 802.1x Port-Based Access ControlAuthentication Server Authenticator 50. Authentication Server Authentication Process Port-Based Network Access ControlClient Configure Authenticator 53. Example of Typical Port-Based Configuration 54. First 802.1x Authenticator Settings window AdmDir PortControl 802.1x Capability Settings Local users 57 .1x Capability Settings window Initialize Ports Auth State Reauthenticate PortsParameter Description Port OpenDir Radius Server Status Static ARP Settings 61. Static ARP Settings window Trusted Host Secure Socket Layer SSL Configuration Download Certificate RSA with 3DES EDE Parameter Description StatusRSA with RC4 DHS DSS with 3DES SSH Configuration Secure Shell SSH Time Out Parameter Description SSH Server StatusMax Session Auth. Fail SSH Algorithm ParameterDescription Encryption AlgorithmBlow-fish CBC Cast128-CBC Authentication AlgorithmPassword Twofish128 SSH User Authentication Auth. ModeParameter Description User Name Access Authentication Control Host NameHost IP Response Timeout Authentication Policy & ParametersParameters Description Authentication Policy 255 Login Method List Application Authentication SettingsAuthentication Server Group Enable Method List 10. Authentication Server Group Settings window Authentication Server Host ParameterDescription Protocol Login Method ListsTimeout Retransmit 15. Login Method List Settings window Enable Method Lists 18. Enable Method List Settings window 19. Enable Method List Edit window 20. Enable Method List Add window Configure Local Enable Password Enable Admin 22. Enable Admin window Access Right User Accounts Password Access Right Admin and User PrivilegesNew Password Confirm New Snmp Manager Management Admin UserAdmin and User Privileges User Account Management Snmp V3 Encryption Snmp User TableGroup Name Auth-Protocol Snmp View Table Snmp View Table window Subtree OID Snmp Group TableParameter Description View Name View Type Write View Name Parameter Description Group NameRead View Name Notify View Name Snmp Community Table Security Model Snmp Host Table Parameter Description Community Name Snmp Version Snmp Engine IDParameter Description Host IP Address Community String 14. Snmp Engine ID Configuration window Port Utilization Utilization window Packets Received RX Bytes Packets UMB Cast RX Unicast MulticastBroadcast Transmitted TX Tx Packets Analysis window line graph for Bytes and Packets Errors Tx Packets Analysis window table for Bytes and Packets Rx Error Analysis window line graph OverSize CrcErrorUnderSize Fragment 10. Tx Error Analysis window line graph ExColl ExDeferLateColl SingColl Size 12. Packet Size Analysis window line graph 256-511 65-127128-255 512-1023 MAC Address 14. MAC Address Table window Vlan ID of the Vlan the port is a member Next Switch History LogLearned View All Entry 15. Switch History window Queries Igmp Snooping GroupMulticast Group Reports Igmp Snooping Forwarding Vlan Status Router Port Session Table Port Access Control Radius Authentication Tftp Services Download Configuration FileDownload Firmware Save Settings Ping TestSave History Log Save Changes Ping Test window Reboot Services RebootReset Reset Config Reset SystemLogout 12. Logout Web Setups window Technical Specifications Data Transfer Rates StandardsProtocols Ethernet Fast Ethernet Cable Lengths Standard Media Type Maximum DistanceMini Gbic Glossary Line speed See baud rate DGS-3024 Gigabit Ethernet Switch Manual Limited Warranty What Is Not Covered FCC Warning TrademarksPage Page Product Registration Link Europe Limited Product Warranty General Terms Warrantor Link Europe Limited Produktgarantie Allgemeine Bedingungen Garantiegeber Link Europe a limité la garantie des produits Conditions Générales Garant Garantía limitada del producto D-LINK Europa Condiciones generales Garante Link Europe Termini di Garanzia dei Prodotti Generalità Prestazioni della Garanzia limitata Technical Support Emailsupport@dlink.com.sg Tech Support for customers within India Tech Support for customers within the Russia Technical Support Technical Support Technical Support Техническая поддержка D-Link Техническая поддержка через Интернет Asistencia Técnica Suporte Técnico 友冠技術支援 Technical Support Technische Unterstützung Assistance technique Assistance technique D-Link par téléphone Asistencia Técnica de D-Link por teléfono 902 Asistencia Técnica de D-Link a través de Internet Supporto tecnico Tech Support for customers within the Netherlands Telefoniczna pomoc techniczna firmy D-Link Pomoc techniczna firmy D-Link świadczona przez Internet Technická podpora Technikai Támogatás Teknisk Support Link teknisk support på Internettet Teknistä tukea asiakkaille Suomessa 0800-114 Teknisk Support för kunder i Sverige 0770-33 00 技术支持 Tech Support for customers within the United States International Offices Registration Card All Countries and Regions Excluding USA