Manuals / D-Link / Computer Equipment / Switch

D-Link DWS/DXS-3200 manual Defining DOS Protection Security

Models: DWS/DXS-3200

1 372

Download 372 pages 43.39 Kb

Page 114

Configuring Device Security

Defining DOS Protection Security

Defining DOS Protection Security

Denial of Service (DOS) protection provides Security Suite for DWS/DXS-3200 systems allows administrators to match, discard, and redirect packets based on packet header values. Packets which are redirected are analyzed for viruses and Trojans. To enable DOS attack on the system:

1.Click Advanced Setup >Security Suite > DOS Attacks > Global Settings. The DOS Attacks Global Set- tings Page opens.

Figure 63: DOS Attacks Global Settings Page

The DOS Attacks Global Settings Page contains the following fields:

•Security Suite Status — Indicates if DOS security is enabled on the device. The possible field values are:

–Enable — Enables DOS security.

–Disable — Disables DOS security on the device. This is the default value.

•Denial of Service Protection — Indicates if service is enabled. If the service protection is disabled, the Stacheldraht Distribution, Invasor Trojan, and Back Office Trojan fields are disabled.

•Stacheldraht Distribution — Discard TCP packets with source TCP port equal to 16660

•Invasor Trojan — Discard TCP packets with destination TCP port equal to 2140 and source TCP port equal to 1024.

•Back Orifice Trojan — Discard UDP packets with destination UDP port equal to 31337 and source UDP port equal to 1024.

Page 113

Image 114

D-Link DWS/DXS-3200 manual Defining DOS Protection Security

Contents

Web/Installation Guide Table of Contents Managing Device Information Configuring Ports 115 Configuring IP Information 171 Configuring Quality of Service 237 Configuring System Time 281 Preface DXS/DWS-3227/3227P, DXS/DWS-3250 User Guide OverviewDXS/DWS-3227/3227P, DXS/DWS-3250 User Guide Overview Intended Audience DXS/DWS 3200 Series User GuideDXS-3250/DWS Front Panel Device DescriptionViewing the Device Viewing the DeviceDXS/DWS-3227 Front Panel DXS/DWS-3227P Front PanelBack Panels DXS/DWS-3227P Front Panel10G XFP Fiber port Ports Description1000Base-T Gigabit Ethernet Ports Optional ModulesSFP Ports 10G XFP Fiber portPorts Description RS-232 Console Port Stacking PortsStacking Kit Optional Port LEDs Cable SpecificationsLED Definitions 1000Base-T Gigabit Ethernet RJ-45 Port LEDsLED Definitions 1000Base-T Gigabit Ethernet RJ-45 Port LED IndicationsPort Description LED Indication SFP LEDs System LEDsSFP LED Indications Description System’s LED Indications LED Description IndicationCable, Port, and Pinout Information Pin Connections for the 10/100/1000 Ethernet InterfaceRJ-45 Pin Connections for 10/100/1000 Base-TX Use Cable, Port, and Pinout Information CX-4 Port Pin ConnectionsPin Use DXS/DWS Physical DimensionsDXS/DWS 3250 / DXS/DWS 3227P DB-9 Port Pin Connections UsePhysical Dimensions DXS/DWS 3200 Series User Guide Preparing for Installation Preparing for InstallationInstallation Precautions Mounting DeviceUnpacking Package ContentsSite Requirements Unpacking EssentialsRack Installation Installing the DeviceDesktop or Shelf Installation Installing the DeviceAttaching the Mounting Brackets Mounting Device in a Rack Connecting the Device Connecting the Switch to a TerminalAC Power Connection General Configuration Information Initial ConfigurationGeneral Configuration Information Auto-NegotiationBooting the Switch Device Port Default SettingsDevice Port Default Settings Function Booting the Switch Configuration Overview Initial Configuration Configuration OverviewStatic IP Address and Subnet Mask User Name Snmp Community StringsFollowing screen displays the default device configuration Advanced Configuration Retrieving an IP Address From a Dhcp ServerReceiving an IP Address From a Bootp Server Advanced ConfigurationSecurity Management and Password Configuration Configuring Security Passwords IntroductionConfiguring an Initial Console Password Configuring an Initial Http Password Configuring an Initial Telnet PasswordConfiguring an Initial SSH password Configuring an initial Https PasswordSoftware Download and Reboot Software Download through XModemSoftware Download Through Tftp Server Boot Image Download Software Download and RebootConfiguring Stacking Configuring Stacking Startup Menu Functions Download SoftwareErase Flash File Erase Flash SectorsStartup Menu Functions Password Recovery Wlan Licence KeyPress Enter Press EscapeThis page is left blank intentionally Getting Started Starting the D-Link Embedded Web Interface Click . The D-Link Embedded Web Interface Home Page opensLink Embedded Web Interface Home Starting the D-Link Embedded Web InterfaceUnderstanding the D-Link Embedded Web Interface Interface ComponentsView Description Device Representation Understanding the D-Link Embedded Web InterfaceUsing the D-Link Embedded Web Interface Management Buttons Modifying Configuration Information Using Screen and Table OptionsAdding Configuration Information Using Screen and Table OptionsDeleting Configuration Information IP Interface SettingsResetting the Device Resetting the DeviceClick System General Reset. The Reset page opens Logging Off from the Device Click . The D-Link Embedded Web Interface Home Page closesManaging Device Information Defining the System DescriptionDefining the System Description DXS/DWS 3200 Series User Guide Click System General Mode. The Mode Page opens Defining Advanced System SettingsDefining Advanced System Settings Check the Enable Jumbo Frames fieldThis page is left blank intentionally Managing Power over Ethernet Devices Modify the Unit No., Power Status, and Powered Device fields Defining PoE System InformationDefining PoE System Information Define the Unit No. and the System Usage Threshold fieldDisplaying and Editing PoE System Information PoE InterfaceDisplaying and Editing PoE System Information Click . The PoE Interface Edit Page opensDXS/DWS 3200 Series User Guide Managing Stacking Understanding the Stack Topology Stacking Failover TopologyStacking Members and Unit ID Removing and Replacing Stacking Members Stacking Failover TopologySwitching the Stacking Master Exchanging Stacking MembersStack Page contains the following fields Click System General tab. The Stack Page opensThis page is left blank intentionally Configuring Device Security Configuring Management Security Configuring Authentication MethodsDefining Access Profiles Configuring Management SecurityAdd Access Profile Click . The Add Access Profile Page opensConfiguring Device Security Defining Profile Rules Profile RulesAdd Profile Rule Click . The Add Profile Rule Page opensClick . The Profile Rules Setting Page opens Defining Authentication Profiles Authentication ProfileAdd Authentication Profile Click . The Add Authentication Profile Page opensMapping Authentication Methods Authentication MappingDefine the Console, Telnet, and Secure Telnet SSH fields Defining Radius Settings RadiusAdd Radius Server Click . The Add Radius Server Page opensRadius Server Settings Click . The Radius Server Settings Page opensDefining TACACS+ Authentication TACACS+Add TACACS+ Host TACACS+ Host Settings Configuring Passwords Defining Local UsersClick . The Add Local User Page opens Local User Settings Click . The Local User Settings Page opensDefining Line Passwords Line PasswordDefining Enable Passwords Enable PasswordAdvanced Port-Based Authentication Configuring Network SecurityPort-Based Authentication Configuring Network SecurityDXS/DWS 3200 Series User Guide Defining Network Authentication Properties Network Authentication PropertiesDXS/DWS 3200 Series User Guide Defining Port Authentication Port AuthenticationSupplicant Timeout Server Timeout Click . The Port Authentication Settings Page opensConfiguring Multiple Hosts Multiple HostMultiple Host Settings Defining Authentication Hosts Authenticated HostConfiguring Traffic Control Managing Port Security Port SecurityPort Security Settings Click . The Port Security Settings Page opensEnabling Storm Control Storm ControlStorm Control Settings Click . The Storm Control Settings Page opensDefining DOS Protection Security Defining DOS Protection SecurityAdd Martian Addresses Click . The Add Martian Addresses Page opensConfiguring Ports Interface ConfigurationPort Configuration Settings Click . The Port or LAG Interface Settings Page opensConfiguring Ports Viewing Port Properties Interface PropertiesPort Properties Viewing Port PropertiesThis page is left blank intentionally Aggregating Ports Configuring Lacp Click . The Lacp Parameters Settings Page opensConfiguring Lacp Edit the Port Priority and Lacp Timeout fieldsDefining LAG Members LAG MembershipConfiguring VLANs Defining Vlan Properties Vlan PropertiesAdd Vlan Defining Vlan PropertiesDefining Vlan Membership Vlan MembershipDefining Vlan Membership Defining Vlan Interface Settings Vlan Interface SettingsDefining Vlan Interface Settings Click . The Vlan Interface Settings Page opensConfiguring Garp Defining GarpConfiguring Garp Click . The Garp Parameters Settings Page opensDefining Gvrp Gvrp ParametersGvrp Parameters Settings Click . The Gvrp Parameters Settings Page opensConfiguring Multicast VLANs Defining Vlan Groups Defining Protocol Based VLANsDefining Vlan Groups Add Protocol Group Click . The Vlan Protocol Port Setting Page opens Defining Vlan Protocol PortsVlan Protocol Port Setting Click . The Protocol Group Settings Page opensDefining Wlan Defining Wlan System Properties Enabling WlanDefining Wlan Security Defining Wlan System PropertiesClick Wlan System ESS/Security. The ESS Security Page opens Create ESS Configuration Click . The Create ESS Configuration Page opensESS Settings DXS/DWS 3200 Series User Guide Viewing Wlan Rogues Click Wlan System Rogues. The Wlan Rogues Page opensDXS/DWS 3200 Series User Guide Viewing Wlan Stations Monitor Wlan StationsDefining Wlan Access Points Defining Wlan Access Point Properties Defining Wlan Access PointsAdding a New Access point WTP Edit ScreenConfiguring Wlan VLANs Wlan Access Point VLANsConfiguring Wlan Template Settings Click . The Create Wlan Template Page opensCreate Wlan Template Configuring Wlan Radio Settings Defining Wlan Radio SettingsConfiguring Wlan Radio Settings Click . The Modify Radio Setting Page opensDefining BSS Settings Click Wlan Radio BSS Settings. The BSS Settings Page opensClick . The Create AP BSS Configuration Page opens Create AP BSS Configuration Click . The Edit BSS Settings Page opensEdit BSS Settings Defining Wlan Power Settings Wlan Radio Power SettingsDefining Wlan Viewing Access Point Statistics Viewing Wlan StatisticsViewing Wlan Statistics Viewing Radio Interfaces Statistics Wlan Radio Interface StatisticsDefining Wlan Viewing BSS Statistics Click Wlan Monitor BSS. The BSS Information Page opensWlan Stations Statistics DXS/DWS 3200 Series User Guide Configuring IP Information Configuring IP InterfacesConfiguring IP Interfaces Defining IP Addresses Click . The Add IP Interface Page opensClick . The IP Interface Settings Page opens Add IP InterfaceDefining Default Gateways Default GatewayConfiguring Dhcp Click . The Add Dhcp IP Interface Page opensAdd Dhcp IP Interface Configuring ARP ARPARP Settings Configuring Domain Name Servers Configuring Domain Name ServersDefining DNS Servers Remove Click . The Add DNS Server Page opensDefining DNS Host Mapping DNS Host MappingAdd DNS Host Defining the Forwarding Database and Static Routes Defining Static Forwarding Database Entries Forwarding Database Static AddressesAdd Forwarding Database Defining Static Forwarding Database EntriesDefining Dynamic Forwarding Database Entries Dynamic AddressesDefining Dynamic Forwarding Database Entries Configuring Routing IP Static RouteConfiguring Routing DXS/DWS 3200 Series User Guide Configuring Spanning Tree Defining Classic Spanning Tree STP PropertiesSelect Enable in the Spanning Tree State field Defining Classic Spanning TreeDefining STP on Interfaces STP InterfaceClick . The STP Interface Settings Page opens Defining STP on InterfacesDXS/DWS 3200 Series User Guide Defining Rapid Spanning Tree Defining Rapid Spanning TreeClick . The Rstp Settings Page opens Defining Multiple Spanning TreeDefining Multiple Spanning Tree Define the Region Name, Revision, and Max Hops fieldsDefining Mstp Instance Settings Click . The Mstp Instance Configuration Table opensMstp Instance Configuration Table Defining Mstp Interface Settings Mstp Interface Settings Page contains the following fieldsClick . The Mstp Interface Table opens This page is left intentionally Configuring Multicast Forwarding Defining Igmp Snooping Igmp SnoopingMulticast Global Parameters Settings Defining Igmp SnoopingDefining Multicast Bridging Groups Multicast GroupDefining Multicast Bridging Groups Click . The Add Multicast Group Page opensDefining Multicast Forward All Settings Multicast Forward AllForbidden Configuring Multicast TV Defining Igmp Snooping for Multicast TVConfiguring Multicast TV Click . The Add Igmp Snooping Mapping Page opensViewing Multicast TV Members Multicast TV MembershipSnmp v1 and v2c Configuring SnmpConfiguring Snmp Security SnmpDefine the Local Engine ID and Use Default fields Defining Snmp SecurityConfiguring Snmp Security Defining Snmp ViewsAdd Snmp View Defining Snmp Group Profiles Snmp Group ProfileClick . The Snmp Group Profile Settings Page opens Click . The Add Snmp Group Profile Page opensSnmp Group Profile Settings Defining Snmp Group Members Snmp Group MembershipClick . The Snmp Group Membership Settings Page opens Click . The Add Snmp Group Membership Page opensSnmp Group Membership Settings Defining Snmp Communities Snmp Communities Basic TableSnmp Communities Advanced Tables Click . The Add Snmp Community Page opensConfiguring Snmp Notifications Configuring Snmp NotificationsClick . The Snmp Community Settings Page opens Defining Snmp Notification Global Parameters Snmp Notification PropertiesDefining Snmp Notification Filters Click . The Add Snmp Notification Filter Page opensAdd Snmp Notification Filter Defining Snmp Notification Recipients Snmp Notification ReceiverSNMPv1,2c Notification Recipient SNMPv3 Notification Recipient Click . The Add Snmp Notification Receiver Page opensClick . The Snmp Notification Receiver Settings Page opens Add Snmp Notification ReceiverSnmp Notification Receiver Settings This page is left blank intentionally Configuring Quality of Service CoS Services Quality of Service OverviewDefining General QoS Settings Configuring QoS General SettingsDefining General QoS Settings CoSSelect Enable in the Quality of Service field Restoring Factory Default QoS Interface Settings Configure Bandwidth SettingsBandwidth Settings Edit Click . The Bandwidth Settings Edit Page opensDefining Queues Select Strict Priority or WRR FieldsConfiguring QoS Mapping Mapping CoS Values to QueuesConfiguring QoS Mapping Mapping Dscp Values to QueuesConfiguring Advanced QoS Settings Defining Policy PropertiesConfiguring Advanced QoS Settings Mapping Dscp ValuesDefining Tail Dropping Tail DropCreating Class Maps Class mapsAdd Class Map Aggregating Policiers Click . The Add Aggregated Policier Page opensAdd Aggregated Policier Defining Policy Profiles Defining PoliciesAdd QoS Policy Profile Click . The Add QoS Policy Profile Page opensAttaching Policies to Interfaces Policy BindingDXS/DWS 3200 Series User Guide Managing System Files File Management OverviewFile Management Overview Downloading System Files Firmware DownloadOpen the File Download Configuration DownloadDownloading System Files Define the Source File Name and Destination File fieldsUploading System Files Upload TypeUploading System Files Configuration UploadSoftware Image Upload Open the File UploadActivating Image Files Active ImageSelect Restore Configuration Factory Defaults Restoring the Default Configuration FileSelect Copy Configuration Copying FilesManaging System Files File SystemManaging System Logs System Log Severity Levels MessageEnabling System Logs Syslog PropertiesEnabling System Logs Viewing the Device Memory Logs Clearing Device Memory LogsViewing the Flash Logs Clearing Flash LogsViewing the Flash Logs Defining Servers Log Parameters Click . The Add Syslog Server Page opensAdd Syslog Server Defining Servers Log ParametersThis page is left blank intentionally Managing Device Diagnostics Configuring Port Mirroring Port MirroringConfiguring Port Mirroring Click . The Add Port Mirroring Page opensPort Mirroring Settings Click . The Port Mirroring Settings Page opensViewing Integrated Cable Tests Viewing Integrated Cable TestsDXS/DWS 3200 Series User Guide Viewing Optical Transceivers Viewing Optical TransceiversOptical Transceivers Page contains the field Viewing the CPU Utilization CPU UtilizationConfiguring System Time Configuring Daylight Savings TimeConfiguring Daylight Savings Time Click System General Time. The Time Page opens Time Define the Date, Local Time and Time Zone Offset fields Polling for Unicast Time Information Configuring SntpConfiguring Sntp Polling for Anycast Time InformationDefining Sntp Global Settings Sntp PropertiesDefining Sntp Global Settings Defining Sntp Authentication Sntp AuthenticationDefining Sntp Authentication Click . The Section Add Sntp Authentication page opensDefining Sntp Servers Click System Sntp Servers. The Sntp Servers Page opensDefining Sntp Servers Click . The Add Sntp Server Page opensDefining Sntp Interface Settings Click . The Add Sntp Interface Page opensDefining Sntp Interface Settings Define the Interface and Receive Server Updates fieldsThis page is left blank intentionally Viewing Statistics Viewing Interface StatisticsViewing Interface Statistics Viewing Device Interface Statistics Receive StatisticsResetting Interface Statistics Counters Transmit StatisticsOpen the Interface Statistics Viewing Port Utilization Statistics Port UtilizationViewing Etherlike Statistics Etherlike StatisticsResetting Etherlike Statistics Counters Open the Etherlike StatisticsViewing Gvrp Statistics Gvrp StatisticsResetting Gvrp Statistics Counters Open the Gvrp StatisticsViewing EAP Statistics EAP StatisticsDXS/DWS 3200 Series User Guide Managing Rmon Statistics Managing Rmon StatisticsViewing Rmon Statistics Rmon StatisticsResetting Rmon Statistics Counters Open the Rmon StatisticsConfiguring Rmon History Defining Rmon History ControlRmon History Control Settings Click . The Rmon History Control Settings Page opensViewing the Rmon History Table Rmon History TableViewing Statistics Configuring Rmon Events Defining Rmon Events ControlViewing Statistics Viewing the Rmon Events Logs Rmon Events LogsDefining Rmon Alarms Click Advanced Setup Rmon Alarm. The Rmon Alarm Page opensAdd Alarms Entry Appendix A, Wlan Country Settings Republic CyprusCzech GermanyAppendix A, Wlan Country Settings India E q u e n c y R a n g e IrelandIsrael IcelandLithuania E q u e n c y R a n g eKorea LuxembourgPhilippines NorwayNew Zealand PolandSlovenia E q u e n c y R a n g e SwedenSingapore SlovakE q u e n c y R a n g e United States AmericaSouth Africa Appendix B, Device Specifications & Features Hardware SpecificationsAppendix B, Device Specifications & Features DXS-3227, DXS-3227P, and DXS-3250 Features A t u r e S c r i p t i o nActive underlying Spanning Tree Protocol Features topology LacpMDI/MDIX Support Media-Dependent Interface with Crossover MdixSecurity Global Parameters Simple Network Management Protocol Snmp over the UDP/IPSntp Based on either the Vlan tag or based on a combination This page is left blank intentionally Appendix B, Troubleshooting Appendix B, TroubleshootingProblem Management Troubleshooting SolutionsProblems Possible Cause Solution Troubleshooting Solutions Console #reload Contacting D-Link Technical Support Contacting D-Link Technical SupportDXS/DWS 3200 Series User Guide Contacting D-Link Technical Support DXS/DWS 3200 Series User Guide Contacting D-Link Technical Support DXS/DWS 3200 Series User Guide Contacting D-Link Technical Support DXS/DWS 3200 Series User Guide Contacting D-Link Technical Support DXS/DWS 3200 Series User Guide Contacting D-Link Technical Support DXS/DWS 3200 Series User Guide Contacting D-Link Technical Support DXS/DWS 3200 Series User Guide Contacting D-Link Technical Support DXS/DWS 3200 Series User Guide Contacting D-Link Technical Support DXS/DWS 3200 Series User Guide Contacting D-Link Technical Support DXS/DWS 3200 Series User Guide Contacting D-Link Technical Support DXS/DWS 3200 Series User Guide Contacting D-Link Technical Support DXS/DWS 3200 Series User Guide Contacting D-Link Technical Support DXS/DWS 3200 Series User Guide Contacting D-Link Technical Support DXS/DWS 3200 Series User Guide Warranty WarrantyDXS/DWS 3200 Series User Guide Warranty DXS/DWS 3200 Series User Guide Product Registration Product RegistrationDXS/DWS 3200 Series User Guide International Offices International Offices