Manuals / TP-Link / Computer Equipment / Switch

TP-Link TL-SG3216 11.4, ¾ Configure, ¾ Defend Table, Defend Type Displays the Defend Type name

Models: TL-SG3216

1 232

Download 232 pages 26.13 Kb

Page 162

Figure 11-16 DoS Defend

The following entries are displayed on this screen:

¾Configure

DoS Defend:Enable/Disable DoS Defend function.

¾Defend Table

Select:	Select the entry to enable the corresponding Defend Type.
Defend Type:	Displays the Defend Type name.

Tips:

You are suggested to take the following further steps to ensure the network security.

1.It’s recommended to inspect and repair the system vulnerability regularly. It is also necessary to install the system bulletins and backup the important information in time.

2.The network administrator is suggested to inspect the physic environment of the network and block the unnecessary network services.

3.Enhance the network security via the protection devices, such as the hardware firewall.

11.4 802.1X

The 802.1X protocol was developed by IEEE802 LAN/WAN committee to deal with the security issues of wireless LANs. It was then used in Ethernet as a common access control mechanism for LAN ports to solve mainly authentication and security problems.

802.1X is a port-based network access control protocol. It authenticates and controls devices requesting for access in terms of the ports of LAN access control devices. With the 802.1X protocol enabled, a supplicant can access the LAN only when it passes the authentication, whereas those failing to pass the authentication are denied when accessing the LAN.

¾Architecture of 802.1X Authentication

155

Image 162

TP-Link TL-SG3216 manual 11.4, ¾ Configure, ¾ Defend Table, Defend Type Displays the Defend Type name

Contents

TL-SG3216/TL-SG3424 JetStream L2 Lite Managed Switch Copyright & Trademarks Contents Gvrp 100 VII NDP Package Contents Conventions About this GuideIntended Readers Overview of This GuideSystem Switching Vlan Spanning Tree Multicast QoS ACL Network Security Snmp Cluster Return to Contents Overview of the Switch Main FeaturesIntroduction Appearance Description Front Panel¾ LEDs Name Status Indication Rear Panel Login to the Switch LoginConfiguration Return to Contents System Summary SystemSystem Info ¾ Port StatusRate PortType StatusDevice Description System Time¾ Device Description Synchronize With Current SystemGet GMT PC’S Clock¾ IP Config System IPUser Config User ManageUser Table User Status User ID, Name, Access Level and status Operation¾ User Info ¾ User Table¾ Config Restore Config RestoreConfig Backup System ToolsFirmware Upgrade ¾ Config BackupSystem Reset Access SecuritySystem Reboot Access ControlIP Address&Mask ¾ Access Control Config¾ Session Config MAC AddressSSL Config ¾ Access User Number¾ Certificate Download SSH Config¾ Global Config ¾ Key DownloadIdle Timeout ProtocolMax Connect Download ¾ Configuration ProcedureKey Type ¾ Network RequirementsApplication Example 2 for SSH Page Return to Contents Port SwitchingPort Config Port SelectSpeed and Duplex Port MirrorDescription Flow ControlMirroring Mirror ModeGroup ModePort Security ¾ Port SecurityLAG Max Learned MACLearned Num ¾ LAG Table LAG TableAggregate Arithmetic Group NumberStatic LAG Detail InformationLacp Config ¾ LAG ConfigLAG will delete this LAG System Priority ¾ Lacp ConfigAdmin Key Port PriorityTraffic Monitor Traffic Summary¾ Auto Refresh Traffic Statistics MAC Address Way Address TableBound MAC address Port¾ Search Option ¾ Address TableDisplays the corresponding Vlan ID of the MAC address MAC Address Displays the MAC address learned by the switchStatic Address ¾ Create Static AddressDynamic Address ¾ Static Address Table¾ Aging Config ¾ Dynamic Address TableFiltering Address Bind¾ Create Filtering Address ¾ Filtering Address TableVlan 802.1Q Vlan ¾ Link Types of ports¾ Pvid Vlan ID Select Vlan Config¾ Vlan Table Description ：Is valid or not ¾ Vlan ConfigEnter the ID number of Vlan ¾ Vlan Members¾ Vlan Port Config Port Displays the port number¾ Vlan of Port Required. On the VLAN→802.1Q VLAN→Port Config page, setRequired. On the VLAN→802.1Q VLAN→VLAN Config Vlan DescriptionVLAN→VLAN Config MAC VlanMAC Select Protocol Vlan¾ MAC Vlan Table Step Operation Description¾ The Procedure for the Switch to Identify Packet Protocol ¾ Encapsulation Format of Ethernet Data802.3 raw 802.2 LLC Snap Protocol ¾ The Implementation of Protocol VlanEncapsulation Vlan packets are processed in the following wayProtocol Group Table Protocol Group¾ Protocol Group Table ¾ Protocol Group Config Protocol Template¾ Protocol Group Member Application Example for 802.1Q Vlan ¾ Network Diagram ¾ Configuration Procedure Required. On VLAN→802.1Q VLAN→Port Config page, configureRequired. On VLAN→802.1Q VLAN→VLAN Config page, create a Application Example for MAC Vlan ¾ Network Diagram Application Example for Protocol VlanRequired. On VLAN→Protocol VLAN→Protocol Template Gvrp On VLAN→Protocol VLAN→Protocol Group page, create protocol¾ Gvrp ¾ Port Config Select Port Status Registration ModeConfiguration Procedure Spanning Tree ¾ STP Elements¾ STP Timers ¾ Bpdu Comparing Principle in STP mode¾ STP Generation Step Operation Tips ：¾ Rstp Elements ¾ Mstp Elements¾ Port States ¾ Port RolesSTP Config STP ConfigHello Time Forward DelayVersion Max AgePort Config STP SummaryIntPath PriorityExtPath Edge PortRegion Config Mstp InstancePort Status Instance Config ¾ Region ConfigInstance Instance Port Config¾ Instance Table ClearInstance ID Path CostPort Role STP Security Port Protect¾ TC Protect ¾ Bpdu Protect¾ Bpdu Filter TC Protect Loop ProtectRoot Protect Bpdu ProtectApplication Example for STP Function TC ProtectOn Spanning Tree→STP Config→STP Config On Spanning Tree→STP Config→Port ConfigOn Spanning Tree→MSTP Instance→Instance Configure Switch D ¾ Suggestion for Configuration Multicast ¾ Multicast Overview¾ Multicast Address ¾ Multicast Address Table Multicast IP Port¾ Igmp Snooping Process Igmp Snooping¾ Igmp Snooping ¾ Igmp MessagesSnooping Config ¾ Igmp Snooping Fundamentals¾ Igmp Snooping Status Description Displays Igmp Snooping status MemberIgmp Snooping Fast LeaveLeave Time Router Port TimeMember Port Time Static Router PortMulticast Vlan Snooping→Snooping Config and Port ConfigMulticast→IGMP Snooping→VLAN Config Displays the Vlan ID¾ Multicast Vlan On the Multicast→IGMP Snooping→Snooping Config VlanMulticast→IGMP Snooping→Multicast Vlan Snooping→Snooping Config ¾ Configuration Procedure Step Operation DescriptionSnooping→Port Config Multicast IPMulticast IP Table Static Multicast IPMulticast Filter ¾ Create Static Multicast¾ Static Multicast IP Table Start Multicast IP IP-RangeIP Range ID End Multicast IPPort Filter ¾ Port Filter ConfigAction Mode FilterDisplays the LAG number which the port belongs to Packet StatisticsPorts taking up too much bandwidth Multicast→Multicast Filter→IP-Range¾ Igmp Statistics ¾ Priority Mode QoS¾ QoS ¾ Schedule Mode 802.1Q frameSP-Mode ¾ Port Priority Config DiffServPort Priority ¾ Schedule Mode Config Schedule ModeRequired. On QoS→DiffServ→Schedule Mode Required. On QoS→DiffServ→Port Priority3 802.1P Priority Dscp Priority¾ Priority Level ¾ Dscp Priority Config Required. On QoS→DiffServ→DSCP Priority¾ Rate Limit Config Bandwidth ControlRate Limit ¾ Storm Control Config Storm ControlBps Voice VlanBroadcast Rate Mulitcast Rate¾ Security Mode of Voice Vlan TAGGlobal Config Security Packet Type Processing ModeEnter the Vlan ID of the voice Vlan Select the desired port for voice Vlan configuration. It is OUI Config Configuration Procedure of Voice Vlan Displays the OUI address of the voice deviceTime-Range Summary ACLTime-Range IndexTime-Range Create ¾ Create Holiday ACL ConfigHoliday Config ¾ Holiday Table¾ Rule Table ACL SummaryACL Create ¾ Create ACLRule ID MAC ACL¾ Create MAC ACL EtherType¾ Create Standard-IP ACL Standard-IP ACLExtend-IP ACL Time-Range¾ Create Extend-IP ACL IP ProtocolTCP Flag ： Policy Config Policy Summary¾ Create Policy Policy CreateAction Create ¾ Create ActionPolicy Binding Binding TablePort Binding Vlan BindingDirection Displays the binding direction Enter the ID of the Vlan you want to bind ¾ VLAN-Bind ConfigApplication Example for ACL ¾ VLAN-Bind TableOn ACL→ACL Config→ACL Create page, create ACL On ACL→ACL Config→Standard-IP ACL page, select ACL Network Security IP-MAC BindingManual Binding Protect Type Select the Protect Type for the entry ¾ Manual Binding OptionEnter the Vlan ID ¾ Manual Binding TableARP Scanning End IP Address Dhcp SnoopingStart IP Address ScanNetwork diagram for DHCP-snooping implementation ¾ Dhcp Working Principle¾ Option Dhcp Cheating Attack Implementation Procedure ¾ Dhcp Cheating Attack¾ Dhcp Snooping Config ¾ Option 82 Config ¾ Port Config Port SelectCustomization Circuit ID Remote ID ARP Inspection ¾ Imitating Gateway¾ Cheating Gateway 10 ARP Attack Cheating Gateway ¾ Cheating Terminal Hosts¾ Man-In-The-Middle Attack ¾ ARP Flooding Attack ARP Detect ¾ ARP Detect¾ Trusted Port ARP Defend Required. On the Network Security→IP-MACNetwork Security→ARP Defend ARP Statistics¾ ARP Defend SpeedDoS Defend ¾ Illegal ARP PacketDoS Attack Type Description 11.4 ¾ Configure¾ Architecture of 802.1X Authentication ¾ Defend Table¾ The Mechanism of an 802.1X Authentication System ¾ 802.1X Authentication Procedure ¾ 802.1X Timer ¾ Guest Vlan Guest Vlan Authentication Method802.1X Guest Vlan IDSupplicant Timeout Server TimeoutRetry Times Control Type Control ModeRadius Server AuthorizedOn the Network Security→802.1X→Global Config Required. On the Network Security→802.1X→RadiusRequired. On the Network Security→802.1X→Port ¾ Snmp Management Frame Snmp¾ Snmp Overview ¾ Snmp Versions¾ Snmp Configuration Outline ¾ MIB IntroductionSnmp Config ¾ Local Engine¾ Remote Engine View Type Snmp ViewMIB Object ID View Name¾ Group Config Snmp GroupSnmp User ¾ Group TablePrivacy Mode Auth ModeAuth Password Privacy Password¾ Community Config AccessSnmp Community MIB View Required. On the SNMP→SNMP Config→GlobalRequired. On the SNMP→SNMP Config→SNMP ¾ Community TableOn the SNMP→SNMP Config→SNMP NotificationUser TimeoutUDP Port RetryRmon ¾ Rmon GroupRmon Group Function Event Config History Control¾ History Control Table Alarm Config ¾ Event TableRising Threshold VariableSample Type Rising Event179 Cluster ¾ Cluster Role13.1 NDP Neighbor Info¾ Introduction to Cluster NDP Summary ¾ Neighbor¾ Neighbor Info ¾ Port Status Displays the port number of the switch NDPDisable NDP ConfigEnable ¾ Global CofigDevice MAC NtdpDevice Table Cluster NameNeighbor Info Ntdp SummaryHops Collect TopologyNtdp Config Port Displays the port number of the switchNtdp Interval Time Ntdp Hop DelayNtdp Port Delay Ntdp Hops¾ Global ClusterCluster Summary ClusterCluster Config ¾ Global Config Cluster¾ Current Role ¾ Role ChangeApplication Example for Cluster Function On Cluster→NDP→NDP Config page, enable NDP On Cluster→NTDP→NTDP Config page, enable194 Maintenance System MonitorCPU Monitor Memory Monitor 14.2 Log Log Table Local LogLog Buffer ¾ Local Log ConfigRemote Log Log FileBackup Log ¾ Log HostHost IP Cable Test ErrorDevice Diagnose PairLoopback Switch is availableNetwork Diagnose Ping¾ Ping Config Tracert¾ Tracert Config 10 Tracert Following entries are displayed on this screenAppendix a Specifications Appendix B Configuring the PCs 207 Now Appendix C Load Software using FTP Hardware InstallationConfigure the Hyper Terminal 210 Download Firmware via bootUtil menu Figure C-5 Port SettingsTP-LINK upgrade You can only use the port 1 to upgrade Are you want to upgrade the firmwareY/N yTP-LINK start Start UserInstallation Guide Appendix D 802.1X Client Software215 216 Uninstall Software Figure D-7 InstallShield Wizard CompleteConfiguration Figure D-11 Uninstall Complete219 FAQ Figure D-16 Connection Status221 Appendix E Glossary Ieee 802.1D Multicast SwitchingGroup Attribute Registration Protocol Garp Ieee 802.1QLink Aggregation Port AuthenticationRemote Authentication Dial-in User Service Radius Link Aggregation Control Protocol LacpSpanning Tree Algorithm STA Simple Network Management Protocol SnmpSimple Network Time Protocol Sntp Telnet