![D-Link DGS-3312SR [198/290] Access authentication control](/img/pdf.png)
D-Link DGS-3312SR [198/290] Access authentication control
![D-Link DGS-3312SR [198/290] Access authentication control](/views2/1013280/page198/bgc6.png)
DGS-3312SR Stackable Gigabit Layer 3 Switch
Access Authentication Control
sion of the TACACS protocol with the ability to provide more
also uses UDP
• TACACS+ (Terminal Access Controller Access Control System plus) - Provides detailed access control for
authentication for network devices. TACACS+ is facilitated through Authentication commands via one or more
centralized servers. The TACACS+ protocol encrypts all traffic between the Switch and the TACACS+ daemon,
using the TCP protocol to ensure reliable delivery
In order for the TACACS / XTACACS / TACACS+ / RADIUS security function to work properly, a TACACS /
XTACACS / TACACS+ / RADIUS server must be configured on a device other than the Switch, called an Authentication
Server Host and it must include usernames and passwords for authentication. When the user is prompted by the Switch to
enter usernames and passwords for authentication, the Switch contacts the TACACS / XTACACS / TACACS+ / RADIUS
server to verify, and the server will respond with one of three messages:
• The server verifies th vileges on the Switch.
m the
ification configured in the method list.
The Switch has four built-in Authentication Server Groups, one for each of the TACACS, XTACACS, TACACS+ and
RADIUS protocols. These built-in Authentication Server Groups are used to authenticate users trying to access the Switch.
The users will set Authentication Server Hosts in a preferable order in the built-in Authentication Server Groups and when
a user tries to gain access to the Switch, the Switch will ask the first Authentication Server Hosts for authentication. If no
authentication is made, the second server host in the list will be queried, and so on. The built-in Authentication Server
Groups can only have hosts that are running the specified protocol. For example, the TACACS Authentication Server
Groups can only have TACACS Authentication Server Hosts.
The administrator for the Switch may set up six different authentication techniques per user-defined method list (TACACS
/ XTACACS / TACACS+ / RADIUS / local / none) for authentication. These techniques will be listed in an order
preferable, and defined by the user for normal user authentication on the Switch, and may contain up to eight
authentication techniques. When a user attempts to access the Switch, the Switch will select the first technique listed for
authentication. If the first technique goes through its Authentication Server Hosts and no authentication is returned, the
Switch will then go to the next technique listed in the server group for authentication, until the authentication has been
verified or denied, or the list is exhausted.
Please note that users granted access to the Switch will be granted normal user privileges on the Switch. To gain access to
administrator level privileges, the user must access the Enable Admin window and then enter a password, wh h was
previously configured by the adm
The TACACS / XTACACS / TACACS+ / RADIUS commands let you secure access to the Switch using the TACACS /
XTACACS / TACACS+ / RADIUS protocols. When a user logs in to the Switch or tries to access the administrator level
privilege, he or she is prompted for a password. If TACACS / XTACACS / TACACS+ / RADIUS authentication is
enabled on the Switch, it will contact a TACACS / XTACACS / TACACS+ / RADIUS server to verify the user. If the user
is verified, he or she is granted access to the Switch.
There are currently three versions of the TACACS security protocol, each a separate entity. The Switch's software supports
the following versions of TACACS:
• TACACS (Terminal Access Controller Access Control System) - Provides password checking and
authentication, and notification of user actions for security purposes utilizing via one or more centralized
TACACS servers, utilizing the UDP protocol for packet transmission.
• Extended TACACS (XTACACS) - An exten
types of authentication requests and more types of response codes than TACACS. This protocol
to transmit packets.
e username and password, and the user is granted normal user pri
• The server will not accept the username and password and the user is denied access to the Switch.
• The server doesn't respond to the verification query. At this point, the Switch receives the timeout fro
server and then moves to the next method of ver
ic
inistrator of the Switch.
same, using the same protocol. (For example,
TACACS authentication, so must be the host s
NOT te entities and are
not c igured exactly the
if the Switch is set up for
erver.)
E: TACACS, XTACACS, and TACACS+ are separa
ompatible. The Switch and the server must be conf
185
Содержание
- D link dgs 3312sr 1
- Manual 1
- Port gigabit layer 3 stackable switch 1
- Release iii 1
- Table of contents 3
- About this manual 9
- Bold font 9
- Intended readers 9
- Typographical conventions 9
- Notes notices and cautions 10
- Safety cautions 10
- Safety instructions 10
- General p 11
- General precautions for rack mountable products 11
- Recautions for rack mountable products 11
- Protecting against electrostatic discharge 13
- Features 14
- Front panel components 14
- Introduction 14
- Section 1 14
- Switch description 14
- Front panel components 16
- Led indicators 16
- Stacking led indicators 17
- Rear panel description 18
- Rps connector 18
- Dem 340mg sfp mini gbic module 19
- Dem 340t 1000base t module 19
- Plug in modules 19
- Dem 540 ieee 1394 stacking module 20
- I ch stacking 20
- Restrictions and cautions for stacking 20
- Command line console interface through the serial port or telnet 22
- Ement interface 22
- Management options 22
- Snmp based management 22
- Web based manag 22
- Before you connect to the network 23
- Package contents 23
- Section 2 23
- St llation 23
- Installing the switch in a rack 24
- Installing the switch without the rack 24
- Mounting the switch in a standard 19 rack 25
- Cting stacked switch groups 26
- G connections with ieee 1394 ethernet 26
- Stackin cabling and fiber optic transceiver cabling 26
- Configuring a switch group for stacking 27
- It i display for switches in a switch stack 28
- Externa 29
- L redundant power system 29
- Connecting the console port 30
- Password protection 30
- Snmp settings 32
- Ip address assignment 33
- Connecting devices to the switch 34
- Basic switch management 35
- Before you start 35
- Gene al de 35
- R ployment strategy 35
- Section 3 35
- Efining static routes 36
- Vlan setup 36
- Areas of the user interface 37
- Web based user interface 37
- Login to web manager 38
- Web pages and fo 38
- Basic setup 39
- Switch ip settings 39
- Witch information 39
- Ddre nso 41
- Setting the switch s ip a ss using the co le interface 41
- Security ip management stations configuration 42
- User account management 42
- Admin and user privileges 43
- Factory reset 44
- Save changes 44
- Restart system 45
- Advanced settings 46
- Configure stacking 48
- Switch stack management 48
- Basic configuration 51
- Section 4 51
- Ip address 52
- Itch information 52
- Setting the switch s ip address using the console interface 54
- Advanced settings 55
- Port configuration 57
- Port description 59
- Port mirroring 60
- Traffic control 61
- Link aggregation 62
- Understanding port trunk groups 62
- Lacp port settings 64
- Authentication server 66
- Port access entity 802 x 66
- X port based and mac based access control 66
- Authenticator 67
- Authentication process 68
- Client 68
- Port based network access control 69
- Understanding 802 x port based and mac based network access control 69
- Ethernet switch 70
- Mac based network access control 70
- Network access controlled port 70
- Network access uncontrolled port 70
- Radius server 70
- X authenticator settings 71
- Pae system control 73
- X capability settings 73
- Initializing ports for port based 802 x 74
- Initializing ports for mac based 802 x 75
- Ort s for port based 802 x 76
- Reauthenticate p 76
- Mac based 802 x 77
- Reauthenticate port s for 77
- Radius serv 78
- Radius server 78
- Igmp snooping 79
- Igmp snooping configuration 79
- Static router ports 81
- Ing tree 83
- Port transition states 83
- S mstp 83
- Spanning tree 83
- W rapid spann 83
- D 802 w 802 s compa 84
- Edge port 84
- P2p port 84
- Tibility 84
- Stp bridge global settings 85
- Mst configuration table 88
- Msti settings 91
- Stp instance settings 92
- Stp port settings 94
- Forwarding 96
- Forwarding filtering 96
- Unicast 96
- Multicast forwarding 97
- Assigning ip network addresses and subnet masks to vlans 98
- Layer 3 based vlans 98
- Planning vlan layout 98
- Understanding 802 q vlans 98
- Vlans in layer 2 98
- Ieee 802 q vlans 99
- Q vlan packet forwarding 99
- Q vlan tags 99
- Port vlan id 100
- Ingress filtering 101
- Tagging and untagging 101
- Q static vlans 102
- Gvrp settings 105
- The advantages of qos 107
- Understanding qos 108
- P default priority 109
- P user priority 109
- Eduling configuration 110
- Qos output sch 110
- Traffic segmentation 111
- Port bandwidth 112
- Ion global settings 113
- Mac notificat 113
- Mac notification 113
- Mac notification port settings 114
- Onfiguration 115
- Port sec 115
- Port security c 115
- Port lock entry delete 116
- Port security clear 116
- System log server 117
- Sntp settings 119
- Time setting 119
- Time zone and dst settings 120
- Access profile table 122
- L3 global advanced settings 133
- Layer 3 ip networking 133
- Section 5 133
- Ip interface settings 134
- Md5 key settings 136
- Route redistribution settings 137
- Static default route settings 139
- Static arp settings 140
- Rip global 143
- Rip interface settings 143
- Setting 143
- Introduction to ospf 145
- Link state algorithm 145
- Ospf cost 145
- Shortest path algorithm 145
- Router a 146
- Router b 146
- Router c 146
- Router d 146
- Shortest path tree 146
- 13 1 222 11 0 147
- Areas and border routers 147
- Link state packets 147
- Router a 147
- Router b 147
- Router c 147
- Areas not physically connected to area 0 148
- Backbone and area 0 148
- Message digest authentication md 5 148
- Ospf authentication 148
- Partitioning the backbo 148
- Simple password authentication 148
- Virtual links 148
- Adjacencies 149
- Building adjacency 149
- Designated router election 149
- Neighbors 149
- Adjacencies on point to point 150
- Interfaces 150
- Ospf packet formats 150
- Ospf packet header 150
- Hello packet 151
- Database description packet 152
- Link state request packet 153
- State request packet 153
- Link state acknowledgment p 154
- Link state update packet 154
- Link isement for 155
- Link state acknowledgment packet 155
- Link state advertisement header 155
- State advert mats 155
- Dgs 3312sr stackable gigabit layer 3 switch 156
- State advertisement header 156
- Router links advertisements 157
- Etwork li tisements 159
- N nks adver 159
- Summary link advertisements 159
- Autonomous s 160
- S external link advertisements 160
- Ospf area id settings 162
- Ospf general setting 162
- Ospf interface settings 164
- Ospf virtual interface settings 166
- Ospf area aggregation settings 168
- Ospf host route settings 169
- Dhcp bootp relay 170
- Information 170
- Dhcp bootp re 171
- Lay settings 171
- Dns relay 172
- Dns relay ation 172
- Inform 172
- Dns relay static settings 173
- Vrrp configuration 174
- Vrrp interface settings 175
- Vrrp interface settings 176
- Vrrp interface entry display 178
- Igmp versions 1 and 2 180
- Ip multicast 180
- Igmp interface configuration 182
- Igmp interface settings 182
- Dvmrp global setting 184
- Dvmrp interface settings 184
- Lobal setting 186
- Pim dm g 186
- Pim dm interface settings 186
- Section 6 188
- Security 188
- Trusted host 188
- Download certificate 189
- Layer ssl 189
- Secure socket 189
- Configuration 190
- H onfiguration 192
- Secure shell ssh 192
- Ssh algorithm 194
- Ssh user authentication 196
- Access authentication control 198
- Policy paramet 199
- Application authentication settings 200
- Authentication s 201
- Erver group 201
- Authentication server host 203
- Login method lists 205
- Enable method lists 207
- Local enable password 209
- Enable admin 210
- Management 211
- Section 7 211
- User accounts 211
- Admin and user privileges 212
- Snmp settings 212
- Snmp user table 213
- Snmp user table display 214
- Snmp view table 216
- Mp group table 217
- Snmp community table 219
- Snmp host table 220
- Snmp engine id 221
- Monitoring 222
- Section 8 222
- Stack information 223
- Ort util 226
- P ization 226
- Cpu utilization 227
- Packets 228
- R ived packet 228
- Received unicas 230
- T multicast broadcast packets 230
- Transmitted packe 232
- Errors 234
- Received errors 234
- Transmitted errors 236
- Packet size 238
- Mac address 240
- Switch history log 242
- Igmp snooping table 243
- Igmp snooping forwarding 244
- Vlan status 245
- Router port 246
- Session table 247
- Layer 3 feature 248
- Traceroute 248
- Browse ip address table 249
- Browse arp table 250
- Browse routing table 250
- Browse igmp group table 251
- Browse ip multicast forwarding table 251
- Browse ospf lsdb table 252
- Ospf monitor 252
- Browse ospf neighbor table 253
- Brows sp 254
- E o f virtual neighbor table 254
- Browse dvmrp neighbor address table 255
- Browse dvmrp routing 255
- Dvmrp monitor 255
- Browse dvmrp routing next hop table 256
- Browse pim neighbor address table 257
- Pim monitor 257
- Download firmware 258
- Maintenance 258
- Section 9 258
- Tftp services 258
- Download configuration file 259
- Upload configuration 259
- Upload log 259
- Ping test 260
- Save changes 260
- Factory reset 261
- Restart system 262
- Section 10 263
- Single ip management 263
- Sim settings 265
- Opology 266
- Tool tips 269
- Group icon 270
- Right click 270
- Commander switch icon 271
- Tch icon member swi 272
- Candidate switch icon 273
- Menu bar 274
- Configuration file backup restore 275
- Firmware upgrade 275
- Appendix a 276
- Technical specifications 276
- And connectors 278
- Appendix b 278
- Cables 278
- Appendix c 279
- Cable lengths 279
- Glossary 280
- International offices 283
- After an rma number is issued the defective product must be packaged securely in the original or other suitable shipping package to ensure that it will not be damaged in transit and the rma number must be prominently marked on the outside of the package the package must be mailed or otherwise shipped to d link with all costs of mailing shipping insurance prepaid d link shall never be responsible for any software firmware information or memory data of purchaser contained in stored on or integrated with any product returned to d link pursuant to this warranty 284
- Hardware 284
- Limitation of liability 284
- Limited warranty 284
- Warranties exclusive 284
- D link offices for registration and warranty service 285
- Software 285
- Register online your d link product at http support dlink com register 288
- Answers to the following questions help us to support your product 289
- Computer e g compaq 486 289
- Computer serial no 289
- How many employees work at installation site 289
- Print type or use block letters 289
- Product installed in 289
- Product model product serial no product installed in type of 289
- Product was purchased from 289
- Registration card 289
- What applications are used on your network 289
- What category best describes your company 289
- What network management program does your organization use 289
- What network medium media does your organization use 289
- What network operating system s does your organization use 289
- What network protocol s does your organization use 289
- Where and how will the product primarily be used 289
- Would you recommend your d link product to a friend 289
- Your comments on this product _______________________________________________________________________________________ 289
Похожие устройства
- LG LH-T3635X Инструкция по эксплуатации
- Akai TN-3306P Инструкция по эксплуатации
- Viking GE 345 Инструкция по эксплуатации
- Electrolux EMS 20405 X Инструкция по эксплуатации
- D-Link DNS-1100-04 Инструкция по эксплуатации
- LG LH-T3630X Инструкция по эксплуатации
- Akai TN-3245P Инструкция по эксплуатации
- Yamaha EMX-212S Инструкция по эксплуатации
- Craftsman 29802 Инструкция по эксплуатации
- Elenberg MGC-9025D Инструкция по эксплуатации
- LG LH-T3605X Инструкция по эксплуатации
- Yamaha EMX-312SC Инструкция по эксплуатации
- Akai TN-3174P Инструкция по эксплуатации
- D-Link DNS-1200-05 Инструкция по эксплуатации
- Patriot -Garden T 6,5/800 FB PG California Инструкция по эксплуатации
- Mystery MCO-1503 Инструкция по эксплуатации
- Akai TN-3061P Инструкция по эксплуатации
- D-Link DNS-325 Инструкция по эксплуатации
- Elitech КБ 52 Инструкция по эксплуатации
- Yamaha EMX-5014C Инструкция по эксплуатации