![D-Link DGS-3312SR [66/290] Port access entity 802 x](/img/pdf.png)
D-Link DGS-3312SR [66/290] Port access entity 802 x
![D-Link DGS-3312SR [66/290] Port access entity 802 x](/views2/1013280/page66/bg42.png)
DGS-3312SR Stackable Gigabit Layer 3 Switch
Port Access Entity (802.1X)
802.1x Port-Based and MAC-Based Access Control
The IEEE 802.1x standard is a security measure for authorizing and authenticating users to gain access to various wired or
wireless devices on a specified Local Area Network by using a Client and Server based access control model. This is
accomplished by using a RADIUS server to authenticate users trying to access a network by relaying Extensible
Authentication Protocol over LAN (EAPOL) packets between the Client and the Server. The following figure represents a
basic EAPOL packet:
Figure 4- 12. The EAPOL Packet
Utilizing this method, unauthorized devices are restricted from connecting to a LAN through a port to which the user is
connected. EAPOL packets are the only traffic that can be transmitted through the specific port until author n is
granted. The 802.1x Access Con creating and upkeeping a stable
izatio
trol method holds three roles, each of which are vital to
and working Access Control security method.
Figure 4- 13. The three roles of 802.1x
The following section will explain the three roles of Client, Authenticator and Authentication Server in greater detail.
Authentication Server
The Authentication Server is a rem ogram and must be configured
properly on the Authenticator (Switch). Clients connected to a port on the Switch must be authenticated by the
Authentication Server (RADIUS) e LAN. The role of the
Authentication Server is rk by exchanging secure
ote device that must be running a RADIUS Server pr
before attaining any services offered by the Switch on th
to certify the identity of the Client attempting to access the netwo
information between the RADIUS server and the Client through EAPOL packets and, in turn, informs the Switch whether
or not the Client is granted access to the LAN and/or switches services.
53
Содержание
- D link dgs 3312sr 1
- Manual 1
- Port gigabit layer 3 stackable switch 1
- Release iii 1
- Table of contents 3
- About this manual 9
- Bold font 9
- Intended readers 9
- Typographical conventions 9
- Notes notices and cautions 10
- Safety cautions 10
- Safety instructions 10
- General p 11
- General precautions for rack mountable products 11
- Recautions for rack mountable products 11
- Protecting against electrostatic discharge 13
- Features 14
- Front panel components 14
- Introduction 14
- Section 1 14
- Switch description 14
- Front panel components 16
- Led indicators 16
- Stacking led indicators 17
- Rear panel description 18
- Rps connector 18
- Dem 340mg sfp mini gbic module 19
- Dem 340t 1000base t module 19
- Plug in modules 19
- Dem 540 ieee 1394 stacking module 20
- I ch stacking 20
- Restrictions and cautions for stacking 20
- Command line console interface through the serial port or telnet 22
- Ement interface 22
- Management options 22
- Snmp based management 22
- Web based manag 22
- Before you connect to the network 23
- Package contents 23
- Section 2 23
- St llation 23
- Installing the switch in a rack 24
- Installing the switch without the rack 24
- Mounting the switch in a standard 19 rack 25
- Cting stacked switch groups 26
- G connections with ieee 1394 ethernet 26
- Stackin cabling and fiber optic transceiver cabling 26
- Configuring a switch group for stacking 27
- It i display for switches in a switch stack 28
- Externa 29
- L redundant power system 29
- Connecting the console port 30
- Password protection 30
- Snmp settings 32
- Ip address assignment 33
- Connecting devices to the switch 34
- Basic switch management 35
- Before you start 35
- Gene al de 35
- R ployment strategy 35
- Section 3 35
- Efining static routes 36
- Vlan setup 36
- Areas of the user interface 37
- Web based user interface 37
- Login to web manager 38
- Web pages and fo 38
- Basic setup 39
- Switch ip settings 39
- Witch information 39
- Ddre nso 41
- Setting the switch s ip a ss using the co le interface 41
- Security ip management stations configuration 42
- User account management 42
- Admin and user privileges 43
- Factory reset 44
- Save changes 44
- Restart system 45
- Advanced settings 46
- Configure stacking 48
- Switch stack management 48
- Basic configuration 51
- Section 4 51
- Ip address 52
- Itch information 52
- Setting the switch s ip address using the console interface 54
- Advanced settings 55
- Port configuration 57
- Port description 59
- Port mirroring 60
- Traffic control 61
- Link aggregation 62
- Understanding port trunk groups 62
- Lacp port settings 64
- Authentication server 66
- Port access entity 802 x 66
- X port based and mac based access control 66
- Authenticator 67
- Authentication process 68
- Client 68
- Port based network access control 69
- Understanding 802 x port based and mac based network access control 69
- Ethernet switch 70
- Mac based network access control 70
- Network access controlled port 70
- Network access uncontrolled port 70
- Radius server 70
- X authenticator settings 71
- Pae system control 73
- X capability settings 73
- Initializing ports for port based 802 x 74
- Initializing ports for mac based 802 x 75
- Ort s for port based 802 x 76
- Reauthenticate p 76
- Mac based 802 x 77
- Reauthenticate port s for 77
- Radius serv 78
- Radius server 78
- Igmp snooping 79
- Igmp snooping configuration 79
- Static router ports 81
- Ing tree 83
- Port transition states 83
- S mstp 83
- Spanning tree 83
- W rapid spann 83
- D 802 w 802 s compa 84
- Edge port 84
- P2p port 84
- Tibility 84
- Stp bridge global settings 85
- Mst configuration table 88
- Msti settings 91
- Stp instance settings 92
- Stp port settings 94
- Forwarding 96
- Forwarding filtering 96
- Unicast 96
- Multicast forwarding 97
- Assigning ip network addresses and subnet masks to vlans 98
- Layer 3 based vlans 98
- Planning vlan layout 98
- Understanding 802 q vlans 98
- Vlans in layer 2 98
- Ieee 802 q vlans 99
- Q vlan packet forwarding 99
- Q vlan tags 99
- Port vlan id 100
- Ingress filtering 101
- Tagging and untagging 101
- Q static vlans 102
- Gvrp settings 105
- The advantages of qos 107
- Understanding qos 108
- P default priority 109
- P user priority 109
- Eduling configuration 110
- Qos output sch 110
- Traffic segmentation 111
- Port bandwidth 112
- Ion global settings 113
- Mac notificat 113
- Mac notification 113
- Mac notification port settings 114
- Onfiguration 115
- Port sec 115
- Port security c 115
- Port lock entry delete 116
- Port security clear 116
- System log server 117
- Sntp settings 119
- Time setting 119
- Time zone and dst settings 120
- Access profile table 122
- L3 global advanced settings 133
- Layer 3 ip networking 133
- Section 5 133
- Ip interface settings 134
- Md5 key settings 136
- Route redistribution settings 137
- Static default route settings 139
- Static arp settings 140
- Rip global 143
- Rip interface settings 143
- Setting 143
- Introduction to ospf 145
- Link state algorithm 145
- Ospf cost 145
- Shortest path algorithm 145
- Router a 146
- Router b 146
- Router c 146
- Router d 146
- Shortest path tree 146
- 13 1 222 11 0 147
- Areas and border routers 147
- Link state packets 147
- Router a 147
- Router b 147
- Router c 147
- Areas not physically connected to area 0 148
- Backbone and area 0 148
- Message digest authentication md 5 148
- Ospf authentication 148
- Partitioning the backbo 148
- Simple password authentication 148
- Virtual links 148
- Adjacencies 149
- Building adjacency 149
- Designated router election 149
- Neighbors 149
- Adjacencies on point to point 150
- Interfaces 150
- Ospf packet formats 150
- Ospf packet header 150
- Hello packet 151
- Database description packet 152
- Link state request packet 153
- State request packet 153
- Link state acknowledgment p 154
- Link state update packet 154
- Link isement for 155
- Link state acknowledgment packet 155
- Link state advertisement header 155
- State advert mats 155
- Dgs 3312sr stackable gigabit layer 3 switch 156
- State advertisement header 156
- Router links advertisements 157
- Etwork li tisements 159
- N nks adver 159
- Summary link advertisements 159
- Autonomous s 160
- S external link advertisements 160
- Ospf area id settings 162
- Ospf general setting 162
- Ospf interface settings 164
- Ospf virtual interface settings 166
- Ospf area aggregation settings 168
- Ospf host route settings 169
- Dhcp bootp relay 170
- Information 170
- Dhcp bootp re 171
- Lay settings 171
- Dns relay 172
- Dns relay ation 172
- Inform 172
- Dns relay static settings 173
- Vrrp configuration 174
- Vrrp interface settings 175
- Vrrp interface settings 176
- Vrrp interface entry display 178
- Igmp versions 1 and 2 180
- Ip multicast 180
- Igmp interface configuration 182
- Igmp interface settings 182
- Dvmrp global setting 184
- Dvmrp interface settings 184
- Lobal setting 186
- Pim dm g 186
- Pim dm interface settings 186
- Section 6 188
- Security 188
- Trusted host 188
- Download certificate 189
- Layer ssl 189
- Secure socket 189
- Configuration 190
- H onfiguration 192
- Secure shell ssh 192
- Ssh algorithm 194
- Ssh user authentication 196
- Access authentication control 198
- Policy paramet 199
- Application authentication settings 200
- Authentication s 201
- Erver group 201
- Authentication server host 203
- Login method lists 205
- Enable method lists 207
- Local enable password 209
- Enable admin 210
- Management 211
- Section 7 211
- User accounts 211
- Admin and user privileges 212
- Snmp settings 212
- Snmp user table 213
- Snmp user table display 214
- Snmp view table 216
- Mp group table 217
- Snmp community table 219
- Snmp host table 220
- Snmp engine id 221
- Monitoring 222
- Section 8 222
- Stack information 223
- Ort util 226
- P ization 226
- Cpu utilization 227
- Packets 228
- R ived packet 228
- Received unicas 230
- T multicast broadcast packets 230
- Transmitted packe 232
- Errors 234
- Received errors 234
- Transmitted errors 236
- Packet size 238
- Mac address 240
- Switch history log 242
- Igmp snooping table 243
- Igmp snooping forwarding 244
- Vlan status 245
- Router port 246
- Session table 247
- Layer 3 feature 248
- Traceroute 248
- Browse ip address table 249
- Browse arp table 250
- Browse routing table 250
- Browse igmp group table 251
- Browse ip multicast forwarding table 251
- Browse ospf lsdb table 252
- Ospf monitor 252
- Browse ospf neighbor table 253
- Brows sp 254
- E o f virtual neighbor table 254
- Browse dvmrp neighbor address table 255
- Browse dvmrp routing 255
- Dvmrp monitor 255
- Browse dvmrp routing next hop table 256
- Browse pim neighbor address table 257
- Pim monitor 257
- Download firmware 258
- Maintenance 258
- Section 9 258
- Tftp services 258
- Download configuration file 259
- Upload configuration 259
- Upload log 259
- Ping test 260
- Save changes 260
- Factory reset 261
- Restart system 262
- Section 10 263
- Single ip management 263
- Sim settings 265
- Opology 266
- Tool tips 269
- Group icon 270
- Right click 270
- Commander switch icon 271
- Tch icon member swi 272
- Candidate switch icon 273
- Menu bar 274
- Configuration file backup restore 275
- Firmware upgrade 275
- Appendix a 276
- Technical specifications 276
- And connectors 278
- Appendix b 278
- Cables 278
- Appendix c 279
- Cable lengths 279
- Glossary 280
- International offices 283
- After an rma number is issued the defective product must be packaged securely in the original or other suitable shipping package to ensure that it will not be damaged in transit and the rma number must be prominently marked on the outside of the package the package must be mailed or otherwise shipped to d link with all costs of mailing shipping insurance prepaid d link shall never be responsible for any software firmware information or memory data of purchaser contained in stored on or integrated with any product returned to d link pursuant to this warranty 284
- Hardware 284
- Limitation of liability 284
- Limited warranty 284
- Warranties exclusive 284
- D link offices for registration and warranty service 285
- Software 285
- Register online your d link product at http support dlink com register 288
- Answers to the following questions help us to support your product 289
- Computer e g compaq 486 289
- Computer serial no 289
- How many employees work at installation site 289
- Print type or use block letters 289
- Product installed in 289
- Product model product serial no product installed in type of 289
- Product was purchased from 289
- Registration card 289
- What applications are used on your network 289
- What category best describes your company 289
- What network management program does your organization use 289
- What network medium media does your organization use 289
- What network operating system s does your organization use 289
- What network protocol s does your organization use 289
- Where and how will the product primarily be used 289
- Would you recommend your d link product to a friend 289
- Your comments on this product _______________________________________________________________________________________ 289
Похожие устройства
- LG LH-T3635X Инструкция по эксплуатации
- Akai TN-3306P Инструкция по эксплуатации
- Viking GE 345 Инструкция по эксплуатации
- Electrolux EMS 20405 X Инструкция по эксплуатации
- D-Link DNS-1100-04 Инструкция по эксплуатации
- LG LH-T3630X Инструкция по эксплуатации
- Akai TN-3245P Инструкция по эксплуатации
- Yamaha EMX-212S Инструкция по эксплуатации
- Craftsman 29802 Инструкция по эксплуатации
- Elenberg MGC-9025D Инструкция по эксплуатации
- LG LH-T3605X Инструкция по эксплуатации
- Yamaha EMX-312SC Инструкция по эксплуатации
- Akai TN-3174P Инструкция по эксплуатации
- D-Link DNS-1200-05 Инструкция по эксплуатации
- Patriot -Garden T 6,5/800 FB PG California Инструкция по эксплуатации
- Mystery MCO-1503 Инструкция по эксплуатации
- Akai TN-3061P Инструкция по эксплуатации
- D-Link DNS-325 Инструкция по эксплуатации
- Elitech КБ 52 Инструкция по эксплуатации
- Yamaha EMX-5014C Инструкция по эксплуатации