![D-Link DGS-3312SR [69/290] Port based network access control](/img/pdf.png)
D-Link DGS-3312SR [69/290] Port based network access control
![D-Link DGS-3312SR [69/290] Port based network access control](/views2/1013280/page69/bg45.png)
DGS-3312SR Stackable Gigabit Layer 3 Switch
The D-Link implementation
on the Switch, which are:
1. Port-Based Access
server to allow the r
2. MAC-Based Acces Switch will automatically learn up to three MAC addresses
by port and set the must be authenticated by the Switch using a remote RADIUS
server before being allowed access to the Network.
Understanding 802.1x Port-based and MAC-based Network Access Control
T nt behind th
s ent in suc ore than two devices attached to it, one of which is a Bridge Port.
The Bridge Port detects events that indicate the attachment of an active device at the remote end of the link, or an active
d nactive. T
a attached ort-Based Network Access Control.
of 802.1x allows network administrators to choose between two types of Access Control used
Control – This method requires only one user to be authenticated per port by a remote RADIUS
emaining users on the same port access to the network.
s Control – Using this method, the
m in a list. Each MAC address
he original inte
ingle LAN segm
e development of 802.1X was to leverage the characteristics of point-to-point in LANs. As any
h infrastructures has no m
evice becoming i
uthenticating the
hese events can be used to control the authorization state of the Port and initiate the process of
device if the Port is unauthorized. This is the P
Port-Based Network Access Control
…
802.1X
Client
802.1X
Client
802.1X
Client
802.1X
Client
802.1X
Client
802.1X
Client
802.1X
Client
802.1X
Client
802.1X
Client
Network access controlled port
Network access uncontrolled port
RADIUS
Server
Ethernet Switch
Figure 4- 18. Example of Typical Port-Based Configuration
Once the connected device has successfully been authenticated, the Port then becomes Authorized, and all subsequent
traffic on the Port is not subject to access control restriction until an event occurs that causes the Port to become
Unauthorized. Hence, if the Port is actually connected to a shared media LAN segment with more than one attached device,
successfully authenticating one of the attached devices effectively provides access to the LAN for all devices on the shared
segment. Clearly, the security offered in this situation is open to attack.
56
Содержание
- D link dgs 3312sr 1
- Manual 1
- Port gigabit layer 3 stackable switch 1
- Release iii 1
- Table of contents 3
- About this manual 9
- Bold font 9
- Intended readers 9
- Typographical conventions 9
- Notes notices and cautions 10
- Safety cautions 10
- Safety instructions 10
- General p 11
- General precautions for rack mountable products 11
- Recautions for rack mountable products 11
- Protecting against electrostatic discharge 13
- Features 14
- Front panel components 14
- Introduction 14
- Section 1 14
- Switch description 14
- Front panel components 16
- Led indicators 16
- Stacking led indicators 17
- Rear panel description 18
- Rps connector 18
- Dem 340mg sfp mini gbic module 19
- Dem 340t 1000base t module 19
- Plug in modules 19
- Dem 540 ieee 1394 stacking module 20
- I ch stacking 20
- Restrictions and cautions for stacking 20
- Command line console interface through the serial port or telnet 22
- Ement interface 22
- Management options 22
- Snmp based management 22
- Web based manag 22
- Before you connect to the network 23
- Package contents 23
- Section 2 23
- St llation 23
- Installing the switch in a rack 24
- Installing the switch without the rack 24
- Mounting the switch in a standard 19 rack 25
- Cting stacked switch groups 26
- G connections with ieee 1394 ethernet 26
- Stackin cabling and fiber optic transceiver cabling 26
- Configuring a switch group for stacking 27
- It i display for switches in a switch stack 28
- Externa 29
- L redundant power system 29
- Connecting the console port 30
- Password protection 30
- Snmp settings 32
- Ip address assignment 33
- Connecting devices to the switch 34
- Basic switch management 35
- Before you start 35
- Gene al de 35
- R ployment strategy 35
- Section 3 35
- Efining static routes 36
- Vlan setup 36
- Areas of the user interface 37
- Web based user interface 37
- Login to web manager 38
- Web pages and fo 38
- Basic setup 39
- Switch ip settings 39
- Witch information 39
- Ddre nso 41
- Setting the switch s ip a ss using the co le interface 41
- Security ip management stations configuration 42
- User account management 42
- Admin and user privileges 43
- Factory reset 44
- Save changes 44
- Restart system 45
- Advanced settings 46
- Configure stacking 48
- Switch stack management 48
- Basic configuration 51
- Section 4 51
- Ip address 52
- Itch information 52
- Setting the switch s ip address using the console interface 54
- Advanced settings 55
- Port configuration 57
- Port description 59
- Port mirroring 60
- Traffic control 61
- Link aggregation 62
- Understanding port trunk groups 62
- Lacp port settings 64
- Authentication server 66
- Port access entity 802 x 66
- X port based and mac based access control 66
- Authenticator 67
- Authentication process 68
- Client 68
- Port based network access control 69
- Understanding 802 x port based and mac based network access control 69
- Ethernet switch 70
- Mac based network access control 70
- Network access controlled port 70
- Network access uncontrolled port 70
- Radius server 70
- X authenticator settings 71
- Pae system control 73
- X capability settings 73
- Initializing ports for port based 802 x 74
- Initializing ports for mac based 802 x 75
- Ort s for port based 802 x 76
- Reauthenticate p 76
- Mac based 802 x 77
- Reauthenticate port s for 77
- Radius serv 78
- Radius server 78
- Igmp snooping 79
- Igmp snooping configuration 79
- Static router ports 81
- Ing tree 83
- Port transition states 83
- S mstp 83
- Spanning tree 83
- W rapid spann 83
- D 802 w 802 s compa 84
- Edge port 84
- P2p port 84
- Tibility 84
- Stp bridge global settings 85
- Mst configuration table 88
- Msti settings 91
- Stp instance settings 92
- Stp port settings 94
- Forwarding 96
- Forwarding filtering 96
- Unicast 96
- Multicast forwarding 97
- Assigning ip network addresses and subnet masks to vlans 98
- Layer 3 based vlans 98
- Planning vlan layout 98
- Understanding 802 q vlans 98
- Vlans in layer 2 98
- Ieee 802 q vlans 99
- Q vlan packet forwarding 99
- Q vlan tags 99
- Port vlan id 100
- Ingress filtering 101
- Tagging and untagging 101
- Q static vlans 102
- Gvrp settings 105
- The advantages of qos 107
- Understanding qos 108
- P default priority 109
- P user priority 109
- Eduling configuration 110
- Qos output sch 110
- Traffic segmentation 111
- Port bandwidth 112
- Ion global settings 113
- Mac notificat 113
- Mac notification 113
- Mac notification port settings 114
- Onfiguration 115
- Port sec 115
- Port security c 115
- Port lock entry delete 116
- Port security clear 116
- System log server 117
- Sntp settings 119
- Time setting 119
- Time zone and dst settings 120
- Access profile table 122
- L3 global advanced settings 133
- Layer 3 ip networking 133
- Section 5 133
- Ip interface settings 134
- Md5 key settings 136
- Route redistribution settings 137
- Static default route settings 139
- Static arp settings 140
- Rip global 143
- Rip interface settings 143
- Setting 143
- Introduction to ospf 145
- Link state algorithm 145
- Ospf cost 145
- Shortest path algorithm 145
- Router a 146
- Router b 146
- Router c 146
- Router d 146
- Shortest path tree 146
- 13 1 222 11 0 147
- Areas and border routers 147
- Link state packets 147
- Router a 147
- Router b 147
- Router c 147
- Areas not physically connected to area 0 148
- Backbone and area 0 148
- Message digest authentication md 5 148
- Ospf authentication 148
- Partitioning the backbo 148
- Simple password authentication 148
- Virtual links 148
- Adjacencies 149
- Building adjacency 149
- Designated router election 149
- Neighbors 149
- Adjacencies on point to point 150
- Interfaces 150
- Ospf packet formats 150
- Ospf packet header 150
- Hello packet 151
- Database description packet 152
- Link state request packet 153
- State request packet 153
- Link state acknowledgment p 154
- Link state update packet 154
- Link isement for 155
- Link state acknowledgment packet 155
- Link state advertisement header 155
- State advert mats 155
- Dgs 3312sr stackable gigabit layer 3 switch 156
- State advertisement header 156
- Router links advertisements 157
- Etwork li tisements 159
- N nks adver 159
- Summary link advertisements 159
- Autonomous s 160
- S external link advertisements 160
- Ospf area id settings 162
- Ospf general setting 162
- Ospf interface settings 164
- Ospf virtual interface settings 166
- Ospf area aggregation settings 168
- Ospf host route settings 169
- Dhcp bootp relay 170
- Information 170
- Dhcp bootp re 171
- Lay settings 171
- Dns relay 172
- Dns relay ation 172
- Inform 172
- Dns relay static settings 173
- Vrrp configuration 174
- Vrrp interface settings 175
- Vrrp interface settings 176
- Vrrp interface entry display 178
- Igmp versions 1 and 2 180
- Ip multicast 180
- Igmp interface configuration 182
- Igmp interface settings 182
- Dvmrp global setting 184
- Dvmrp interface settings 184
- Lobal setting 186
- Pim dm g 186
- Pim dm interface settings 186
- Section 6 188
- Security 188
- Trusted host 188
- Download certificate 189
- Layer ssl 189
- Secure socket 189
- Configuration 190
- H onfiguration 192
- Secure shell ssh 192
- Ssh algorithm 194
- Ssh user authentication 196
- Access authentication control 198
- Policy paramet 199
- Application authentication settings 200
- Authentication s 201
- Erver group 201
- Authentication server host 203
- Login method lists 205
- Enable method lists 207
- Local enable password 209
- Enable admin 210
- Management 211
- Section 7 211
- User accounts 211
- Admin and user privileges 212
- Snmp settings 212
- Snmp user table 213
- Snmp user table display 214
- Snmp view table 216
- Mp group table 217
- Snmp community table 219
- Snmp host table 220
- Snmp engine id 221
- Monitoring 222
- Section 8 222
- Stack information 223
- Ort util 226
- P ization 226
- Cpu utilization 227
- Packets 228
- R ived packet 228
- Received unicas 230
- T multicast broadcast packets 230
- Transmitted packe 232
- Errors 234
- Received errors 234
- Transmitted errors 236
- Packet size 238
- Mac address 240
- Switch history log 242
- Igmp snooping table 243
- Igmp snooping forwarding 244
- Vlan status 245
- Router port 246
- Session table 247
- Layer 3 feature 248
- Traceroute 248
- Browse ip address table 249
- Browse arp table 250
- Browse routing table 250
- Browse igmp group table 251
- Browse ip multicast forwarding table 251
- Browse ospf lsdb table 252
- Ospf monitor 252
- Browse ospf neighbor table 253
- Brows sp 254
- E o f virtual neighbor table 254
- Browse dvmrp neighbor address table 255
- Browse dvmrp routing 255
- Dvmrp monitor 255
- Browse dvmrp routing next hop table 256
- Browse pim neighbor address table 257
- Pim monitor 257
- Download firmware 258
- Maintenance 258
- Section 9 258
- Tftp services 258
- Download configuration file 259
- Upload configuration 259
- Upload log 259
- Ping test 260
- Save changes 260
- Factory reset 261
- Restart system 262
- Section 10 263
- Single ip management 263
- Sim settings 265
- Opology 266
- Tool tips 269
- Group icon 270
- Right click 270
- Commander switch icon 271
- Tch icon member swi 272
- Candidate switch icon 273
- Menu bar 274
- Configuration file backup restore 275
- Firmware upgrade 275
- Appendix a 276
- Technical specifications 276
- And connectors 278
- Appendix b 278
- Cables 278
- Appendix c 279
- Cable lengths 279
- Glossary 280
- International offices 283
- After an rma number is issued the defective product must be packaged securely in the original or other suitable shipping package to ensure that it will not be damaged in transit and the rma number must be prominently marked on the outside of the package the package must be mailed or otherwise shipped to d link with all costs of mailing shipping insurance prepaid d link shall never be responsible for any software firmware information or memory data of purchaser contained in stored on or integrated with any product returned to d link pursuant to this warranty 284
- Hardware 284
- Limitation of liability 284
- Limited warranty 284
- Warranties exclusive 284
- D link offices for registration and warranty service 285
- Software 285
- Register online your d link product at http support dlink com register 288
- Answers to the following questions help us to support your product 289
- Computer e g compaq 486 289
- Computer serial no 289
- How many employees work at installation site 289
- Print type or use block letters 289
- Product installed in 289
- Product model product serial no product installed in type of 289
- Product was purchased from 289
- Registration card 289
- What applications are used on your network 289
- What category best describes your company 289
- What network management program does your organization use 289
- What network medium media does your organization use 289
- What network operating system s does your organization use 289
- What network protocol s does your organization use 289
- Where and how will the product primarily be used 289
- Would you recommend your d link product to a friend 289
- Your comments on this product _______________________________________________________________________________________ 289
Похожие устройства
- LG LH-T3635X Инструкция по эксплуатации
- Akai TN-3306P Инструкция по эксплуатации
- Viking GE 345 Инструкция по эксплуатации
- Electrolux EMS 20405 X Инструкция по эксплуатации
- D-Link DNS-1100-04 Инструкция по эксплуатации
- LG LH-T3630X Инструкция по эксплуатации
- Akai TN-3245P Инструкция по эксплуатации
- Yamaha EMX-212S Инструкция по эксплуатации
- Craftsman 29802 Инструкция по эксплуатации
- Elenberg MGC-9025D Инструкция по эксплуатации
- LG LH-T3605X Инструкция по эксплуатации
- Yamaha EMX-312SC Инструкция по эксплуатации
- Akai TN-3174P Инструкция по эксплуатации
- D-Link DNS-1200-05 Инструкция по эксплуатации
- Patriot -Garden T 6,5/800 FB PG California Инструкция по эксплуатации
- Mystery MCO-1503 Инструкция по эксплуатации
- Akai TN-3061P Инструкция по эксплуатации
- D-Link DNS-325 Инструкция по эксплуатации
- Elitech КБ 52 Инструкция по эксплуатации
- Yamaha EMX-5014C Инструкция по эксплуатации