![D-Link DWS-3160-24TC [243/505] Ssl settings](/img/pdf.png)
D-Link DWS-3160-24TC [243/505] Ssl settings
![D-Link DWS-3160-24TC [243/505] Ssl settings](/views2/1203459/page243/bgf3.png)
DWS-3160 Series Gigabit Ethernet Unified Switch Web UI Reference Guide
238
The fields that can be configured are described below:
Parameter Description
Old Local Enable
Password
If a password was previously configured for this entry, enter it here in order to change
it to a new password
New Local Enable
Password
Enter the new password that you wish to set on the Switch to authenticate users
attempting to access Administrator Level privileges on the Switch. The user may set a
password of up to 15 characters.
Confirm Local Enable
Password
Confirm the new password entered above. Entering a different password here from
the one set in the New Local Enabled field will result in a fail message.
Click the Apply button to accept the changes made.
SSL Settings
Secure Sockets Layer, or SSL, is a security feature that will provide a secure communication path between a host
and client through the use of authentication, digital signatures and encryption. These security functions are
implemented through the use of a cipher suite, which is a security string that determines the exact cryptographic
parameters, specific encryption algorithms and key sizes to be used for an authentication session and consists of
three levels:
1 Key Exchange: The first part of the Cipher suite string specifies the public key algorithm to be used. This
switch utilizes the Rivest Shamir Adleman (RSA) public key algorithm and the Digital Signature Algorithm
(DSA), specified here as the DHE DSS Diffie-Hellman (DHE) public key algorithm. This is the first
authentication process between client and host as they “exchange keys” in looking for a match and
therefore authentication to be accepted to negotiate encryptions on the following level.
2 Encryption: The second part of the cipher suite that includes the encryption used for encrypting the
messages sent between client and host. The Switch supports two types of cryptology algorithms:
Stream Ciphers – There are two types of stream ciphers on the Switch, RC4 with 40-bit keys and RC4 with
128-bit keys. These keys are used to encrypt messages and need to be consistent between client and host
for optimal use.
CBC Block Ciphers – CBC refers to Cipher Block Chaining, which means that a portion of the previously
encrypted block of encrypted text is used in the encryption of the current block. The Switch supports the
3DES EDE encryption code defined by the Data Encryption Standard (DES) to create the encrypted text.
3 Hash Algorithm: This part of the cipher suite allows the user to choose a message digest function which
will determine a Message Authentication Code. This Message Authentication Code will be encrypted with a
sent message to provide integrity and prevent against replay attacks. The Switch supports two hash
algorithms, MD5 (Message Digest 5) and SHA (Secure Hash Algorithm).
These three parameters are uniquely assembled in four choices on the Switch to create a three-layered encryption
code for secure communication between the server and the host. The user may implement any one or combination
of the cipher suites available, yet different cipher suites will affect the security level and the performance of the
secured connection. The information included in the cipher suites is not included with the Switch and requires
downloading from a third source in a file form called a certificate. This function of the Switch cannot be executed
without the presence and implementation of the certificate file and can be downloaded to the Switch by utilizing a
TFTP server. The Switch supports SSLv3. Other versions of SSL may not be compatible with this Switch and may
cause problems upon authentication and transfer of messages from client to host.
The SSL Settings window located on the next page will allow the user to enable SSL on the Switch and implement
any one or combination of listed cipher suites on the Switch. A cipher suite is a security string that determines the
exact cryptographic parameters, specific encryption algorithms and key sizes to be used for an authentication
session. The Switch possesses four possible cipher suites for the SSL function, which are all enabled by default.
To utilize a particular cipher suite, disable the unwanted cipher suites, leaving the desired one for authentication.
When the SSL function has been enabled, the web will become disabled. To manage the Switch through the web
based management while utilizing the SSL function, the web browser must support SSL encryption and the header
of the URL must begin with https://. (Ex. https://xx.xx.xx.xx) Any other method will result in an error and no access
can be authorized for the web-based management.
Содержание
- Dws 3160 series gigabit ethernet unified switch web ui reference guide 2
- Section 1 web based switch configuration 2 3
- Section 2 lan 6 3
- Table of contents 3
- Appendices 468 5
- Section 3 wlan 312 5
- Section 4 save and tools 460 5
- Intended readers 6
- Notes notices and cautions 6
- Typographical conventions 6
- Chapter 1 introduction 7
- Chapter 2 login to the web manager 7
- Configuration 7
- Section 1 web based switch 7
- Section 1 web based switch configuration 7
- Areas of the user interface 8
- Chapter 3 web based user interface 8
- Chapter 4 web pages 9
- Chapter 1 system configuration 11
- Device information 11
- Section 2 lan 11
- Port configuration 12
- Port settings 12
- System information settings 12
- Port description settings 14
- Jumbo frame settings 15
- Port error disabled 15
- Poe system settings 16
- Poe port settings 17
- Serial port settings 19
- Warning temperature settings 19
- System log configuration 20
- System log server settings 20
- System log settings 20
- System log 21
- System log trap settings 22
- System severity settings 22
- Time range settings 23
- Port group settings 24
- Time settings 24
- User accounts settings 25
- Command logging settings 26
- Chapter 2 management 27
- Proxy arp settings 27
- Static arp settings 27
- Arp table 28
- Gratuitous arp 28
- Gratuitous arp global settings 29
- Gratuitous arp settings 29
- Ipv6 neighbor settings 30
- Ip interface 31
- System ip address settings 31
- Interface settings 33
- Management settings 35
- Session table 36
- Single ip management 37
- Single ip settings 38
- Topology 39
- Firmware upgrade 45
- Configuration file backup restore 46
- Snmp settings 46
- Upload log file 46
- Snmp global settings 47
- Snmp linkchange traps settings 48
- Snmp traps settings 48
- Snmp view table settings 49
- Snmp community table settings 50
- Snmp engine id settings 51
- Snmp group table settings 51
- Snmp user table settings 52
- Snmp host table settings 53
- Snmpv6 host table settings 53
- Rmon settings 54
- Telnet settings 55
- Web settings 55
- Chapter 3 l2 features 56
- Q vlan tags 58
- Q vlan settings 61
- V protocol group settings 64
- V protocol vlan 64
- V protocol vlan settings 65
- Asymmetric vlan settings 66
- Gvrp global settings 66
- Gvrp port settings 67
- Mac based vlan settings 68
- Private vlan settings 68
- Pvid auto assign settings 70
- Voice vlan 70
- Voice vlan global settings 70
- Voice vlan oui settings 71
- Voice vlan port settings 71
- Vlan trunk settings 72
- Voice vlan device 72
- Browse vlan 73
- Show vlan ports 74
- Qinq settings 76
- Vlan translation settings 76
- Q 2005 mstp 77
- Spanning tree 77
- D 2004 rapid spanning tree 78
- Stp bridge global settings 79
- Stp port settings 80
- Mst configuration identification 82
- Stp instance settings 82
- Mstp port information 83
- Link aggregation 84
- Port trunking settings 85
- Lacp port settings 86
- Multicast static fdb settings 87
- Static fdb settings 87
- Unicast static fdb settings 87
- Mac notification settings 88
- Mac address aging time settings 89
- Arp fdb table 90
- Mac address table 90
- Igmp snooping 91
- Igmp snooping settings 91
- L2 multicast control 91
- Igmp snooping rate limit settings 94
- Igmp snooping static group settings 94
- Igmp router port 95
- Igmp snooping forwarding table 96
- Igmp snooping group 96
- Igmp snooping counter 97
- Igmp host table 98
- Mld snooping 99
- Mld snooping settings 100
- Mld snooping rate limit settings 102
- Mld snooping static group settings 102
- Mld router port 103
- Mld snooping group 104
- Mld snooping counter 105
- Mld snooping forwarding table 105
- Mld host table 106
- Igmp multicast group profile settings 107
- Multicast vlan 107
- Igmp snooping multicast vlan settings 108
- Mld multicast group profile settings 110
- Mld snooping multicast vlan settings 111
- Ipv4 multicast filtering 113
- Ipv4 multicast profile settings 113
- Multicast filtering 113
- Ipv4 limited multicast range settings 114
- Ipv4 max multicast group settings 115
- Ipv6 multicast filtering 115
- Ipv6 multicast profile settings 115
- Ipv6 limited multicast range settings 116
- Ipv6 max multicast group settings 117
- Erps settings 118
- Multicast filtering mode 118
- Lldp global settings 122
- Lldp port settings 123
- Lldp basic tlvs settings 124
- Lldp management address list 124
- Lldp dot1 tlvs settings 125
- Lldp dot3 tlvs settings 126
- Lldp statistic system 127
- Lldp local port information 128
- Lldp remote port information 129
- Nlb fdb settings 130
- Chapter 4 l3 features 131
- Ipv4 static default route settings 131
- Ipv4 route table 132
- Ipv6 static default route settings 132
- Ip forwarding table 133
- Vrrp global settings 134
- Vrrp virtual router settings 134
- Vrrp authentication settings 136
- Chapter 5 qos 138
- P default priority settings 139
- P settings 139
- P user priority settings 140
- Bandwidth control 141
- Bandwidth control settings 141
- Queue bandwidth control settings 142
- Traffic control settings 143
- Dscp trust settings 145
- Dscp map settings 146
- Hol blocking prevention 147
- Qos scheduling 147
- Scheduling settings 147
- Qos scheduling mechanism 148
- Acl configuration wizard 150
- Chapter 6 acl 150
- Access profile list 151
- Add an ethernet acl profile 152
- Adding an ipv4 acl profile 155
- Adding an ipv6 acl profile 159
- Adding a packet content acl profile 163
- Cpu access profile list 167
- Adding a cpu ethernet acl profile 168
- Adding a cpu ipv4 acl profile 171
- Adding a cpu ipv6 acl profile 175
- Adding a cpu packet content acl profile 178
- Acl finder 181
- Acl flow meter 181
- Egress access profile list 184
- Add an ethernet acl profile 185
- Adding an ipv4 acl profile 189
- Adding an ipv6 acl profile 192
- Egress acl flow meter 196
- Chapter 7 security 199
- X global settings 202
- X port settings 203
- X user settings 204
- Guest vlan settings 205
- Authenticator state 206
- Authenticator session statistics 207
- Authenticator statistics 207
- Authenticator diagnostics 208
- Initialize port s 209
- Reauthenticate port s 210
- Authentication radius server settings 211
- Radius 211
- Radius accounting settings 212
- Radius authentication 212
- Radius account client 214
- Ip mac port binding impb 215
- Impb global settings 216
- Impb port settings 216
- Impb entry settings 218
- Mac block list 218
- Dhcp snooping 219
- Dhcp snooping entry 219
- Dhcp snooping maximum entry settings 219
- Mac based access control mac 220
- Mac based access control settings 220
- Mac based access control local settings 222
- Compound authentication 223
- Mac based access control authentication state 223
- Compound authentication settings 224
- Compound authentication guest vlan settings 225
- Port security 226
- Port security settings 226
- Port security vlan settings 227
- Arp spoofing prevention settings 228
- Port security entries 228
- Bpdu attack protection 229
- Loopback detection settings 230
- Traffic segmentation settings 231
- Netbios filtering settings 232
- Dhcp server screening 233
- Dhcp server screening port settings 233
- Dhcp offer permit entry settings 234
- Access authentication control 235
- Enable admin 236
- Application authentication settings 237
- Authentication policy settings 237
- Authentication server group settings 238
- Authentication server settings 239
- Login method lists settings 240
- Enable method lists settings 241
- Local enable password settings 242
- Ssl settings 243
- Ssh settings 245
- Ssh authentication method and algorithm settings 246
- Ssh user authentication list 248
- Safeguard engine settings 249
- Trusted host settings 249
- Captive portal cp 251
- Global configuration 251
- Cp configuration 252
- Local user 259
- Cp status 262
- Interface association 262
- Interface status 264
- Client connection status 265
- Snmp trap configuration 269
- Chapter 8 network application 271
- Dhcp relay 271
- Dhcp relay global settings 271
- Dhcp relay interface settings 273
- Dhcp relay option 60 server settings 274
- Dhcp relay option 60 settings 274
- Dhcp relay option 61 settings 275
- Dhcp local relay settings 276
- Sntp settings 277
- Time zone settings 277
- Flash file system settings 279
- Cfm settings 281
- Chapter 9 oam 281
- Cfm loopback settings 287
- Cfm mipccm table 287
- Cfm port settings 287
- Cfm linktrace settings 288
- Cfm packet counter 289
- Cfm fault table 290
- Cfm mp table 291
- Ethernet oam 291
- Ethernet oam settings 291
- Ethernet oam configuration settings 292
- Ethernet oam event log 293
- Ethernet oam statistics 294
- Cable diagnostics 295
- Chapter 10 monitoring 297
- Cpu utilization 297
- Dram flash utilization 297
- Utilization 297
- Port utilization 298
- Statistics 298
- Packets 299
- Port statistics 299
- Received rx 299
- Umb_cast rx 300
- Transmitted tx 302
- Errors 303
- Received rx 303
- Transmitted tx 305
- Packet size 306
- Mirror 308
- Port mirror settings 308
- Rspan settings 309
- Sflow global settings 310
- Sflow analyzer server settings 311
- Sflow flow sampler settings 311
- Sflow counter poller settings 312
- Ping test 313
- Trace route 314
- Device environment 315
- Peripheral 315
- Chapter 11 save and tools 316
- Captive portal cp 317
- Chapter 1 security 317
- Global configuration 317
- Section 3 wlan 317
- Cp configuration 318
- Local user 324
- Cp status 327
- Interface association 327
- Interface status 329
- Client connection status 330
- Snmp trap configuration 334
- Chapter 2 monitoring 336
- Global 336
- Peer switch 344
- Access point 347
- All ap status 347
- Managed ap status 349
- Ap authentication failure status 363
- Ap rf scan status 364
- Ap de authentication attack status 368
- Associated clients 368
- Client 368
- Detected clients 379
- Access control lists 387
- Ad hoc clients 387
- Ip access control lists 387
- Ipv6 access control lists 390
- Mac access control lists 391
- Class summary 392
- Differentiated services 392
- Policy summary 392
- Policy attribute summary 393
- Basic setup 395
- Chapter 3 administration 395
- Ap management 407
- Ap reboot 407
- Rf management 407
- Software download 412
- Advanced settings 413
- Ap provisioning 414
- Advanced configuration 416
- Global 416
- Networks 419
- Ap profiles 424
- Peer switch 434
- Wids security 436
- Clients 440
- Known clients 440
- Switch provisioning 441
- Access control lists 443
- Chapter 4 qos 443
- Ip access control lists 443
- Ipv6 access control lists 450
- Mac access control lists 453
- Class configuration 456
- Differentiated services 456
- Diffserv configuration 456
- Policy configuration 458
- Policy class definition 459
- Chapter 5 network visualization 462
- Download image 462
- Launch 462
- Chapter 1 save 465
- Save configuration log 465
- Section 4 save and tools 465
- Chapter 2 tools 466
- Download firmware 466
- Download firmware from http 466
- Download firmware from tftp 466
- License management 466
- Download configuration 467
- Upload firmware 467
- Upload firmware to tftp 467
- Download configuration from http 468
- Download configuration from tftp 468
- Upload configuration 468
- Upload configuration to http 469
- Upload configuration to tftp 469
- Upload log file 469
- Upload log to http 470
- Upload log to tftp 470
- Reboot system 471
- Appendices 473
- Appendix a mitigating arp spoofing attacks 473
- Appendix a mitigating arp spoofing attacks using packet content acl 473
- How address resolution protocol works 473
- Using packet content acl 473
- How arp spoofing attacks a network 475
- Configuration 476
- Prevent arp spoofing via packet content acl 476
- Appendix b password recovery procedure 479
- Appendix c system log entries 480
- Dws 3160 series gigabit ethernet unified switch web ui reference guide 480
- The following table lists all possible entries and their corresponding meanings that will appear in the system log of this switch 480
- Dws 3160 series gigabit ethernet unified switch web ui reference guide 481
- Dws 3160 series gigabit ethernet unified switch web ui reference guide 482
- Dws 3160 series gigabit ethernet unified switch web ui reference guide 483
- Dws 3160 series gigabit ethernet unified switch web ui reference guide 484
- Dws 3160 series gigabit ethernet unified switch web ui reference guide 485
- Dws 3160 series gigabit ethernet unified switch web ui reference guide 486
- Dws 3160 series gigabit ethernet unified switch web ui reference guide 487
- Dws 3160 series gigabit ethernet unified switch web ui reference guide 488
- Dws 3160 series gigabit ethernet unified switch web ui reference guide 489
- Dws 3160 series gigabit ethernet unified switch web ui reference guide 490
- Appendix d trap log entries 491
- Dws 3160 series gigabit ethernet unified switch web ui reference guide 491
- This table lists the trap logs found on the switch 491
- Dws 3160 series gigabit ethernet unified switch web ui reference guide 492
- Dws 3160 series gigabit ethernet unified switch web ui reference guide 493
- Dws 3160 series gigabit ethernet unified switch web ui reference guide 494
- Appendix e radius attributes assignment 495
- Appendix f wireless switch specific 502
Похожие устройства
- Xiaomi Mi Drone 1080P Инструкция по эксплуатации
- D-Link DWS-4026 Брошюра
- D-Link DWS-4026 Руководство пользователя. Версия 1.0
- D-Link DWS-4026 Руководство пользователя. Версия 2.0
- D-Link DMC-1910R Руководство пользователя
- Hotpoint-Ariston FK 838J C AN Инструкция по эксплуатации
- Hotpoint-Ariston LSFF 9H124 CX Инструкция по эксплуатации
- Hotpoint-Ariston BD 2922 EU/HA Инструкция по эксплуатации
- Hotpoint-Ariston WK 22M DSL0 Инструкция по эксплуатации
- Hotpoint-Ariston 7HKRD 640 B RU/HA Инструкция по эксплуатации
- Hotpoint-Ariston 7HKRD 640 X RU/HA Инструкция по эксплуатации
- Hotpoint-Ariston WMSG 600 B Инструкция по эксплуатации
- Hotpoint-Ariston II E75 AA0 Инструкция по эксплуатации
- Hotpoint-Ariston WML 708 Инструкция по эксплуатации
- Hotpoint-Ariston II DC60 AA0 Инструкция по эксплуатации
- Hotpoint-Ariston OL 1038 LI RFH (CF) BR Инструкция по эксплуатации
- Hotpoint-Ariston SL B16 APR Инструкция по эксплуатации
- Hotpoint-Ariston FK1041LP.20 X/HA(DS) Инструкция по эксплуатации
- Hotpoint-Ariston SL C20 AA0 Инструкция по эксплуатации
- Hotpoint-Ariston FK1041LP.20 X/HA(CF) Инструкция по эксплуатации