![D-Link DGS-3048 [98/147] Access authentication control](/img/pdf.png)
D-Link DGS-3048 [98/147] Access authentication control
![D-Link DGS-3048 [98/147] Access authentication control](/views2/1043638/page98/bg62.png)
DGS-3048 Gigabit Ethernet Switch Manual
Trusted Host
Go to the Security folder and click on the Trusted Host link; the following window will appear.
.
Figure 10- 9.Security IP Management Window
Use security IP management to permit remote stations to manage the Switch. If you choose to define one or more
designated management stations, only the chosen stations, as defined by IP address, will be allowed management privilege
through the web manager or Telnet session. To define a management station IP setting, type in the IP address and click the
Apply button.
Access Authentication Control
The TACACS+ / RADIUS commands let you secure access to the Switch using the / TACACS+ / RADIUS protocols.
When a user logs in to the Switch or tries to access the administrator level privilege, he or she is prompted for a password. If
TACACS+ / RADIUS authentication is enabled on the Switch, it will contact a TACACS+ / RADIUS server to verify the
user. If the user is verified, he or she is granted access to the Switch.
There are currently three versions of the TACACS security protocol, each a separate entity. The Switch's software supports
the following versions of TACACS:
• TACACS+ (Terminal Access Controller Access Control System plus) - Provides detailed access control for
authentication for network devices. TACACS+ is facilitated through Authentication commands via one or more
centralized servers. The TACACS+ protocol encrypts all traffic between the Switch and the TACACS+ daemon,
using the TCP protocol to ensure reliable delivery
In order for the TACACS+ / RADIUS security function to work properly, a TACACS+ / RADIUS server must be
configured on a device other than the Switch, called an Authentication Server Host and it must include usernames and
passwords for authentication. When the user is prompted by the Switch to enter usernames and passwords for authentication,
the Switch contacts the TACACS+ / RADIUS server to verify, and the server will respond with one of three messages:
• The server verifies the username and password, and the user is granted normal user privileges on the Switch.
• The server will not accept the username and password and the user is denied access to the Switch.
• The server doesn't respond to the verification query. At this point, the Switch receives the timeout from the server
and then moves to the next method of verification configured in the method list.
The Switch has four built-in
Authentication Server Groups, one for each of the TACACS+ and RADIUS protocols. These
built-in Authentication Server Groups are used to authenticate users trying to access the Switch. The users will set
Authentication Server Hosts in a preferable order in the built-in Authentication Server Groups and when a user tries to gain
access to the Switch, the Switch will ask the first Authentication Server Hosts for authentication. If no authentication is
made, the second server host in the list will be queried, and so on. The built-in Authentication Server Groups can only have
hosts that are running the specified protocol. For example, the TACACS Authentication Server Groups can only have
TACACS Authentication Server Hosts.
The administrator for the Switch may set up six different authentication techniques per user-defined method list (TACACS+
/ RADIUS / local / none) for authentication. These techniques will be listed in an order preferable, and defined by the user
for normal user authentication on the Switch, and may contain up to eight authentication techniques. When a user attempts
to access the Switch, the Switch will select the first technique listed for authentication. If the first technique goes through its
Authentication Server Hosts and no authentication is returned, the Switch will then go to the next technique listed in the
server group for authentication, until the authentication has been verified or denied, or the list is exhausted.
86
Содержание
- D link dgs 3048 managed 48 port gigabit ethernet switch 1
- Manual 1
- Table of contents 4
- Intended readers 8
- Notes notices and cautions 8
- Preface 8
- Safety cautions 9
- Safety instructions 9
- General precautions for rack mountable products 10
- Safety instructions continued 11
- Battery handling reminder 12
- Protecting against electrostatic discharge 12
- Features 13
- Introduction 13
- Management 13
- Performance features 13
- Desktop or shelf installation 15
- Installation 15
- Packing list 15
- Unpacking and setup 15
- Power on 16
- Rack installation 16
- External redundant power system 17
- Power failure 17
- Front panel 18
- Identifying external components 18
- Rear panel 18
- Side panels 18
- Led indicators 19
- Connecting the switch 20
- Switch to end node 20
- Switch to hub or switch 20
- Switch to core router switch 21
- Command line console interface through the serial port 22
- Connecting the console port rs 232 dce 22
- Introduction to switch management 22
- Management options 22
- Snmp based management 22
- Web based management interface 22
- First time connecting to the switch 23
- Password protection 24
- Ip address assignment 25
- Snmp settings 25
- Connecting devices to the switch 27
- Introduction 28
- Login to web manager 28
- Web based network management 28
- Area 3 30
- Areas of the user interface 30
- Web based user interface 30
- Switch information 31
- Administration 33
- Switch information 33
- Ip address 34
- Port configuration 35
- Port settings 35
- Port description 37
- User accounts 37
- Admin and user privileges 39
- Port mirroring 40
- System log settings 41
- Sntp settings 42
- Time setting 42
- Time zone and dst 44
- Tftp services 46
- Download firmware 47
- Snmp manager 48
- Snmp view table 48
- Snmp group table 49
- Snmp user table 50
- Snmp community table 52
- Snmp host table 53
- Snmp engine id 54
- Snmp trap configuration 54
- L2 features 56
- Notes about vlans on the dgs 3048 56
- Understanding ieee 802 p priority 56
- Vlan description 56
- Ieee 802 q vlans 57
- Q vlan tags 58
- Ingress filtering 60
- Port vlan id 60
- Tagging and untagging 60
- Default vlans 61
- Vlan and trunk groups 61
- Vlan status 61
- Static vlan entry 62
- Gvrp port settings 65
- Link aggregation 67
- Igmp snooping 69
- Current igmp snooping group entries 70
- Static router port entries 70
- Forwarding and filtering 72
- Unicast forwarding 72
- Multicast forwarding 73
- S mstp 74
- Spanning tree 74
- Edge port 75
- Port transition states 75
- W rapid spanning tree 75
- D 802 w 802 s compatibility 76
- P2p port 76
- Stp bridge global settings 76
- Stp port settings 78
- Mst configuration identification 79
- Mstp port information 82
- Advantages of qos 83
- Understanding qos 83
- Bandwidth control 85
- P default priority 86
- Traffic control 86
- P user priority 87
- Qos scheduling mechanism 88
- Qos output scheduling 89
- Port access entity 90
- Security 90
- X port based access control 90
- Authentication server 91
- Authenticator 91
- Authentication process 92
- Client 92
- Port based network access control 93
- X authenticator parameter 93
- Radius server 97
- Access authentication control 98
- Trusted host 98
- Application authentication settings 99
- Authentication server host 99
- Login method lists 101
- Enable method lists 103
- Configure local enable password 104
- Configuration 105
- Secure socket layer ssl 105
- Secure shell ssh 106
- Ssh algorithm 107
- Ssh configuration 107
- Cpu utilization 110
- Monitoring 110
- Port utilization 111
- Packets 112
- Received rx 112
- Umb cast rx 113
- Transmitted tx 114
- Router port 116
- Session table 116
- Mac address 117
- Port access control 117
- Radius authentication 117
- Igmp snooping forwarding 119
- Igmp snooping group 119
- Switch history log 120
- Reboot system 121
- Save changes 121
- Logout 122
- Appendix 123
- Technical specifications 123
- Cable lengths 125
- Glossary 126
- All countries and regions excluding usa 129
- Limitation of liability 129
- Warranties exclusive 129
- Warranty and registration information 129
- Wichtige sicherheitshinweise 129
- Hardware 130
- Limited warranty 130
- Software 130
- Fcc statement this equipment has been tested and found to comply with the limits for a class a digital device pursuant to part 15 of the fcc rules these limits are designed to provide reasonable protection against harmful interference in a commercial installation this equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communication however there is no guarantee that interference will not occur in a particular installation operation of this equipment in a residential environment is likely to cause harmful interference to radio or television reception if this equipment does cause harmful interference to radio or television reception which can be determined by turning the 132
- Equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures 133
- Product registration 134
- Ce emi class a warning 135
- Copyright statement 135
- D link europe limited product warranty 135
- General terms 135
- Geographical scope of the limited product warranty 135
- Limitation of product warranty 135
- Limited product warranty period 135
- Trademarks 135
- Performance of the limited product warranty 136
- Product type product warranty period 136
- Warrantor 136
- Www dlink com 136
- Allgemeine bedingungen 137
- D link europe limited produktgarantie 137
- Einschränkung der garantie 137
- Laufzeit der eingeschränkten garantie 137
- Produkttyp gewährleistungslaufzeit 137
- Räumlicher geltungsbereich der eingeschränkten garantie 137
- Die vorstehende garantie wurde in die deutsche sprache aus dem englischen übersetzt bei abweichungen zwischen der englischen version und der deutschen übersetzung gelten die bestimmungen der englischen version 138
- Garantiegeber 138
- Leistungsumfang der eingeschränkten garantie 138
- Www dlink com 138
- Conditions générales 139
- D link europe a limité la garantie des produits 139
- Etendue géographique de la garantie produit limitée 139
- Limitation de la garantie produit 139
- Période de garantie produit limitée 139
- Type de produit période de garantie 139
- Exécution de la garantie produit limitée 140
- Garant 140
- Www dlink co uk 140
- Cobertura geográfica de la garantía limitada del producto 141
- Condiciones generales 141
- Garantía limitada del producto d link europa 141
- Limitación de la garantía del producto 141
- Período de la garantía limitada del producto 141
- Tipo de producto período de garantía del producto 141
- Garante 142
- Uso de la garantía limitada del producto 142
- Www dlink co uk 142
- Ambito geografico della garanzia limitata 143
- D link europe termini di garanzia dei prodotti 143
- Generalità 143
- Limitazione della garanzia 143
- Periodo di garanzia 143
- Tipo de producto período de garantía del producto 143
- Prestazioni della garanzia limitata 144
- Www dlink co uk 144
- D link office information 145
- Offices 145
Похожие устройства
- Sony MS-HX32B/K1 ET4 Инструкция по эксплуатации
- Sony Cyber-Shot DSC-T900 Инструкция по эксплуатации
- LG D2343P-BN Инструкция по эксплуатации
- Panasonic KX-F50 Инструкция по эксплуатации
- D-Link DGS-3204 Инструкция по эксплуатации
- Sony Cyber-Shot DSC-T90 Инструкция по эксплуатации
- Sony SF4N4 Инструкция по эксплуатации
- LG E2242TC-BN Инструкция по эксплуатации
- Sharp SJ-P64M Инструкция по эксплуатации
- D-Link DGS-3208F Инструкция по эксплуатации
- Sony Cyber-Shot DSC-T9 Инструкция по эксплуатации
- LG Flatron IPS236V-PN LED Инструкция по эксплуатации
- Sony SF8N4 Инструкция по эксплуатации
- D-Link DGS-3208TG Инструкция по эксплуатации
- Sony SF-8NX/T1 ET4 Инструкция по эксплуатации
- Sony Cyber-Shot DSC-T77 Инструкция по эксплуатации
- LG E2411T-BN Инструкция по эксплуатации
- D-Link DGS-3224TG Инструкция по эксплуатации
- Sony SF16N4 Инструкция по эксплуатации
- LG Flatron E2341T-BN LED Инструкция по эксплуатации