![D-Link DES-3552 [110/260] Pae access entity 802 x](/img/pdf.png)
D-Link DES-3552 [110/260] Pae access entity 802 x
![D-Link DES-3828P [110/260] Pae access entity 802 x](/views2/1043702/page110/bg6e.png)
DES-3550 Fast Ethernet Layer 2 Switch
PAE Access Entity (802.1X)
802.1x Port-Based and MAC-Based Access Control
The IEEE 802.1x standard is a security measure for authorizing and authenticating users to gain access to various wired or
wireless devices on a specified Local Area Network by using a Client and Server based access control model. This is
accomplished by using a RADIUS server to authenticate users trying to access a network by relaying Extensible
Authentication Protocol over LAN (EAPOL) packets between the Client and the Server. The following figure represents a
basic EAPOL packet:
Figure 6- 66. EAPOL Packet
Utilizing this method, unauthorized devices are restricted from connecting to a LAN through a port to which the user is
connected. EAPOL packets are the only traffic that can be transmitted through the specific port until authorization is granted.
The 802.1x Access Control protocol consists of three components, each of which is vital to creating and maintaining a stable
and working Access Control security method.
Figure 6- 67. Three Functions of 802.1x
The following section will explain Client, Authenticator, and Authentication Server in greater detail.
Authentication Server
The Authentication Server is a remote device that is connected to the same network as the Client and Authenticator, must be
running a RADIUS Server program and must be configured properly on the Authenticator (Switch). Clients connected to a
port on the Switch must be authenticated by the Authentication Server (RADIUS) before attaining any services offered by the
Switch on the LAN. The role of the Authentication Server is to certify the identity of the Client attempting to access the
network by exchanging secure information between the RADIUS server and the Client through EAPOL packets and, in turn,
informs the Switch whether or not the Client is granted access to the LAN and/or switch services.
96
Содержание
- D link des 3550 1
- Managed layer 2 ethernet switch 1
- Manual 1
- Release 3 1
- Table of contents 3
- Preface 9
- Intended readers 10
- Notes notices and cautions 10
- Typographical conventions 10
- Safety cautions 11
- Safety instructions 11
- General precautions for rack mountable products 12
- Protecting against electrostatic discharge 13
- Fast ethernet 15
- Gigabit ethernet technology 15
- Introduction 15
- Section 1 15
- Switch description 16
- Switching technology 16
- Features 17
- Front panel components 18
- Led indicators 19
- Rear panel description 20
- Side panel description 20
- Gigabit combo ports 21
- Before you connect to the network 22
- Installation 22
- Package contents 22
- Section 2 22
- Installing the switch in a rack 23
- Installing the switch without the rack 23
- Mounting the switch in a standard 19 rack 24
- Power failure 24
- Power on 24
- Connecting the switch 25
- Section 3 25
- Switch to end node 25
- Connecting to network backbone or server 26
- Switch to hub or switch 26
- Command line console interface through the serial port 27
- Introduction to switch management 27
- Management options 27
- Section 4 27
- Snmp based management 27
- Web based management interface 27
- Connecting the console port rs 232 dce 28
- First time connecting to the switch 30
- Password protection 31
- Snmp settings 32
- Ip address assignment 33
- Connecting devices to the switch 34
- Section 5 35
- Web based switch configuration 35
- Introduction 36
- Login to web manager 36
- Areas of the user interface 37
- Web based user interface 37
- Web pages 38
- Configuring the switch 39
- Section 6 39
- Switch information 40
- Ip address 41
- Advanced settings 43
- Setting the switch s ip address using the console interface 43
- Port configurations 45
- Port description 46
- Port mirroring 47
- Link aggregation 48
- Understanding port trunk groups 48
- Lacp port setting 51
- Mac notification 52
- Mac notification global settings 52
- Mac notification port settings 52
- Igmp snooping 53
- Static router ports 55
- S mstp 56
- Spanning tree 56
- Edge port 57
- P2p port 57
- Port transition states 57
- W rapid spanning tree 57
- D 802 w 802 s compatibility 58
- Stp bridge global settings 58
- Mst configuration table 61
- Msti settings 65
- Stp instance settings 66
- Mstp port information 67
- Forwarding filtering 69
- Static multicast forwarding 69
- Unicast forwarding 69
- Multicast port filtering 71
- Notes about vlans on the des 3550 72
- Understanding ieee 802 p priority 72
- Vlan description 72
- Ieee 802 q vlans 73
- Q vlan tags 74
- Port vlan id 75
- Tagging and untagging 75
- Default vlans 76
- Ingress filtering 76
- Port based vlans 77
- Static vlan entry 77
- Vlan and trunk groups 77
- Vlan segmentation 77
- Gvrp setting 80
- Traffic control 81
- Port security 82
- Advantages of qos 84
- Understanding qos 85
- Port bandwidth 86
- Scheduling 87
- P default priority 88
- P user priority 88
- Traffic segmentation 89
- System severity alerts 90
- System log server 91
- Current time settings 93
- Sntp settings 93
- Time zone and dst 94
- Access profile table 96
- Configuring the access profile table 96
- Authentication server 110
- Pae access entity 802 x 110
- X port based and mac based access control 110
- Authenticator 111
- Authentication process 112
- Client 112
- Port based network access control 112
- Des 3550 fast ethernet layer 2 switch 113
- Ethernet switch 113
- Figure 6 71 example of typical port based configuration 113
- Network access controlled port 113
- Network access uncontrolled port 113
- Once the connected client has successfully been authenticated the port then becomes authorized and all subsequent traffic on the port is not subject to access control restriction until an event occurs that causes the port to become unauthorized hence if the port is actually connected to a shared media lan segment with more than one attached device successfully authenticating one of the attached devices effectively provides access to the lan for all devices on the shared segment clearly the security offered in this situation is open to attack 113
- Radius server 113
- Ethernet switch 114
- Mac based network access control 114
- Network access controlled port 114
- Network access uncontrolled port 114
- Radius server 114
- Configure authenticator 115
- Pae system control 117
- Port capability 117
- Initializing ports for port based 802 x 118
- Initializing ports for mac based 802 x 119
- Reauthenticate port s for port based 802 x 120
- Radius server 121
- Layer 3 ip networking 122
- Static arp table 122
- Ip mac binding 123
- Ip mac binding per port 123
- Ip mac binding table 124
- Ip mac binding blocked 125
- Limited ip multicast range settings 126
- Dhcp bootp relay 127
- Dhcp bootp relay global settings 127
- Dhcp bootp relay interface settings 130
- Management 131
- Section 7 131
- Security ip 131
- User accounts 131
- Admin and user privileges 132
- Access authentication control 133
- Policy parameters 134
- Application s authentication settings 135
- Authentication server group settings 136
- Authentication server hosts 137
- Login method lists 139
- Enable method lists 140
- Local enable password 142
- Enable admin 143
- Secure socket layer ssl 144
- Ciphersuite 145
- Download certificate 145
- Secure shell ssh 147
- Ssh configuration 147
- Ssh algorithm 148
- Ssh user authentication 150
- Snmp manager 152
- Snmp settings 152
- Snmp user table 153
- Snmp view table 155
- Snmp group table 157
- Snmp community table configuration 159
- Snmp host table 160
- Snmp engine id 161
- Monitoring 162
- Section 8 162
- Port utilization 163
- Cpu utilization 164
- Packets 165
- Received rx 165
- Umb cast rx 167
- Transmitted tx 169
- Errors 171
- Received rx 171
- Transmitted tx 173
- Mac address 177
- Switch history 179
- Igmp snooping group 180
- Igmp snooping forwarding 181
- Vlan status 182
- Router port 183
- Authenticator state 184
- Port access control 184
- Browse arp table 186
- Layer 3 feature 186
- Download firmware from tftp server 187
- Maintenance 187
- Section 9 187
- Tftp services 187
- Download configuration file 188
- Ping test 189
- Upload configuration 189
- Upload log 189
- Save changes 190
- Logout 191
- Reboot device 191
- Reset config 191
- Reset system 191
- D link single ip management 192
- Section 10 192
- Single ip management sim overview 192
- Sim using the web interface 193
- Topology 194
- Tool tips 198
- Group icon 199
- Right click 199
- Commander switch icon 200
- Member switch icon 201
- Candidate switch icon 202
- Menu bar 203
- Device 204
- Configuration file backup restore 205
- Firmware upgrade 205
- Appendix a 206
- Physical and environmental 206
- Technical specifications 206
- General 207
- Performance 208
- Appendix b 209
- Cables and connectors 209
- Appendix c 210
- Cable lengths 210
- Glossary 211
- Limited warranty 214
- Warranty product registration 214
- Fcc warning 215
- Product registration 218
- D link europe limited product warranty 219
- General terms 219
- Tech support for customers within australia 233
- Tech support for customers within new zealand 233
- Technical support 233
- Tech support for customers within south eastern asia and korea 234
- Technical support 234
- 91 22 26526696 ext 161 to 167 235
- 91 22 26526741 235
- D link technical support over the internet 235
- D link technical support over the telephone 235
- Email techsupport dlink co in 235
- Ftp support dlink co in 235
- Http ww dlink co in 235
- Http www dlink co in dlink drivers support asp 235
- Monday to friday 9 30am to 7 00pm 235
- Tech support for customers within india 235
- Technical support 235
- You can find software updates and user documentation on the d link website 235
- Tech support for customers within the russia 236
- Technical support 236
- 971 4 391 6480 u a e 237
- D link middle east north africa 237
- Email support dlink me com 237
- Http support dlink me com 237
- Sunday to wednesday 9 00am to 6 00pm gmt 4 237
- Tech support for customers within egypt 237
- Tech support for customers within israel 237
- Tech support for customers within the u a e north africa 237
- Tech support for customers within turkey 237
- Technical support 237
- Thursday 9 00am to 1 00pm gmt 4 237
- Tech support for customers within south africa and sub sahara region 238
- Technical support 238
- Tech support for customers within brazil 239
- Tech support for latin america customers 239
- Technical support 239
- Техническая поддержка 240
- Asistencia técnica 241
- D link latin américa pone a disposición de sus clientes especificaciones documentación y software mas reciente a través de nuestro sitio web 241
- El servicio de soporte técnico tiene presencia en numerosos países de la región latino américa y presta asistencia gratuita a todos los clientes de d link en forma telefónica e internet a través de la casilla 241
- Soporte dlinkla com 241
- Soporte t é cnico help desk argentina 241
- Soporte técnico help desk chile 241
- Soporte técnico help desk colombia 241
- Soporte técnico help desk ecuador 241
- Soporte técnico help desk el salvador 241
- Soporte técnico help desk guatemala 241
- Soporte técnico help desk panamá 241
- Soporte técnico help desk perú 241
- Soporte técnico help desk venezuela 241
- Www dlinklatinamerica com 241
- E mail 242
- Suporte t é cnico para clientes no brasil 242
- Suporte técnico 242
- Telefone 242
- 友冠技術支援 243
- Tech support for customers within canada 244
- Tech support for customers within the united states 244
- Technical support 244
- For customers within 245
- For customers within canada 245
- Technical support 245
- The united kingdom ireland 245
- 12 min aus dem festnetz der deutschen telekom 246
- Niederlassung aus der liste im benutzerhandbuch 246
- Technische unterstützung 246
- Wenden sie sich bitte an die zuständige 246
- Wenn sie kunde von d link außerhalb deutschlands 246
- Österreichs der schweiz und osteuropas sind 246
- Assistance technique 247
- Support technique destiné aux clients établis au canada 247
- Support technique destiné aux clients établis en france 247
- Asistencia técnica 248
- Http www dlink es email soporte dlink es 248
- D link mediterraneo s r l 249
- Disponibili sul sito d link 249
- Email tech dlink it 249
- Gli ultimi aggiornamenti e la documentazione sono 249
- Supporto tecnico 249
- Supporto tecnico per i clienti residenti in italia 249
- Url http www dlink it supporto html 249
- Via n bonnet 6 b 20154 milano supporto tecnico dal lunedì al venerdì dalle ore 9 0 alle ore 19 0 con orario continuato telefono 02 39607160 249
- Luxemburg 250
- Tech support for customers within 250
- Tech support for customers within belgium 250
- Tech support for customers within the netherlands 250
- Technical support 250
- Pomoc techniczna 251
- Pomoc techniczna firmy d link świadczona przez internet 251
- Telefoniczna pomoc techniczna firmy d link 251
- Technická podpora 252
- D link magyarország 253
- Technikai támogatás 253
- 10 610 254
- D link teknisk support over internett 254
- D link teknisk telefon support 254
- D link tilbyr sine kunder gratis teknisk support under 254
- Dokumentasjon på d links web sider 254
- Du kan finne programvare oppdateringer og bruker 254
- Hjemmesider eller på tlf 254
- Http www dlink no 254
- Hverdager 08 00 20 00 254
- Kunder kan kontakte d links teknisk support via våre 254
- Produktets garantitid 254
- Teknisk support 254
- D link teknisk support på internettet 255
- Teknisk support 255
- 33 00 35 256
- D link teknisk support via internet 256
- D link teknisk support via telefon 256
- D link tillhandahåller teknisk support till kunder i sverige under hela garantitiden för denna produkt 256
- Email support dlink se 256
- Http www dlink se 256
- På vår hemsida kan du hitta mer information om mjukvaru uppdateringar och annan användarinformation 256
- Teknisk support 256
- Teknisk support för kunder i sverige 256
- Vardagar 08 0 20 0 256
- 技术支持 257
- International offices 258
- All countries and regions excluding usa 259
- Registration card 259
Похожие устройства
- Sony Cyber-Shot DSC-T25 Инструкция по эксплуатации
- Sony ICD-UX200 2Gb Black Инструкция по эксплуатации
- D-Link DES-3552P Инструкция по эксплуатации
- Sony Cyber-Shot DSC-T20HDPR Инструкция по эксплуатации
- Sony ICD-UX512 2Gb Black Инструкция по эксплуатации
- JVC AV-2934WE Инструкция по эксплуатации
- D-Link DES-3810-28 Инструкция по эксплуатации
- Sony Cyber-Shot DSC-T200 Инструкция по эксплуатации
- Sony ICD-UX300 4Gb Red Инструкция по эксплуатации
- Panasonic KX-F2717BX Инструкция по эксплуатации
- D-Link DES-3810-52 Инструкция по эксплуатации
- Sony ICD-UX300 4Gb Black Инструкция по эксплуатации
- Sony Cyber-Shot DSC-T20 Инструкция по эксплуатации
- Sharp SJ-P44N Инструкция по эксплуатации
- D-Link DES-3828 Инструкция по эксплуатации
- Sony Cyber-Shot DSC-T2 Инструкция по эксплуатации
- Sony ICF-18 Инструкция по эксплуатации
- Panasonic DVD-A360EG-K Инструкция по эксплуатации
- D-Link DES-3828DC Инструкция по эксплуатации
- Sony ICF-S22 Инструкция по эксплуатации