![D-Link DGS-1510-28XMP/ME [243/342] Access authentication control](/img/pdf.png)
D-Link DGS-1510-28XMP/ME [243/342] Access authentication control
![D-Link DGS-1510-28XMP/ME [243/342] Access authentication control](/views2/1459150/page243/bgf3.png)
DGS-1510/ME Series Metro Ethernet Switch Web UI Reference Guide
234
The fields that can be configured are described below:
Parameter Description
Server IP Address
The IP address of the DHCP server to be permitted.
Client’s MAC Address
Enter the MAC address of the client.
Ports
The port numbers of the filter DHCP server. Tick the All Ports check box to include
all the ports on this switch for this configuration.
Click the Apply button to accept the changes made.
Click the Delete button to remove the specific entry.
Access Authentication Control
The TACACS / XTACACS / TACACS+ / RADIUS commands allow users to secure access to the Switch using the
TACACS / XTACACS / TACACS+ / RADIUS protocols. When a user logs in to the Switch or tries to access the
administrator level privilege, he or she is prompted for a password. If TACACS / XTACACS / TACACS+ / RADIUS
authentication is enabled on the Switch, it will contact a TACACS / XTACACS / TACACS+ / RADIUS server to verify
the user. If the user is verified, he or she is granted access to the Switch.
There are currently three versions of the TACACS security protocol, each a separate entity. The Switch's software
supports the following versions of TACACS:
1 TACACS (Terminal Access Controller Access Control System) - Provides password checking and
authentication, and notification of user actions for security purposes utilizing via one or more centralized
TACACS servers, utilizing the UDP protocol for packet transmission.
2 Extended TACACS (XTACACS) - An extension of the TACACS protocol with the ability to provide more
types of authentication requests and more types of response codes than TACACS. This protocol also uses
UDP to transmit packets.
3 TACACS+ (Terminal Access Controller Access Control System plus) - Provides detailed access control
for authentication for network devices. TACACS+ is facilitated through Authentication commands via one or
more centralized servers. The TACACS+ protocol encrypts all traffic between the Switch and the TACACS+
daemon, using the TCP protocol to ensure reliable delivery
In order for the TACACS / XTACACS / TACACS+ / RADIUS security function to work properly, a TACACS /
XTACACS / TACACS+ / RADIUS server must be configured on a device other than the Switch, called an
Authentication Server Host and it must include usernames and passwords for authentication. When the user is
prompted by the Switch to enter usernames and passwords for authentication, the Switch contacts the TACACS /
XTACACS / TACACS+ / RADIUS server to verify, and the server will respond with one of three messages:
The server verifies the username and password, and the user is granted normal user privileges on the Switch.
The server will not accept the username and password and the user is denied access to the Switch.
The server doesn't respond to the verification query. At this point, the Switch receives the timeout from the server and
then moves to the next method of verification configured in the method list.
The Switch has four built-in Authentication Server Groups, one for each of the TACACS, XTACACS, TACACS+ and
RADIUS protocols. These built-in Authentication Server Groups are used to authenticate users trying to access the
Switch. The users will set Authentication Server Hosts in a preferable order in the built-in Authentication Server
Groups and when a user tries to gain access to the Switch, the Switch will ask the first Authentication Server Hosts for
authentication. If no authentication is made, the second server host in the list will be queried, and so on. The built-in
Authentication Server Groups can only have hosts that are running the specified protocol. For example, the TACACS
Authentication Server Groups can only have TACACS Authentication Server Hosts.
The administrator for the Switch may set up six different authentication techniques per user-defined method list
(TACACS / XTACACS / TACACS+ / RADIUS / local / none) for authentication. These techniques will be listed in an
order preferable, and defined by the user for normal user authentication on the Switch, and may contain up to eight
authentication techniques. When a user attempts to access the Switch, the Switch will select the first technique listed
for authentication. If the first technique goes through its Authentication Server Hosts and no authentication is returned,
Содержание
- Dgs 1510 me series metro ethernet switch web ui reference guide 2
- Chapter 1 web based switch configuration 5 3
- Chapter 2 system configuration 8 3
- Chapter 3 management 32 3
- Table of contents 3
- Chapter 4 l2 features 60 4
- Chapter 5 l3 features 136 5
- Chapter 6 qos 138 5
- Chapter 7 acl 152 5
- Chapter 8 security 188 6
- Chapter 10 oam 269 7
- Chapter 9 network application 253 7
- Appendix a password recovery procedure 318 appendix b system log entries 319 appendix c trap log entries 326 appendix d radius attributes assignment 330 appendix e ietf radius attributes support 332 8
- Chapter 11 monitoring 287 8
- Chapter 12 save and tools 307 8
- Intended readers 10
- Notes notices and cautions 10
- Typographical conventions 10
- Safety cautions 11
- Safety instructions 11
- General precautions for rack mountable products 12
- Protecting against electrostatic discharge 13
- Chapter 1 web based switch configuration 14
- Introduction 14
- Login to the web manager 14
- Areas of the user interface 15
- Web based user interface 15
- Web pages 16
- Chapter 2 system configuration 17
- Device information 17
- System information settings 17
- Ddm settings 18
- Port configuration 18
- Ddm temperature threshold settings 19
- Ddm voltage threshold settings 20
- Ddm bias current threshold settings 21
- Ddm tx power threshold settings 22
- Ddm rx power threshold settings 23
- Ddm status table 24
- Port settings 25
- Port description settings 27
- Port error disabled 27
- Jumbo frame settings 28
- Port media type 28
- Eee settings 29
- Poe system settings 30
- Poe port settings 31
- Serial port settings 33
- Warning temperature settings 33
- System log configuration 34
- System log settings 34
- System log 35
- System log server settings 35
- System log trap settings 36
- System severity settings 36
- Time range settings 37
- Time settings 38
- User accounts settings 38
- Command logging settings 39
- Arp table 41
- Chapter 3 management 41
- Static arp settings 41
- Gratuitous arp 42
- Gratuitous arp global settings 42
- Gratuitous arp settings 43
- Ipv6 neighbor settings 43
- Ip interface 44
- System ip address settings 44
- Interface settings 46
- Management settings 48
- Session table 49
- Single ip management 50
- Single ip settings 51
- Topology 52
- Configuration file backup restore 58
- Firmware upgrade 58
- Snmp settings 59
- Upload log file 59
- Snmp global settings 60
- Snmp linkchange traps settings 61
- Snmp traps settings 61
- Snmp view table settings 62
- Snmp community table settings 63
- Snmp engine id settings 64
- Snmp group table settings 64
- Snmp user table settings 65
- Snmp host table settings 66
- Snmp v6host table settings 66
- Rmon settings 67
- Telnet settings 68
- Web settings 68
- Chapter 4 l2 features 69
- Q vlan tags 71
- 1 2 3 4 72
- Cyclic redundancy check 4 octets 72
- Destination address 6 octets 72
- Dgs 1510 me series metro ethernet switch web ui reference guide 72
- Dst mac src mac 72
- Ethertype 0x8100 72
- Mac length type beginning of data 72
- New tagged packet 72
- Original ethernet packet 72
- Port vlan id 72
- Source address 6 octets 72
- Tag control information 72
- Tag control information tci 72
- The ethertype and vlan id are inserted after the mac source address but before the original ethertype length or logical link control because the packet is now a bit longer than it was originally the cyclic redundancy check crc must be recalculated 72
- User prlorlty cfi vlan id vid 12 bits 72
- Q vlan settings 74
- V protocol group settings 77
- V protocol vlan 77
- V protocol vlan settings 78
- Gvrp global settings 79
- Gvrp port settings 80
- Mac based vlan settings 81
- Private vlan settings 81
- Pvid auto assign settings 83
- Voice vlan global settings 83
- Voice vlan settings 83
- Voice vlan oui settings 84
- Voice vlan port settings 84
- Voice vlan device 85
- Voice vlan lldp med voice device 85
- Browse vlan 86
- Vlan trunk settings 86
- Show vlan ports 87
- Qinq settings 89
- Layer 2 protocol tunneling settings 90
- Vlan translation settings 90
- Q 2005 mstp 91
- Spanning tree 91
- D 2004 rapid spanning tree 92
- Stp bridge global settings 93
- Stp port settings 94
- Mst configuration identification 96
- Stp instance settings 96
- Mstp port information 97
- Link aggregation 98
- Port trunking settings 99
- Lacp port settings 100
- Multicast static fdb settings 101
- Static fdb settings 101
- Unicast static fdb settings 101
- Mac notification settings 102
- Mac address aging time settings 103
- Arp fdb table 104
- Mac address table 104
- Igmp snooping 105
- Igmp snooping settings 105
- L2 multicast control 105
- Igmp snooping rate limit settings 107
- Igmp snooping static group settings 108
- Igmp router port 109
- Igmp snooping group 109
- Igmp snooping forwarding table 110
- Igmp host table 111
- Igmp snooping counter 111
- Cpu filter l3 control packet settings 112
- Mld snooping 113
- Mld snooping settings 114
- Mld snooping rate limit settings 117
- Mld snooping static group settings 117
- Mld router port 118
- Mld snooping forwarding table 119
- Mld snooping group 119
- Mld snooping counter 120
- Mld host table 121
- Igmp multicast group profile settings 122
- Multicast vlan 122
- Igmp snooping multicast vlan settings 123
- Ipv4 multicast filtering 125
- Ipv4 multicast profile settings 125
- Multicast filtering 125
- Ipv4 limited multicast range settings 126
- Ipv4 max multicast group settings 127
- Ipv6 multicast filtering 127
- Ipv6 multicast profile settings 127
- Ipv6 limited multicast range settings 128
- Ipv6 max multicast group settings 129
- Erps settings 130
- Multicast filtering mode 130
- Lldp global settings 133
- Lldp port settings 134
- Lldp basic tlvs settings 135
- Lldp management address list 135
- Lldp dot1 tlvs settings 136
- Lldp dot3 tlvs settings 137
- Lldp statistics system 138
- Lldp local port information 139
- Lldp remote port information 140
- Lldp med 141
- Lldp med port settings 141
- Lldp med system settings 141
- Lldp med local port information 142
- Lldp med remote port information 143
- Nlb fdb settings 143
- Chapter 5 l3 features 145
- Ipv4 route table 145
- Ipv4 static default route settings 145
- Ipv6 static default route settings 146
- Chapter 6 qos 147
- P default priority settings 148
- P settings 148
- P user priority settings 149
- Bandwidth control 150
- Bandwidth control settings 150
- P map settings 150
- Queue bandwidth control settings 151
- Traffic control settings 152
- Dscp map settings 155
- Dscp trust settings 155
- Hol blocking prevention 157
- Qos scheduling 158
- Scheduling settings 158
- Qos scheduling mechanism 159
- Acl configuration wizard 161
- Chapter 7 acl 161
- Access profile list 162
- Add an ethernet acl profile 163
- Adding an ipv4 acl profile 166
- Adding an ipv6 acl profile 171
- Adding a packet content acl profile 176
- Cpu access profile list 179
- Adding a cpu ethernet acl profile 180
- Adding a cpu ipv4 acl profile 183
- Adding a cpu ipv6 acl profile 187
- Adding a cpu packet content acl profile 190
- Acl finder 193
- Acl flow meter 194
- Chapter 8 security 197
- X global settings 202
- X port settings 203
- X user settings 205
- Guest vlan settings 206
- Authenticator state 207
- Authenticator statistics 207
- Authenticator session statistics 208
- Authenticator diagnostics 209
- Initialize port based port s 210
- Initialize host based port s 211
- Reauthenticate port based port s 211
- Authentication radius server settings 212
- Radius 212
- Reauthenticate host based port s 212
- Radius accounting settings 213
- Radius authentication 213
- Radius account client 215
- Impb global settings 217
- Ip mac port binding impb 217
- Impb port settings 218
- Impb entry settings 219
- Mac block list 219
- Dhcp snooping 220
- Dhcp snooping maximum entry settings 220
- Dhcp snooping entry 221
- Mac based access control mac 221
- Mac based access control settings 221
- Mac based access control local settings 223
- Mac based access control authentication state 224
- Web based access control wac 225
- Wac global settings 227
- Wac port settings 228
- Wac user settings 228
- Wac authentication state 229
- Wac customize page 230
- Compound authentication 231
- Compound authentication settings 231
- Compound authentication guest vlan settings 233
- Port security 233
- Port security settings 233
- Port security vlan settings 235
- Arp spoofing prevention settings 236
- Port security entries 236
- Bpdu attack protection 237
- Loopback detection settings 238
- Traffic segmentation settings 239
- Netbios filtering settings 240
- Dhcp server screening 241
- Dhcp server screening port settings 241
- Dhcp offer permit entry settings 242
- Access authentication control 243
- Authentication policy settings 244
- Enable admin 244
- Application authentication settings 245
- Authentication server group settings 246
- Authentication server settings 247
- Login method lists settings 248
- Enable method lists settings 249
- Local enable password settings 250
- Ssl settings 251
- Ssh authentication method and algorithm settings 254
- Ssh settings 254
- Ssh user authentication list 256
- Trusted host settings 257
- Safeguard engine settings 258
- Dos attack prevention settings 259
- Igmp access control settings 261
- Chapter 9 network application 262
- Dhcp relay 262
- Dhcp relay global settings 262
- Dhcp relay interface settings 265
- Dhcp relay vlan settings 265
- Dhcp relay option 60 server settings 266
- Dhcp relay option 60 settings 266
- Dhcp relay option 61 settings 267
- Dhcp local relay option 82 settings 268
- Dhcp local relay settings 268
- Dns resolver 269
- Dns resolver global settings 269
- Dns resolver dynamic name server table 270
- Dns resolver static host name settings 270
- Dns resolver static name server settings 270
- Dns resolver dynamic host name table 271
- Pppoe circuit id insertion settings 271
- Smtp settings 272
- Sntp settings 273
- Time zone settings 274
- Flash file system settings 276
- Cfm settings 278
- Chapter 10 oam 278
- Cfm port settings 284
- Cfm loopback settings 285
- Cfm mipccm table 285
- Cfm linktrace settings 286
- Cfm packet counter 287
- Cfm fault table 288
- Cfm mp table 289
- Ethernet oam 289
- Ethernet oam settings 289
- Ethernet oam configuration settings 290
- Ethernet oam event log 291
- Ethernet oam statistics 292
- Duld settings 293
- Cable diagnostics 294
- Chapter 11 monitoring 296
- Cpu utilization 296
- Dram flash utilization 296
- Utilization 296
- Port utilization 297
- Statistics 297
- Packets 298
- Port statistics 298
- Received rx 298
- Umb_cast rx 299
- Transmitted tx 301
- Errors 302
- Received rx 302
- Transmitted tx 304
- Packet size 305
- Mirror 307
- Port mirror settings 307
- Rspan settings 308
- Sflow analyzer server settings 310
- Sflow global settings 310
- Sflow flow sampler settings 311
- Ping test 312
- Sflow counter poller settings 312
- Trace route 314
- Device environment 315
- Peripheral 315
- Chapter 12 save and tools 316
- Download firmware 316
- Download firmware from tftp 316
- Save configuration log 316
- Download firmware from ftp 317
- Download firmware from http 318
- Upload firmware 318
- Upload firmware to tftp 318
- Upload firmware to ftp 319
- Upload firmware to http 319
- Download configuration 320
- Download configuration from ftp 320
- Download configuration from tftp 320
- Download configuration from http 321
- Upload configuration 321
- Upload configuration to tftp 321
- Upload configuration to ftp 322
- Upload configuration to http 323
- Upload log file 323
- Upload log to tftp 323
- Upload log to ftp 324
- Upload log to http 324
- Reboot system 325
- Appendix a password recovery procedure 327
- Appendix b system log entries 328
- Dgs 1510 me series metro ethernet switch web ui reference guide 328
- The following table lists all possible entries and their corresponding meanings that will appear in the system log of this switch 328
- Dgs 1510 me series metro ethernet switch web ui reference guide 329
- Dgs 1510 me series metro ethernet switch web ui reference guide 330
- Dgs 1510 me series metro ethernet switch web ui reference guide 331
- Dgs 1510 me series metro ethernet switch web ui reference guide 332
- Dgs 1510 me series metro ethernet switch web ui reference guide 333
- Dgs 1510 me series metro ethernet switch web ui reference guide 334
- Appendix c trap log entries 335
- Dgs 1510 me series metro ethernet switch web ui reference guide 335
- This table lists the trap logs found on the switch 335
- Dgs 1510 me series metro ethernet switch web ui reference guide 336
- Dgs 1510 me series metro ethernet switch web ui reference guide 337
- Dgs 1510 me series metro ethernet switch web ui reference guide 338
- Appendix d radius attributes assignment 339
- Appendix e ietf radius attributes support 341
Похожие устройства
- D-Link DGS-1510-28XMP/ME Руководство по установке
- D-Link DGS-1510-28XMP/ME Краткое руководство по установке
- D-Link DGS-1510-52L/ME Руководство по установке
- D-Link DGS-1510-52L/ME Руководство пользователя _CLI_
- D-Link DGS-1510-52L/ME Руководство пользователя _Web UI_
- D-Link DGS-1510-52L/ME Краткое руководство по установке
- D-Link DGS-1510-52X/ME Руководство по установке
- D-Link DGS-1510-52X/ME Руководство пользователя _CLI_
- D-Link DGS-1510-52X/ME Руководство пользователя _Web UI_
- D-Link DGS-1510-52X/ME Краткое руководство по установке
- D-Link DGS-3000-10L Краткое руководство по установке
- D-Link DGS-3000-10L Руководство пользователя _CLI_
- D-Link DGS-3000-10TC Руководство по установке
- D-Link DGS-3000-10TC Руководство пользователя _Web UI_
- D-Link DGS-3000-10TC Руководство пользователя _CLI_
- D-Link DGS-3000-10TC Краткое руководство по установке
- D-Link DGS-3000-20L Краткое руководство по установке
- D-Link DGS-3000-20L Руководство пользователя _CLI_
- D-Link DGS-3000-26TC Руководство по установке
- D-Link DGS-3000-26TC Руководство пользователя _CLI_
Скачать
Случайные обсуждения