DGS-3224TGR Gigabit Ethernet Switch User’s Guide

24

…

802.1X

Client

802.1X

Client

802.1X

Client

802.1X

Client

802.1X

Client

802.1X

Client

802.1X

Client

802.1X

Client

802.1X

Client

Network access controlled port

Network access uncontrolled port

RADIUS

Server

Ethernet Switch

Figure 5- 10. Example of Typical Port-Based Configuration

Once the connected Client has successfully been authenticated, the Port then becomes Authorized, and all subsequent traffic

on the Port is not subject to access control restriction until an event occurs that causes the Port to become Unauthorized.

Hence, if the Port is actually connected to a shared media LAN segment with more than one attached device, successfully

authenticating one of the attached devices effectively provides access to the LAN for all devices on the shared segment.

Clearly, the security offered in this situation is open to attack.

DGS-3224TGR Gigabit Ethernet Switch User’s Guide

25

MAC-Based Network Access Control

802.1X

Client

Network access controlled port

Network access uncontrolled port

RADIUS

Server

Ethernet Switch

802.1X

Client

802.1X

Client

802.1X

Client

802.1X

Client

802.1X

Client

802.1X

Client

802.1X

Client

802.1X

Client

802.1X

Client

802.1X

Client

802.1X

Client

…

Figure 5- 11. Example of Typical MAC-Based Configuration

In order to successfully make use of 802.1x in a shared media LAN segment, it would be necessary to create “virtual” Ports,

one for each attached device that required access to the LAN. The Switch would regard the single physical Port connecting

it to the shared media segment as consisting of a number of distinct virtual Ports, each virtual Port being independently

controlled from the point of view of EAPOL exchanges and authorization state. The Switch learns each attached device’s

individual MAC address, and effectively creates a virtual Port that the attached device can then use to communicate with

the LAN via the Switch.

DHCP

The Dynamic Host Configuration Protocol (DHCP) can reduce the administrative burden of assigning and maintaining IP

address information. DHCP provides reliable and simple TCP/IP network configuration, ensures that address conflicts do

not occur, and helps to conserve the use of IP addresses through the centralized management of address allocation.

Dynamic address allocation enables a client to be assigned an IP address from a pool of free addresses. Each address is

assigned with a lease and a lease expiration period. The client must renew the lease to continue using the assigned address.

Dynamically assigned addresses can be returned to the free address pool if the computer is not being used, if it is moved to

another subnet, of if its lease expires. Usually, network policy ensures that the same IP address is assigned to a client each

time and that addresses returned to the free address pool are reassigned.

When the address lease expires, the DHCP client enters the renewing state. The client sends a request message to the DHCP

server that provided the address. The DHCP server sends an acknowledgement that contains the new lease and

configuration parameters. The client then updates its configuration values and returns to the bound state.

DGS-3224TGR Gigabit Ethernet Switch User’s Guide

26

When the DHCP client is in the renewing state, it must release its address immediately in the rare event that the DHCP

server sends a negative acknowledgment. The DHCP server sends this message to inform a client that it has incorrect

configuration information, forcing it to release its current address and acquire new information.

If the DHCP client cannot successfully renew its lease, the client enters a rebinding state. The client then sends a request

message to all DHCP servers in its range, attempting to renew its lease. Any DHCP server that can extend the lease sends

an acknowledgement containing the extended lease and updated configuration information. If the lease expires or if a

DHCP server responds with a negative acknowledgement, the client must release its current configuration, and then return

to the initializing state.

If the DHCP client uses more than one network adapter to connect to multiple networks, this protocol is followed for each

adapter that the user wants to configure for TCP/IP. Multi-homed systems are selectively configured for any combination of

the system’s interfaces.

When a DHCP-enabled computer is restarted, it sends a message to the DHCP server with its current configuration

information. The DHCP server either confirms this configuration or sends a negative reply so that the client must begin the

initializing state again. System startup might, therefore, result in a new IP address for a client computer, but neither the user

nor the network administrator has to take any action in the configuration process.

Before loading TCP/IP with an address acquired from the DHCP server, DHCP clients check for an IP address conflict by

sending an Address Resolution Protocol (ARP) request containing the address. If a conflict is found, TCP/IP does not start,

and the user receives an error message. The conflicting address should be removed for the list of active leases or it should

be excluded until the conflict is identified and resolved.

DGS-3224TGR Gigabit Ethernet Switch User’s Guide

27

6

Web-Based Network Management

Introduction

The DGS-3224TGR offers an embedded Web-based (HTML) interface allowing users to manage the switch from anywhere

on the network through a standard browser, such as Opera, Netscape Navigator/Communicator, or Microsoft Internet

Explorer. The Web browser acts as a universal access tool and can communicate directly with the switch using the HTTP

protocol. Your browser window may vary with the screen shots (pictures) in this guide.

The Web-based management module and the Console program (and Telnet) are different ways to access the same internal

switching software and configure it. Thus, all settings encountered in Web-based management are the same as those found

in the console program.

NOTE:

This Web-based Management Module does not accept Chinese

language input (or other languages requiring 2 bytes per character).

NOTE:

It is necessary to download Java Runtime Environment 1.4.2 to

display the Topology windows located in the Single IP Management folder.

Getting Started

The first step in getting started in using Web-based management for your switch is to secure a browser. A Web browser is a

program that allows a person to read hypertext, for example, Opera, Netscape Navigator, or Microsoft Internet Explorer.

Follow the installation instructions for the browser.

The second and last step is to configure the IP interface of the switch. This should be done manually through a console (see

the

Configure IP Address

section in the

“Using The Console Interface”

chapter).

You are now ready to begin managing your switch by simply running the browser installed on your computer and pointing

it to the IP address you have defined for the device. The URL in the address bar should read something like:

http://123.123.123.123, where the numbers 123 represent the IP address of the switch. Please note that the proxy for session

connection should be turned off.

Depending on which browser you are using, a dialog box similar to the following will open:

DGS-3224TGR Gigabit Ethernet Switch User’s Guide

28

Click

OK

as there is no preset user name or password on the switch. This opens the main page in the management module.

The top panel shows a real-time front panel display of the DGS-3224TGR. Clicking on an individual port on this display

will connect you to the

Port Configurations

window (see

Basic Setup

→

Port Configurations

for a detailed description).

The panel on the left-hand side contains the main menu. The folders in the main menu are directories for

Basic Setup

,

Advanced Setup

, and

Single IP Management

. In these folders or directories are links to configuration windows and

subdirectories containing more windows used to setup, manage and monitor the Switch.