Presentation is loading. Please wait.

Presentation is loading. Please wait.

E2ES Console Plug-In for D-View 6 Beta1 Release Note Peter Chan, SSPD, D-Link HQ.

Published byAriana Lovern Modified over 9 years ago

Similar presentations

Presentation on theme: "E2ES Console Plug-In for D-View 6 Beta1 Release Note Peter Chan, SSPD, D-Link HQ."— Presentation transcript:

1 E2ES Console Plug-In for D-View 6 Beta1 Release Note Peter Chan, SSPD, D-Link HQ

2 Preface This release note is for E2ES Console Plug-In Beta1, a version intended for field test and demonstration. Step-by-step configuration samples are included in this release note as reference Any feedback from you are welcome For function suggestions, pls. contact peter_chan@dlink.com.twpeter_chan@dlink.com.tw For bugs, pls. open D-Track case to our support team. Configuration samples for ACL IMPB (IP-MAC-Port Binding) Supported Features in Beta1 IP-MAC-Port Binding (IMPB) 802.1X Authentication Access Control List (ACL) Broadcast Storm Control Guest VLAN DHCP server screening MAC-Based Access Control (MAC) Web-Based Access Control (WAC) Port Security Traffic Segmentation Loopback Detection ARP spoofing Prevention

3 Supported Models & Features DES-3028 (2.00.B27) DES-3526 (5.01.B58) DES-3528 (1.01.B029) DES-3828 (4.50.B14) DGS-3200-10 (1.35.B023) DGS-3650 (2.40.B73) DGS-3426 (2.35.B09) IMPB  802.1X  ACL  Broadcast Storm Control  Guest VLAN  MAC   WAC  Port Security  Traffic Segmentation  LBD    ARP Spoofing Prevention  DHCP Server Screening   The latest information about the supported models for features, please refer to PMD’s “Function Matrix”. TOP TOP > Product Data > Switch > Switch > D-VIEW6 > Product Literature Product Data Switch D-VIEW6 Product Literature

4 Known Issues The known issues for E2ES Console Beta1 1.When enable MAC, WAC, Port Security and IMPB for switch port, there’s no conflict warning message to notify user. 2.When changing the 802.1X Auth Mode to MAC Based mode, E2ES Console will not check if there’s a port which already enables IMPB or Port Security 3.WAC Known Issues for DGS-3200 When user tries to change DGS-3200’s “WAC status” from “disable” to “enable”, the “Virtual IP” needs to be configured first. Sometimes, the user account in “WAC User Setting” pages can not be crated or removed

5 Known Issues 4.WAC Known Issues for DES-3528 The parameters “Authentication VLAN” and “Redirection Page” must be configured in switch first before configuring E2ES Console’s “Port WAC Setting”. User can not create user account via E2ES Console’s “WAC User Setting” feature. 5.WAC Known Issues for DES-3828 The parameters “VLAN Name” and “Logout Time” must be configured in switch first before configuring E2ES Console’s “Port WAC Setting” 6.WAC Known Issues for DGS-3650 The parameters “VLAN Name” and “Redirection Path” must be configured in switch first before changing E2ES Console’s “WAC State” to “Enabled”

6 Known Issues 7.If there are user accounts exist in E2ES Console’s “WAC User Setting”, you will always get a “Fail” status when applying settings to switch.

7 Known Issues 8.If there are MAC addresses exist in E2ES Console’s “MAC Database Setting”, you will always get a “Fail” status when applying settings to switch.

8 Known Issues 9.IMPB Known Issues for DGS-3650 When enabling “ACL Mode” parameter in the MIB file, actually, it enables the Trap Log parameter in the Web UI. Also the “Trap Log” parameter is not configurable. This is switch’s firmware issue. 10.DHCP Server Screening Known Issues If there is any record in the “DHCP Offer Filtering” table, user will always get “Fail” status when trying to apply the setting to switch

9 Notice D-View 6 platform must be installed before installing E2ES Console Plug-In Please download the latest D-View 6 version on PMD: TOP TOP > Product Data > Switch > Switch > D-VIEW6 > Firmware Product Data Switch D-VIEW6 Firmware E2ES Console beta code files E2ESConsoleB01(STD).exe: to work with D-View 6 Standard Edition E2ESConsoleB01(PRO).exe: to work with D-View 6 Professional Edition

10 Installation Double click the installation file, E2ESConsoleB01(STD).exe, to install E2ES Console Plug-In Beta1

11 Installation Please follow up the instruction to complete the installation

12 Installation Please follow up the instruction to complete the installation

13 Installation Please follow up the instruction to complete the installation

14 How to Make a Demonstration - Topology D-View 6 Standard E2ES Console Plug-In (Beta1) DES-3028 2.00.B27 DES-3528 1.01.B029 DGS-3200-10 1.35B023 To expand the demonstration architecture, please check the table in page 3 & 4. Make sure the switch and firmware version can work with E2ES Console Beta1 version.

15 How to Make a Demonstration - Switch’s Configuration DES-3028 (2.00.B27) DES-3028:4#config ipif System ipaddress 172.17.5.214/24 DES-3028:4#create iproute default 172.17.5.254 DES-3028:4#create snmp host 172.17.5.104 v1 public DES-3528 (1.01.B029) DES-3528:5#config ipif System ipaddress 172.17.5.213/24 DES-3528:5#create iproute default 172.17.5.254 DES-3528:5#enable snmp DES-3528:5#create snmp host 172.17.5.104 v1 public DES-3200-10 (1.30.B023) DGS-3200-10:4#config ipif System ipaddress 172.17.5.211/24 DGS-3200-10:4#create iproute default 172.17.5.254 DGS-3200-10:4#enable snmp DGS-3200-10:4#create snmp host 172.17.5.104 v1 public

16 How to Make a Demonstration - Discover the Topology How to launch the discovery tool? By Function Menu By Quick Menu By Wizard

17 How to Make a Demonstration - Discover the Topology Discover Topology by Function Menu NetTools > Topology Generator The Domain and Netmap must be created before executing this Discover Topology by Quick Menu Right click the mouse on Netmap > The Domain and Netmap must be created before executing this

18 How to Make a Demonstration - Discover the Topology Discover Topology by Wizard When D-View starts, the wizard will pop-up automatically Select “D-View Startup Wizard” Please follow up the guidance to complete the discovery We will demonstrate discovering topology by Wizard in this document

19 How to Make a Demonstration - Discover the Topology by Wizard Step1: Select the “D-View Startup Wizard” D-View will redirect to original topology-generation wizard portal Click “Next” for next step

20 How to Make a Demonstration - Discover the Topology by Wizard Step2: Create Domain Enter the Domain name and click “Create” button Click “Next” when complete

21 How to Make a Demonstration - Discover the Topology by Wizard Step3: Create Netmap Enter Netmap’s name and description if necessary Click “Next” when complete Step3-1: Select network adaptor You may not see this request if your server/desktop only supports one network adaptor Choose the network adaptor from the candidates and click “OK”

22 How to Make a Demonstration - Discover the Topology by Wizard Step4: Decide the analysis mode Local Network: D-View will try to discover the topology based on D-View Server’s subnet Designated Network: assign an IP range for scan * Topology name is mandatory

23 How to Make a Demonstration - Discover the Topology by Wizard Step5: assign the community name and start the discovery Input the community name which are assigned in the switch Click “Complete” Process status is displayed in D-View’s Message Board The “Complete” button

24 How to Make a Demonstration - Discover the Topology by Wizard Step6: export to Domain and Netmap Select the Domain and Netmap to export the discovery result Click “Export”

25 How to Make a Demonstration - Discover the Topology by Wizard Step7: Add devices to the polling list D-View will not poll the switches in gray color Select gray switches and right click the mouse Select “Add to Poll List”, these switches will turn Green and D- View will monitor their status

26 ACL (Access Control List) Introduction and Configuration Sample

27 ACL Configuration Sample Preface This section will demonstrate how to configure ACL for DGS-3200, DES-3528 and DES-3028 Purpose Know how to configure ACL feature on E2ES Console Plug-In by following the step-by-step procedures Be able to demonstrate it to customers with these steps This document introduces ACL configuration. To test or demonstrate ACL, please refer to “BSW 2008 - E2ES Demo” document.

28 How to Launch ACL - Wizard Portal Three ways to launch ACL configuration Wizard Portal Quick Menu Function Menu Wizard Portal There are two entry points for ACL configuration Attack Mitigation E2ES Console Plug-In Wizard > Endpoint Security Wizard > Attack Mitigation > High Level ACL* Traffic Control E2ES Console Plug-In Wizard > Endpoint Security Wizard > Traffic Control > ACL* * Both “High Level ACL” and “ACL” have the same configuration design, there’s no difference between them

29 How to Launch ACL - Wizard Portal 1 2 3 4

30 How to Launch ACL - Function Menu & Quick Menu Quick Menu: click the device icon and right click Function Menu: Plug-In > E2ES Console Plug-In > ACL

31 Configuration Sample - ACL The configuration sample is based on 2009 pre-sales training scenario congestion slow response Switch PortProtocolPort #Action All portsUDP135 139 445 Deny Push ACL to Edge Switch

32 Configuration Sample - ACL (DGS-3200) Step1: select device on which you want to configure ACL

33 Configuration Sample - ACL (DGS-3200) Step2: select “Access Profile List” to generate ACL

34 Configuration Sample - ACL (DGS-3200) Step3: select “Create Profile” to generate ACL Profile

35 Configuration Sample - ACL (DGS-3200) Step4: configure ACL profile ID and protocol type Assign a profile ID and type of ACL In the scenario, we need to deny UDP port Create new profile & ACL type ACLs in the switch The details of selected ACL

36 Configuration Sample - ACL (DGS-3200) Step5: define the checking mask Source IP Mask: 0.0.0.0 means “any” Destination IP Mask: 0.0.0.0 means “any” Source: any Destination: any Check destination port with UDP protocol type Add the mask rule

37 Configuration Sample - ACL (DGS-3200) Step6: confirm the settings, apply to switch then add rules D-View will display configured profile ID and associated mask settings Click “Apply to Switch” if no more modification required Create associated rules for the profile by clicking “Create Rules” button The configured rules The configured profile Apply settings to switch Create rules for the profile

38 Configuration Sample - ACL (DGS-3200) Step7: select the profile ID on which you want to create rules

39 Configuration Sample - ACL (DGS-3200) Step8: create the detailed rules to deny specific UDP port Source: any Destination: any Define the UDP port Created rules

40 Configuration Sample - ACL (DGS-3200) Step9: confirm and apply the rules to switch The operation status Rule ID Rule content Keep on configuring other switch Apply settings to switch

41 Configuration Sample - ACL (DES-3528) Step1: select device on which you want to configure ACL

42 Configuration Sample - ACL (DES-3528) Step2: select “Access Profile List” to generate ACL

43 Configuration Sample - ACL (DES-3528) Step3: select “Create Profile” to generate ACL Profile

44 Configuration Sample - ACL (DES-3528) Step4: configure ACL profile ID and protocol type Assign a profile ID and type of ACL In the scenario, we need to deny UDP port ACLs in the switch DES-3528 supports Profile Name* The details of selected ACL *Please make sure no space exists in the name

45 Configuration Sample - ACL (DES-3528) Step5: define the checking mask Source IP Mask: 0.0.0.0 means “any” Destination IP Mask: 0.0.0.0 means “any” Source: any Destination: any Check destination port with UDP protocol type Add the mask rule

46 Step6: confirm the settings, apply to switch then add rules D-View will display the profile ID and associated mask settings Click “Apply to Switch” if no more modification required Create associated rules for the profile by clicking “Create Rules” button Configuration Sample - ACL (DES-3528) The configured rules The configured profile Apply settings to switch Create rules for the profile Operation status

47 Step7: select the profile ID on which you want to create rules Configuration Sample - ACL (DES-3528) Select the profile ID for creating rules Detail content in that profile

48 Step8: create the detailed rules to deny specific UDP port Configuration Sample - ACL (DES-3528) Source: any Destination: any Define the UDP port Created rules Add rules to list Assign ID and action Ports to apply the rules

49 Configuration Sample - ACL (DES-3528) Step9: confirm and apply the rules to switch The operation status Rule ID Rule content Keep on configuring other switch Apply settings to switch

50 Configuration Sample - ACL (DES-3028) Step1: select device on which you want to configure ACL

51 Configuration Sample - ACL (DES-3028) Step2: select “Access Profile List” to generate ACL

52 Configuration Sample - ACL (DES-3028) Step3: select “Create Profile” to generate ACL Profile

53 Configuration Sample - ACL (DES-3028) Step4: configure ACL profile ID and protocol type Assign a profile ID and type of ACL In the scenario, we need to deny UDP port No existed ACL in switch Select Profile ID No ACL content to display

54 Configuration Sample - ACL (DES-3028) Step5: define the checking mask Source IP Mask: 0.0.0.0 means “any” Destination IP Mask: 0.0.0.0 means “any” Source: any Destination: any Check destination port with UDP protocol type Add the mask rule

55 Configuration Sample - ACL (DES-3028) Step6: confirm the settings, apply to switch then add rules D-View will display the profile ID and associated mask settings Click “Apply to Switch” if no more modification required Create associated rules for the profile by clicking “Create Rules” button The configured rules The configured profile Apply settings to switch Create rules for the profile Operation status

56 Configuration Sample - ACL (DES-3028) Step7: select the profile ID on which you want to create rules Select the profile ID for creating rules Detail content in that profile

57 Configuration Sample - ACL (DES-3028) Step8: create the detailed rules to deny specific UDP port Source: any Destination: any Define the UDP port Created rules Add rules to list Assign ID and action Ports to apply the rules

58 Configuration Sample - ACL (DES-3028) Step9: confirm and apply the rules to switch The operation status Rule ID Rule content Keep on configuring other switch Apply settings to switch

59 IMPB (IP-MAC-Port Binding) Introduction and Configuration Sample

60 Configuration Sample - IMPB This section demonstrates IMPB configuration for DGS- 3200 and DES-3528 Purpose Know how to configure IMPB on E2ES Console Plug-In by following the step-by-step procedures Be able to demonstrate it to the customers with these steps This document introduces IMPB configuration. To test or demonstrate IMPB, please refer to “BSW 2008 - E2ES Demo” document written by Gary Chuang Supported models DES-3028 DES-3528 DES-3526 DES-3828 DGS-3200-10 DGS-3650 DGS-3426

61 How to Launch IMPB - Wizard Portal This configuration sample is for DGS-3200 Three ways to launch IMPB Wizard Portal E2ES Console Plug-In Wizard > Endpoint Security Wizard > Node/Address Control > IMPB 1 2 3 4

62 How to Launch IMPB - Function Menu & Quick Menu Quick Menu: click on the device icon and right click Function Menu: Plug-In > E2ES Console Plug-In > IMPB

63 Configuration Sample - IMPB (DGS-3200) Step1: select the device on which you want to configure IMPB

64 Configuration Sample - IMPB (DGS-3200) Step2: configure the global parameters and decide the client discovery mode The “Client Discovery” will be disabled once the DHCP Snoop State is enabled.

65 Configuration Sample - IMPB (DGS-3200) If switch does not support DHCP Snooping, user can use Client Discovery to generate the IMPB table Global configuration The discovery modes

66 Configuration Sample - IMPB (DGS-3200) Step3: configure the binding table D-View will automatically query switch’s ARP and FDB table and generate the IP-MAC-Port binding entries. Select the legitimate entries and add to the “Step2: Binding Table” Configure each entry’s ARP/ACL mode When you complete the setting, you may backup the configuration If you have an existing configuration, you may restore it to the switch. The backup/restore will only backup/restore the IMPB entries. It will not backup the whole configuration

67 Configuration Sample - IMPB (DGS-3200) D-View queries switch’s ARP & FDB table and associate the binding entries Add the legitimate entries to the Binding Table, the White List Configure the ARP/ACL mode for each entry Backup/Restore the configured IMPB entries Check the NetBIOS name

68 Configuration Sample - IMPB (DGS-3200) Step4: enable the IMPB on port/ports Be able to configure single/multiple ports simultaneously

69 Configuration Sample - IMPB (DGS-3200) Step5: enable global parameters, save configuration and apply to switch Configure global parameters Save configuration to specific location Back to device list table Apply settings to switch

70 Backup and Restore Binding Entries Backup and Restore the IMPB Click “Backup” or “Restore” button to complete the task D-View only backup/restores the binding entries. Other parameters or IMPB associated configuration are NOT included Follow up association procedures to complete the IMPB configuration After restoration

71 Type of Client Survey Mode - Auto Scan D-View will query switch’s ARP & FDB table and associate to IMPB entries Uncompleted entries will be gray out Support querying NetBIOS name to facilitate the identification

72 Type of Client Survey Mode - Manually Manually enter single binding entry with below parameters IP Address MAC Address ARP/CLI Mode Port

73 Type of Client Survey Mode - Scan Mode Provide an IP range to filter the scanned result

74 Configuration Sample - IMPB (DES-3528) Step1: select device which you want to configure IMPB

75 Configuration Sample - IMPB (DES-3528) Step2: decide the survey mode D-View will query switch’s ARP & FDB table and associate IMPB table

76 Configuration Sample - IMPB (DES-3528) Step3: configure the binding table D-View will automatically queries switch’s ARP and FDB table to generate the IP-MAC-Port binding entries. Select the legitimate entries and add to the “Step2: Binding Table” Configure each entry’s ARP/ACL mode When you complete the setting, you may backup the configuration If you have existing configuration, you may restore it to the switch. The backup/restore will only backup/restore the IMPB entries. It will not backup the whole configuration

77 Configuration Sample - IMPB (DES-3528) D-View queries switch’s ARP & FDB table and associate the binding entries Add the legal entries to the Binding Table, the White List Configure the ARP/ACL mode for each entry Backup/Restore the configured IMPB entries Check the NetBIOS name

78 Configuration Sample - IMPB (DES-3528) Step4: enable the IMPB on port/ports Be able to configure single/multiple ports simultaneously Enable with port range or discrete one

79 Configuration Sample - IMPB (DES-3528) Step5: enable global parameters, save configuration and apply to switch Configure global parameters Save configuration to specific location Back to device list table Apply settings to switch Status bar for “Apply to Switch”

80 Configuration Sample - IMPB (DES-3028) Step1: select device which you want to configure IMPB

81 Configuration Sample - IMPB (DES-3028) Step2: decide the survey mode D-View will query switch’s ARP & FDB table and associate IMPB table

82 Configuration Sample - IMPB (DES-3028) Step3: configure the binding table D-View will automatically queries switch’s ARP and FDB table to generate the IP-MAC-Port binding entries. Select the legitimate entries and add to the “Step2: Binding Table” Configure each entry’s ARP/ACL mode When you complete the setting, you may backup the configuration If you have existing configuration, you may restore it to the switch. The backup/restore will only backup/restore the IMPB entries. It will not backup the whole configuration

83 Configuration Sample - IMPB (DES-3028) D-View queries switch’s ARP & FDB table and associate the binding entries Add the legal entries to the Binding Table, the White List Configure the ARP/ACL mode for each entry Backup/Restore the configured IMPB entries Check the NetBIOS name

84 Configuration Sample - IMPB (DES-3028) Step4: enable the IMPB on port/ports Be able to configure single/multiple ports simultaneously Enable with port range or discrete one

85 Configuration Sample - IMPB (DES-3028) Step5: enable global parameters, save configuration and apply to switch Configure global parameters Save configuration to specific location Back to device list table Apply settings to switch Status bar for “Apply to Switch”

86 Thank You!

Download ppt "E2ES Console Plug-In for D-View 6 Beta1 Release Note Peter Chan, SSPD, D-Link HQ."

Similar presentations

Setup MOC Auto Reports The MOC Auto Reports provides a method to notify people about the status of MOCs. In some jurisdictions, this step is required.

Setup MOC Auto Reports The MOC Auto Reports provides a method to notify people about the status of MOCs. In some jurisdictions, this step is required.
Altai Certification Training AWMS

Altai Certification Training AWMS
Lantech Pioneering Industrial and IP Networks TM Lantech-View Pro Network Management System.

Lantech Pioneering Industrial and IP Networks TM Lantech-View Pro Network Management System.
11 ©Copyright 2007. By D-Link HQ TSD James Chu Smart III Switch Smart Console Utility Ver 2.

11 ©Copyright By D-Link HQ TSD James Chu Smart III Switch Smart Console Utility Ver 2.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
PantherSoft Financials Smart Internal Billing. Agenda  Benefits  Security and User Roles  Definitions  Workflow  Defining/Modifying Items  Creating.

PantherSoft Financials Smart Internal Billing. Agenda  Benefits  Security and User Roles  Definitions  Workflow  Defining/Modifying Items  Creating.
DNR-322L & DNR-326.

DNR-322L & DNR-326.
DSL-2870B How to Change ADSL Username and Password in your modem router How to Change Wireless Channel in your modem router How to Open Ports in your modem.

DSL-2870B How to Change ADSL Username and Password in your modem router How to Change Wireless Channel in your modem router How to Open Ports in your modem.
KX-NS1000 Initial Set Up For step by step : 16 May, 2012 1.

KX-NS1000 Initial Set Up For step by step : 16 May,
1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.1 Module 6 Switch Configuration.

1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.1 Module 6 Switch Configuration.
Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.

Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.
Designed By: Technical Training Department

Designed By: Technical Training Department
What is so good about Archie and RevMan 5

What is so good about Archie and RevMan 5
File sharing. Connect the two win 7 systems with LAN card Open the network.

File sharing. Connect the two win 7 systems with LAN card Open the network.
1 © 2006 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Using the Cisco Technical Support & Documentation Website for LAN Issues.

1 © 2006 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Using the Cisco Technical Support & Documentation Website for LAN Issues.
HiVision SNMP Software.

HiVision SNMP Software.
1 of 5 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 5 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
1 © 2006 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Using the Cisco Technical Support & Documentation Website for Security.

1 © 2006 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Using the Cisco Technical Support & Documentation Website for Security.
Ch 8-3 Working with domains and Active Directory.

Ch 8-3 Working with domains and Active Directory.
Hosted Exchange 2007. The purpose of this Startup Guide is to familiarize you with ExchangeDefender's Exchange and SharePoint Hosting. ExchangeDefender.

Hosted Exchange The purpose of this Startup Guide is to familiarize you with ExchangeDefender's Exchange and SharePoint Hosting. ExchangeDefender.

Similar presentations

Ads by Google