Title: E2ES Console Plug-In Beta1 RN
1E2ES Console Plug-In for D-View 6
Beta1 Release Note
Peter Chan, SSPD, D-Link HQ
2Preface
- This release note is for E2ES Console Plug-In
Beta1, a version intended for field test and
demonstration. - Step-by-step configuration samples are included
in this release note as reference - Any feedback from you are welcome
- For function suggestions, pls. contact
peter_chan_at_dlink.com.tw - For bugs, pls. open D-Track case to our support
team. - Configuration samples for
- ACL
- IMPB (IP-MAC-Port Binding)
- Supported Features in Beta1
- IP-MAC-Port Binding (IMPB)
- 802.1X Authentication
- Access Control List (ACL)
- Broadcast Storm Control
- Guest VLAN
- DHCP server screening
- MAC-Based Access Control (MAC)
- Web-Based Access Control (WAC)
- Port Security
- Traffic Segmentation
- Loopback Detection
- ARP spoofing Prevention
3Supported Models Features
DES-3028(2.00.B27) DES-3526(5.01.B58) DES-3528(1.01.B029) DES-3828(4.50.B14) DGS-3200-10(1.35.B023) DGS-3650(2.40.B73) DGS-3426(2.35.B09)
IMPB P P P P P P P
802.1X P P P P P P P
ACL P P P P P P P
Broadcast Storm Control P P P P P P P
Guest VLAN P P P P P
MAC P P P P
WAC P P P P
Port Security P P P P P P P
Traffic Segmentation P P P P P P P
LBD P P P P P
ARP Spoofing Prevention P
DHCP Server Screening P P P
The latest information about the supported models
for features, please refer to PMDs Function
Matrix. TOPgtProduct DatagtSwitchgtSwitchgtD-VIEW6gtPr
oduct Literature
4Known Issues
- The known issues for E2ES Console Beta1
- When enable MAC, WAC, Port Security and IMPB for
switch port, theres no conflict warning message
to notify user. - When changing the 802.1X Auth Mode to MAC Based
mode, E2ES Console will not check if theres a
port which already enables IMPB or Port Security - WAC Known Issues for DGS-3200
- When user tries to change DGS-3200s WAC status
from disable to enable, the Virtual IP
needs to be configured first.
- Sometimes, the user account in WAC User Setting
pages can not be crated or removed
5Known Issues
- WAC Known Issues for DES-3528
- The parameters Authentication VLAN and
Redirection Page must be configured in switch
first before configuring E2ES Consoles Port WAC
Setting. - User can not create user account via E2ES
Consoles WAC User Setting feature. - WAC Known Issues for DES-3828
- The parameters VLAN Name and Logout Time
must be configured in switch first before
configuring E2ES Consoles Port WAC Setting - WAC Known Issues for DGS-3650
- The parameters VLAN Name and Redirection
Path must be configured in switch first before
changing E2ES Consoles WAC State to Enabled
6Known Issues
- If there are user accounts exist in E2ES
Consoles WAC User Setting , you will always
get a Fail status when applying settings to
switch.
7Known Issues
- If there are MAC addresses exist in E2ES
Consoles MAC Database Setting , you will
always get a Fail status when applying settings
to switch.
8Known Issues
- IMPB Known Issues for DGS-3650
- When enabling ACL Mode parameter in the MIB
file, actually, it enables the Trap Log parameter
in the Web UI. Also the Trap Log parameter is
not configurable. This is switchs firmware
issue. - DHCP Server Screening Known Issues If there is
any record in the DHCP Offer Filteringtable,
user will always get Fail status when trying
to apply the setting to switch
9Notice
- D-View 6 platform must be installed before
installing E2ES Console Plug-In - Please download the latest D-View 6 version on
PMD - TOPgtProduct DatagtSwitchgtSwitchgtD-VIEW6gtFirmware
- E2ES Console beta code files
- E2ESConsoleB01(STD).exe to work with D-View 6
Standard Edition - E2ESConsoleB01(PRO).exe to work with D-View 6
Professional Edition
10Installation
- Double click the installation file,
E2ESConsoleB01(STD).exe, to install E2ES Console
Plug-In Beta1
11Installation
- Please follow up the instruction to complete the
installation
12Installation
- Please follow up the instruction to complete the
installation
13Installation
- Please follow up the instruction to complete the
installation
14How to Make a Demonstration- Topology
DES-3528 1.01.B029
To expand the demonstration architecture, please
check the table in page 3 4. Make sure the
switch and firmware version can work with E2ES
Console Beta1 version.
15How to Make a Demonstration- Switchs
Configuration
- DES-3028 (2.00.B27)
- DES-30284config ipif System ipaddress
172.17.5.214/24 - DES-30284create iproute default 172.17.5.254
- DES-30284create snmp host 172.17.5.104 v1
public - DES-3528 (1.01.B029)
- DES-35285config ipif System ipaddress
172.17.5.213/24 - DES-35285create iproute default 172.17.5.254
- DES-35285enable snmp
- DES-35285create snmp host 172.17.5.104 v1
public - DES-3200-10 (1.30.B023)
- DGS-3200-104config ipif System ipaddress
172.17.5.211/24 - DGS-3200-104create iproute default
172.17.5.254 - DGS-3200-104enable snmp
- DGS-3200-104create snmp host 172.17.5.104 v1
public
16How to Make a Demonstration- Discover the
Topology
- How to launch the discovery tool?
- By Function Menu
- By Quick Menu
- By Wizard
-
17How to Make a Demonstration- Discover the
Topology
- Discover Topology by Function Menu
- NetTools gt Topology Generator
- The Domain and Netmap must be created before
executing this
- Discover Topology by Quick Menu
- Right click the mouse on Netmap gt
- The Domain and Netmap must be created before
executing this
18How to Make a Demonstration- Discover the
Topology
- Discover Topology by Wizard
- When D-View starts, the wizard will pop-up
automatically - Select D-View Startup Wizard
- Please follow up the guidance to complete the
discovery
We will demonstrate discovering topology by
Wizard in this document
19How to Make a Demonstration- Discover the
Topology by Wizard
- Step1 Select the D-View Startup Wizard
- D-View will redirect to original
topology-generation wizard portal - Click Next for next step
20How to Make a Demonstration- Discover the
Topology by Wizard
- Step2 Create Domain
- Enter the Domain name and click Create button
- Click Next when complete
21How to Make a Demonstration- Discover the
Topology by Wizard
- Step3 Create Netmap
- Enter Netmaps name and description if necessary
- Click Next when complete
- Step3-1 Select network adaptor
- You may not see this request if your
server/desktop only supports one network adaptor - Choose the network adaptor from the candidates
and click OK
22How to Make a Demonstration- Discover the
Topology by Wizard
- Step4 Decide the analysis mode
- Local Network D-View will try to discover the
topology based on D-View Servers subnet - Designated Network assign an IP range for scan
-
Topology name is mandatory
23How to Make a Demonstration- Discover the
Topology by Wizard
- Step5 assign the community name and start the
discovery - Input the community name which are assigned in
the switch - Click Complete
Process status is displayed in D-Views Message
Board
The Complete button
24How to Make a Demonstration- Discover the
Topology by Wizard
- Step6 export to Domain and Netmap
- Select the Domain and Netmap to export the
discovery result - Click Export
25How to Make a Demonstration- Discover the
Topology by Wizard
- Step7 Add devices to the polling list
- D-View will not poll the switches in gray color
- Select gray switches and right click the mouse
- Select Add to Poll List, these switches will
turn Green and D-View will monitor their status
26ACL (Access Control List)
- Introduction and Configuration Sample
27ACL Configuration Sample Preface
- This section will demonstrate how to configure
ACL for DGS-3200, DES-3528 and DES-3028 - Purpose
- Know how to configure ACL feature on E2ES Console
Plug-In by following the step-by-step procedures - Be able to demonstrate it to customers with these
steps - This document introduces ACL configuration. To
test or demonstrate ACL, please refer to BSW
2008 - E2ES Demo document.
28How to Launch ACL- Wizard Portal
- Three ways to launch ACL configuration
- Wizard Portal
- Quick Menu
- Function Menu
- Wizard Portal
- There are two entry points for ACL configuration
- Attack Mitigation
- E2ES Console Plug-In Wizard gt Endpoint
Security Wizard - gt Attack Mitigation gt High Level ACL
- Traffic Control
- E2ES Console Plug-In Wizard gt Endpoint
Security Wizard - gt Traffic Control gt ACL
Both High Level ACL and ACL have the same
configuration design, theres no difference
between them
29How to Launch ACL- Wizard Portal
30How to Launch ACL- Function Menu Quick Menu
- Quick Menu click the device icon and right click
- Function MenuPlug-In gt E2ES Console Plug-In gt
ACL
lt Function Menu gt
lt Quick Menu gt
31Configuration Sample- ACL
- The configuration sample is based on 2009
pre-sales training scenario
Push ACL to Edge Switch
slow response
Switch Port Protocol Port Action
All ports UDP 135 139 445 Deny
slow response
congestion
congestion
32Configuration Sample- ACL (DGS-3200)
- Step1 select device on which you want to
configure ACL
33Configuration Sample- ACL (DGS-3200)
- Step2 select Access Profile List to generate
ACL
34Configuration Sample- ACL (DGS-3200)
- Step3 select Create Profile to generate ACL
Profile
35Configuration Sample- ACL (DGS-3200)
- Step4 configure ACL profile ID and protocol type
- Assign a profile ID and type of ACL
- In the scenario, we need to deny UDP port
Create new profile ACL type
The details of selected ACL
ACLs in the switch
36Configuration Sample- ACL (DGS-3200)
- Step5 define the checking mask
- Source IP Mask 0.0.0.0 means any
- Destination IP Mask 0.0.0.0 means any
Source any Destination any
Check destination port with UDP protocol type
Add the mask rule
37Configuration Sample- ACL (DGS-3200)
- Step6 confirm the settings, apply to switch then
add rules - D-View will display configured profile ID and
associated mask settings - Click Apply to Switch if no more modification
required - Create associated rules for the profile by
clicking Create Rules button
The configured profile
The configured rules
Apply settings to switch
Create rules for the profile
38Configuration Sample- ACL (DGS-3200)
- Step7 select the profile ID on which you want to
create rules
39Configuration Sample- ACL (DGS-3200)
- Step8 create the detailed rules to deny specific
UDP port
Source any Destination any
Define the UDP port
Created rules
40Configuration Sample- ACL (DGS-3200)
- Step9 confirm and apply the rules to switch
The operation status
Rule content
Rule ID
Keep on configuring other switch
Apply settings to switch
41Configuration Sample- ACL (DES-3528)
- Step1 select device on which you want to
configure ACL
42Configuration Sample- ACL (DES-3528)
- Step2 select Access Profile List to generate
ACL
43Configuration Sample- ACL (DES-3528)
- Step3 select Create Profile to generate ACL
Profile
44Configuration Sample- ACL (DES-3528)
- Step4 configure ACL profile ID and protocol type
- Assign a profile ID and type of ACL
- In the scenario, we need to deny UDP port
DES-3528 supports Profile Name
The details of selected ACL
ACLs in the switch
Please make sure no space exists in the name
45Configuration Sample- ACL (DES-3528)
- Step5 define the checking mask
- Source IP Mask 0.0.0.0 means any
- Destination IP Mask 0.0.0.0 means any
Source any Destination any
Check destination port with UDP protocol type
Add the mask rule
46Configuration Sample- ACL (DES-3528)
- Step6 confirm the settings, apply to switch then
add rules - D-View will display the profile ID and associated
mask settings - Click Apply to Switch if no more modification
required - Create associated rules for the profile by
clicking Create Rules button
Operation status
The configured profile
The configured rules
Apply settings to switch
Create rules for the profile
47Configuration Sample- ACL (DES-3528)
- Step7 select the profile ID on which you want to
create rules
Select the profile ID for creating rules
Detail content in that profile
48Configuration Sample- ACL (DES-3528)
- Step8 create the detailed rules to deny specific
UDP port
Assign ID and action
Source any Destination any
Ports to apply the rules
Define the UDP port
Add rules to list
Created rules
49Configuration Sample- ACL (DES-3528)
- Step9 confirm and apply the rules to switch
The operation status
Rule content
Rule ID
Keep on configuring other switch
Apply settings to switch
50Configuration Sample- ACL (DES-3028)
- Step1 select device on which you want to
configure ACL
51Configuration Sample- ACL (DES-3028)
- Step2 select Access Profile List to generate
ACL
52Configuration Sample- ACL (DES-3028)
- Step3 select Create Profile to generate ACL
Profile
53Configuration Sample- ACL (DES-3028)
- Step4 configure ACL profile ID and protocol type
- Assign a profile ID and type of ACL
- In the scenario, we need to deny UDP port
Select Profile ID
No ACL content to display
No existed ACL in switch
54Configuration Sample- ACL (DES-3028)
- Step5 define the checking mask
- Source IP Mask 0.0.0.0 means any
- Destination IP Mask 0.0.0.0 means any
Source any Destination any
Check destination port with UDP protocol type
Add the mask rule
55Configuration Sample- ACL (DES-3028)
- Step6 confirm the settings, apply to switch then
add rules - D-View will display the profile ID and associated
mask settings - Click Apply to Switch if no more modification
required - Create associated rules for the profile by
clicking Create Rules button
Operation status
The configured profile
The configured rules
Apply settings to switch
Create rules for the profile
56Configuration Sample- ACL (DES-3028)
- Step7 select the profile ID on which you want to
create rules
Select the profile ID for creating rules
Detail content in that profile
57Configuration Sample- ACL (DES-3028)
- Step8 create the detailed rules to deny specific
UDP port
Assign ID and action
Source any Destination any
Ports to apply the rules
Define the UDP port
Add rules to list
Created rules
58Configuration Sample- ACL (DES-3028)
- Step9 confirm and apply the rules to switch
The operation status
Rule ID
Rule content
Keep on configuring other switch
Apply settings to switch
59IMPB (IP-MAC-Port Binding)
- Introduction and Configuration Sample
60Configuration Sample- IMPB
- This section demonstrates IMPB configuration for
DGS-3200 and DES-3528 - Purpose
- Know how to configure IMPB on E2ES Console
Plug-In by following the step-by-step procedures - Be able to demonstrate it to the customers with
these steps - This document introduces IMPB configuration. To
test or demonstrate IMPB, please refer to BSW
2008 - E2ES Demo document written by Gary Chuang - Supported models
- DGS-3200-10
- DGS-3650
- DGS-3426
- DES-3028
- DES-3528
- DES-3526
- DES-3828
61How to Launch IMPB- Wizard Portal
- This configuration sample is for DGS-3200
- Three ways to launch IMPB
- Wizard Portal
- E2ES Console Plug-In Wizard gt Endpoint Security
Wizard - gt Node/Address Control gt IMPB
62How to Launch IMPB- Function Menu Quick Menu
- Quick Menu click on the device icon and right
click - Function MenuPlug-In gt E2ES Console Plug-In gt
IMPB
lt Function Menu gt
lt Quick Menu gt
63Configuration Sample- IMPB (DGS-3200)
- Step1 select the device on which you want to
configure IMPB
64Configuration Sample- IMPB (DGS-3200)
- Step2 configure the global parameters and decide
the client discovery mode - The Client Discovery will be disabled once the
DHCP Snoop State is enabled.
65Configuration Sample- IMPB (DGS-3200)
- If switch does not support DHCP Snooping, user
can use Client Discovery to generate the IMPB
table
Global configuration
The discovery modes
66Configuration Sample- IMPB (DGS-3200)
- Step3 configure the binding table
- D-View will automatically query switchs ARP and
FDB table and generate the IP-MAC-Port binding
entries. - Select the legitimate entries and add to the
Step2 Binding Table - Configure each entrys ARP/ACL mode
- When you complete the setting, you may backup the
configuration - If you have an existing configuration, you may
restore it to the switch. - The backup/restore will only backup/restore the
IMPB entries. It will not backup the whole
configuration
67Configuration Sample- IMPB (DGS-3200)
D-View queries switchs ARP FDB table and
associate the binding entries
Add the legitimate entries to the Binding Table,
the White List
Configure the ARP/ACL mode for each entry
Backup/Restore the configured IMPB entries
Check the NetBIOS name
68Configuration Sample- IMPB (DGS-3200)
- Step4 enable the IMPB on port/ports
- Be able to configure single/multiple ports
simultaneously
69Configuration Sample- IMPB (DGS-3200)
- Step5 enable global parameters, save
configuration and apply to switch
Configure global parameters
Save configuration to specific location
Back to device list table
Apply settings to switch
70Backup and Restore Binding Entries
- Backup and Restore the IMPB
- Click Backup or Restore button to complete
the task - D-View only backup/restores the binding entries.
Other parameters or IMPB associated configuration
are NOT included - Follow up association procedures to complete the
IMPB configuration
After restoration
71Type of Client Survey Mode- Auto Scan
- D-View will query switchs ARP FDB table and
associate to IMPB entries - Uncompleted entries will be gray out
- Support querying NetBIOS name to facilitate the
identification
72Type of Client Survey Mode- Manually
- Manually enter single binding entry with below
parameters - IP Address
- MAC Address
- ARP/CLI Mode
- Port
73Type of Client Survey Mode- Scan Mode
- Provide an IP range to filter the scanned result
74Configuration Sample- IMPB (DES-3528)
- Step1 select device which you want to configure
IMPB
75Configuration Sample- IMPB (DES-3528)
- Step2 decide the survey mode
- D-View will query switchs ARP FDB table and
associate IMPB table
76Configuration Sample- IMPB (DES-3528)
- Step3 configure the binding table
- D-View will automatically queries switchs ARP
and FDB table to generate the IP-MAC-Port binding
entries. - Select the legitimate entries and add to the
Step2 Binding Table - Configure each entrys ARP/ACL mode
- When you complete the setting, you may backup the
configuration - If you have existing configuration, you may
restore it to the switch. - The backup/restore will only backup/restore the
IMPB entries. It will not backup the whole
configuration
77Configuration Sample- IMPB (DES-3528)
D-View queries switchs ARP FDB table and
associate the binding entries
Add the legal entries to the Binding Table, the
White List
Configure the ARP/ACL mode for each entry
Backup/Restore the configured IMPB entries
Check the NetBIOS name
78Configuration Sample- IMPB (DES-3528)
- Step4 enable the IMPB on port/ports
- Be able to configure single/multiple ports
simultaneously - Enable with port range or discrete one
79Configuration Sample- IMPB (DES-3528)
- Step5 enable global parameters, save
configuration and apply to switch
Configure global parameters
Save configuration to specific location
Back to device list table
Status bar for Apply to Switch
Apply settings to switch
80Configuration Sample- IMPB (DES-3028)
- Step1 select device which you want to configure
IMPB
81Configuration Sample- IMPB (DES-3028)
- Step2 decide the survey mode
- D-View will query switchs ARP FDB table and
associate IMPB table
82Configuration Sample- IMPB (DES-3028)
- Step3 configure the binding table
- D-View will automatically queries switchs ARP
and FDB table to generate the IP-MAC-Port binding
entries. - Select the legitimate entries and add to the
Step2 Binding Table - Configure each entrys ARP/ACL mode
- When you complete the setting, you may backup the
configuration - If you have existing configuration, you may
restore it to the switch. - The backup/restore will only backup/restore the
IMPB entries. It will not backup the whole
configuration
83Configuration Sample- IMPB (DES-3028)
D-View queries switchs ARP FDB table and
associate the binding entries
Add the legal entries to the Binding Table, the
White List
Configure the ARP/ACL mode for each entry
Backup/Restore the configured IMPB entries
Check the NetBIOS name
84Configuration Sample- IMPB (DES-3028)
- Step4 enable the IMPB on port/ports
- Be able to configure single/multiple ports
simultaneously - Enable with port range or discrete one
85Configuration Sample- IMPB (DES-3028)
- Step5 enable global parameters, save
configuration and apply to switch
Configure global parameters
Save configuration to specific location
Back to device list table
Status bar for Apply to Switch
Apply settings to switch
86Thank You!