E2ES Console Plug-In Beta1 RN - PowerPoint PPT Presentation

About This Presentation
Title:

E2ES Console Plug-In Beta1 RN

Description:

E2ES Console Plug-In for D-View 6 Beta1 Release Note Peter Chan, SSPD, D-Link HQ Configuration Sample - IMPB (DGS-3200) Step3: configure the binding table D-View will ... – PowerPoint PPT presentation

Number of Views:73
Avg rating:3.0/5.0
Slides: 87
Provided by: PeterC183
Category:
Tags: e2es | beta1 | console | plug | spoofing

less

Transcript and Presenter's Notes

Title: E2ES Console Plug-In Beta1 RN


1
E2ES Console Plug-In for D-View 6
Beta1 Release Note
Peter Chan, SSPD, D-Link HQ
2
Preface
  • This release note is for E2ES Console Plug-In
    Beta1, a version intended for field test and
    demonstration.
  • Step-by-step configuration samples are included
    in this release note as reference
  • Any feedback from you are welcome
  • For function suggestions, pls. contact
    peter_chan_at_dlink.com.tw
  • For bugs, pls. open D-Track case to our support
    team.
  • Configuration samples for
  • ACL
  • IMPB (IP-MAC-Port Binding)
  • Supported Features in Beta1
  • IP-MAC-Port Binding (IMPB)
  • 802.1X Authentication
  • Access Control List (ACL)
  • Broadcast Storm Control
  • Guest VLAN
  • DHCP server screening
  • MAC-Based Access Control (MAC)
  • Web-Based Access Control (WAC)
  • Port Security
  • Traffic Segmentation
  • Loopback Detection
  • ARP spoofing Prevention

3
Supported Models Features
DES-3028(2.00.B27) DES-3526(5.01.B58) DES-3528(1.01.B029) DES-3828(4.50.B14) DGS-3200-10(1.35.B023) DGS-3650(2.40.B73) DGS-3426(2.35.B09)
IMPB P P P P P P P
802.1X P P P P P P P
ACL P P P P P P P
Broadcast Storm Control P P P P P P P
Guest VLAN P P P P P
MAC P P P P
WAC P P P P
Port Security P P P P P P P
Traffic Segmentation P P P P P P P
LBD P P P P P
ARP Spoofing Prevention P
DHCP Server Screening P P P
The latest information about the supported models
for features, please refer to PMDs Function
Matrix. TOPgtProduct DatagtSwitchgtSwitchgtD-VIEW6gtPr
oduct Literature
4
Known Issues
  • The known issues for E2ES Console Beta1
  • When enable MAC, WAC, Port Security and IMPB for
    switch port, theres no conflict warning message
    to notify user.
  • When changing the 802.1X Auth Mode to MAC Based
    mode, E2ES Console will not check if theres a
    port which already enables IMPB or Port Security
  • WAC Known Issues for DGS-3200
  • When user tries to change DGS-3200s WAC status
    from disable to enable, the Virtual IP
    needs to be configured first.
  • Sometimes, the user account in WAC User Setting
    pages can not be crated or removed

5
Known Issues
  • WAC Known Issues for DES-3528
  • The parameters Authentication VLAN and
    Redirection Page must be configured in switch
    first before configuring E2ES Consoles Port WAC
    Setting.
  • User can not create user account via E2ES
    Consoles WAC User Setting feature.
  • WAC Known Issues for DES-3828
  • The parameters VLAN Name and Logout Time
    must be configured in switch first before
    configuring E2ES Consoles Port WAC Setting
  • WAC Known Issues for DGS-3650
  • The parameters VLAN Name and Redirection
    Path must be configured in switch first before
    changing E2ES Consoles WAC State to Enabled

6
Known Issues
  1. If there are user accounts exist in E2ES
    Consoles WAC User Setting , you will always
    get a Fail status when applying settings to
    switch.

7
Known Issues
  1. If there are MAC addresses exist in E2ES
    Consoles MAC Database Setting , you will
    always get a Fail status when applying settings
    to switch.

8
Known Issues
  • IMPB Known Issues for DGS-3650
  • When enabling ACL Mode parameter in the MIB
    file, actually, it enables the Trap Log parameter
    in the Web UI. Also the Trap Log parameter is
    not configurable. This is switchs firmware
    issue.
  • DHCP Server Screening Known Issues If there is
    any record in the DHCP Offer Filteringtable,
    user will always get Fail status when trying
    to apply the setting to switch

9
Notice
  • D-View 6 platform must be installed before
    installing E2ES Console Plug-In
  • Please download the latest D-View 6 version on
    PMD
  • TOPgtProduct DatagtSwitchgtSwitchgtD-VIEW6gtFirmware
  • E2ES Console beta code files
  • E2ESConsoleB01(STD).exe to work with D-View 6
    Standard Edition
  • E2ESConsoleB01(PRO).exe to work with D-View 6
    Professional Edition

10
Installation
  • Double click the installation file,
    E2ESConsoleB01(STD).exe, to install E2ES Console
    Plug-In Beta1

11
Installation
  • Please follow up the instruction to complete the
    installation

12
Installation
  • Please follow up the instruction to complete the
    installation

13
Installation
  • Please follow up the instruction to complete the
    installation

14
How to Make a Demonstration- Topology
DES-3528 1.01.B029
To expand the demonstration architecture, please
check the table in page 3 4. Make sure the
switch and firmware version can work with E2ES
Console Beta1 version.
15
How to Make a Demonstration- Switchs
Configuration
  • DES-3028 (2.00.B27)
  • DES-30284config ipif System ipaddress
    172.17.5.214/24
  • DES-30284create iproute default 172.17.5.254
  • DES-30284create snmp host 172.17.5.104 v1
    public
  • DES-3528 (1.01.B029)
  • DES-35285config ipif System ipaddress
    172.17.5.213/24
  • DES-35285create iproute default 172.17.5.254
  • DES-35285enable snmp
  • DES-35285create snmp host 172.17.5.104 v1
    public
  • DES-3200-10 (1.30.B023)
  • DGS-3200-104config ipif System ipaddress
    172.17.5.211/24
  • DGS-3200-104create iproute default
    172.17.5.254
  • DGS-3200-104enable snmp
  • DGS-3200-104create snmp host 172.17.5.104 v1
    public

16
How to Make a Demonstration- Discover the
Topology
  • How to launch the discovery tool?
  • By Function Menu
  • By Quick Menu
  • By Wizard

17
How to Make a Demonstration- Discover the
Topology
  • Discover Topology by Function Menu
  • NetTools gt Topology Generator
  • The Domain and Netmap must be created before
    executing this
  • Discover Topology by Quick Menu
  • Right click the mouse on Netmap gt
  • The Domain and Netmap must be created before
    executing this

18
How to Make a Demonstration- Discover the
Topology
  • Discover Topology by Wizard
  • When D-View starts, the wizard will pop-up
    automatically
  • Select D-View Startup Wizard
  • Please follow up the guidance to complete the
    discovery

We will demonstrate discovering topology by
Wizard in this document
19
How to Make a Demonstration- Discover the
Topology by Wizard
  • Step1 Select the D-View Startup Wizard
  • D-View will redirect to original
    topology-generation wizard portal
  • Click Next for next step

20
How to Make a Demonstration- Discover the
Topology by Wizard
  • Step2 Create Domain
  • Enter the Domain name and click Create button
  • Click Next when complete

21
How to Make a Demonstration- Discover the
Topology by Wizard
  • Step3 Create Netmap
  • Enter Netmaps name and description if necessary
  • Click Next when complete
  • Step3-1 Select network adaptor
  • You may not see this request if your
    server/desktop only supports one network adaptor
  • Choose the network adaptor from the candidates
    and click OK

22
How to Make a Demonstration- Discover the
Topology by Wizard
  • Step4 Decide the analysis mode
  • Local Network D-View will try to discover the
    topology based on D-View Servers subnet
  • Designated Network assign an IP range for scan

Topology name is mandatory
23
How to Make a Demonstration- Discover the
Topology by Wizard
  • Step5 assign the community name and start the
    discovery
  • Input the community name which are assigned in
    the switch
  • Click Complete

Process status is displayed in D-Views Message
Board
The Complete button
24
How to Make a Demonstration- Discover the
Topology by Wizard
  • Step6 export to Domain and Netmap
  • Select the Domain and Netmap to export the
    discovery result
  • Click Export

25
How to Make a Demonstration- Discover the
Topology by Wizard
  • Step7 Add devices to the polling list
  • D-View will not poll the switches in gray color
  • Select gray switches and right click the mouse
  • Select Add to Poll List, these switches will
    turn Green and D-View will monitor their status

26
ACL (Access Control List)
  • Introduction and Configuration Sample

27
ACL Configuration Sample Preface
  • This section will demonstrate how to configure
    ACL for DGS-3200, DES-3528 and DES-3028
  • Purpose
  • Know how to configure ACL feature on E2ES Console
    Plug-In by following the step-by-step procedures
  • Be able to demonstrate it to customers with these
    steps
  • This document introduces ACL configuration. To
    test or demonstrate ACL, please refer to BSW
    2008 - E2ES Demo document.

28
How to Launch ACL- Wizard Portal
  • Three ways to launch ACL configuration
  • Wizard Portal
  • Quick Menu
  • Function Menu
  • Wizard Portal
  • There are two entry points for ACL configuration
  • Attack Mitigation
  • E2ES Console Plug-In Wizard gt Endpoint
    Security Wizard
  • gt Attack Mitigation gt High Level ACL
  • Traffic Control
  • E2ES Console Plug-In Wizard gt Endpoint
    Security Wizard
  • gt Traffic Control gt ACL

Both High Level ACL and ACL have the same
configuration design, theres no difference
between them
29
How to Launch ACL- Wizard Portal
30
How to Launch ACL- Function Menu Quick Menu
  • Quick Menu click the device icon and right click
  • Function MenuPlug-In gt E2ES Console Plug-In gt
    ACL

lt Function Menu gt
lt Quick Menu gt
31
Configuration Sample- ACL
  • The configuration sample is based on 2009
    pre-sales training scenario

Push ACL to Edge Switch
slow response
Switch Port Protocol Port Action
All ports UDP 135 139 445 Deny
slow response
congestion
congestion
32
Configuration Sample- ACL (DGS-3200)
  • Step1 select device on which you want to
    configure ACL

33
Configuration Sample- ACL (DGS-3200)
  • Step2 select Access Profile List to generate
    ACL

34
Configuration Sample- ACL (DGS-3200)
  • Step3 select Create Profile to generate ACL
    Profile

35
Configuration Sample- ACL (DGS-3200)
  • Step4 configure ACL profile ID and protocol type
  • Assign a profile ID and type of ACL
  • In the scenario, we need to deny UDP port

Create new profile ACL type
The details of selected ACL
ACLs in the switch
36
Configuration Sample- ACL (DGS-3200)
  • Step5 define the checking mask
  • Source IP Mask 0.0.0.0 means any
  • Destination IP Mask 0.0.0.0 means any

Source any Destination any
Check destination port with UDP protocol type
Add the mask rule
37
Configuration Sample- ACL (DGS-3200)
  • Step6 confirm the settings, apply to switch then
    add rules
  • D-View will display configured profile ID and
    associated mask settings
  • Click Apply to Switch if no more modification
    required
  • Create associated rules for the profile by
    clicking Create Rules button

The configured profile
The configured rules
Apply settings to switch
Create rules for the profile
38
Configuration Sample- ACL (DGS-3200)
  • Step7 select the profile ID on which you want to
    create rules

39
Configuration Sample- ACL (DGS-3200)
  • Step8 create the detailed rules to deny specific
    UDP port

Source any Destination any
Define the UDP port
Created rules
40
Configuration Sample- ACL (DGS-3200)
  • Step9 confirm and apply the rules to switch

The operation status
Rule content
Rule ID
Keep on configuring other switch
Apply settings to switch
41
Configuration Sample- ACL (DES-3528)
  • Step1 select device on which you want to
    configure ACL

42
Configuration Sample- ACL (DES-3528)
  • Step2 select Access Profile List to generate
    ACL

43
Configuration Sample- ACL (DES-3528)
  • Step3 select Create Profile to generate ACL
    Profile

44
Configuration Sample- ACL (DES-3528)
  • Step4 configure ACL profile ID and protocol type
  • Assign a profile ID and type of ACL
  • In the scenario, we need to deny UDP port

DES-3528 supports Profile Name
The details of selected ACL
ACLs in the switch
Please make sure no space exists in the name
45
Configuration Sample- ACL (DES-3528)
  • Step5 define the checking mask
  • Source IP Mask 0.0.0.0 means any
  • Destination IP Mask 0.0.0.0 means any

Source any Destination any
Check destination port with UDP protocol type
Add the mask rule
46
Configuration Sample- ACL (DES-3528)
  • Step6 confirm the settings, apply to switch then
    add rules
  • D-View will display the profile ID and associated
    mask settings
  • Click Apply to Switch if no more modification
    required
  • Create associated rules for the profile by
    clicking Create Rules button

Operation status
The configured profile
The configured rules
Apply settings to switch
Create rules for the profile
47
Configuration Sample- ACL (DES-3528)
  • Step7 select the profile ID on which you want to
    create rules

Select the profile ID for creating rules
Detail content in that profile
48
Configuration Sample- ACL (DES-3528)
  • Step8 create the detailed rules to deny specific
    UDP port

Assign ID and action
Source any Destination any
Ports to apply the rules
Define the UDP port
Add rules to list
Created rules
49
Configuration Sample- ACL (DES-3528)
  • Step9 confirm and apply the rules to switch

The operation status
Rule content
Rule ID
Keep on configuring other switch
Apply settings to switch
50
Configuration Sample- ACL (DES-3028)
  • Step1 select device on which you want to
    configure ACL

51
Configuration Sample- ACL (DES-3028)
  • Step2 select Access Profile List to generate
    ACL

52
Configuration Sample- ACL (DES-3028)
  • Step3 select Create Profile to generate ACL
    Profile

53
Configuration Sample- ACL (DES-3028)
  • Step4 configure ACL profile ID and protocol type
  • Assign a profile ID and type of ACL
  • In the scenario, we need to deny UDP port

Select Profile ID
No ACL content to display
No existed ACL in switch
54
Configuration Sample- ACL (DES-3028)
  • Step5 define the checking mask
  • Source IP Mask 0.0.0.0 means any
  • Destination IP Mask 0.0.0.0 means any

Source any Destination any
Check destination port with UDP protocol type
Add the mask rule
55
Configuration Sample- ACL (DES-3028)
  • Step6 confirm the settings, apply to switch then
    add rules
  • D-View will display the profile ID and associated
    mask settings
  • Click Apply to Switch if no more modification
    required
  • Create associated rules for the profile by
    clicking Create Rules button

Operation status
The configured profile
The configured rules
Apply settings to switch
Create rules for the profile
56
Configuration Sample- ACL (DES-3028)
  • Step7 select the profile ID on which you want to
    create rules

Select the profile ID for creating rules
Detail content in that profile
57
Configuration Sample- ACL (DES-3028)
  • Step8 create the detailed rules to deny specific
    UDP port

Assign ID and action
Source any Destination any
Ports to apply the rules
Define the UDP port
Add rules to list
Created rules
58
Configuration Sample- ACL (DES-3028)
  • Step9 confirm and apply the rules to switch

The operation status
Rule ID
Rule content
Keep on configuring other switch
Apply settings to switch
59
IMPB (IP-MAC-Port Binding)
  • Introduction and Configuration Sample

60
Configuration Sample- IMPB
  • This section demonstrates IMPB configuration for
    DGS-3200 and DES-3528
  • Purpose
  • Know how to configure IMPB on E2ES Console
    Plug-In by following the step-by-step procedures
  • Be able to demonstrate it to the customers with
    these steps
  • This document introduces IMPB configuration. To
    test or demonstrate IMPB, please refer to BSW
    2008 - E2ES Demo document written by Gary Chuang
  • Supported models
  • DGS-3200-10
  • DGS-3650
  • DGS-3426
  • DES-3028
  • DES-3528
  • DES-3526
  • DES-3828

61
How to Launch IMPB- Wizard Portal
  • This configuration sample is for DGS-3200
  • Three ways to launch IMPB
  • Wizard Portal
  • E2ES Console Plug-In Wizard gt Endpoint Security
    Wizard
  • gt Node/Address Control gt IMPB

62
How to Launch IMPB- Function Menu Quick Menu
  • Quick Menu click on the device icon and right
    click
  • Function MenuPlug-In gt E2ES Console Plug-In gt
    IMPB

lt Function Menu gt
lt Quick Menu gt
63
Configuration Sample- IMPB (DGS-3200)
  • Step1 select the device on which you want to
    configure IMPB

64
Configuration Sample- IMPB (DGS-3200)
  • Step2 configure the global parameters and decide
    the client discovery mode
  • The Client Discovery will be disabled once the
    DHCP Snoop State is enabled.

65
Configuration Sample- IMPB (DGS-3200)
  • If switch does not support DHCP Snooping, user
    can use Client Discovery to generate the IMPB
    table

Global configuration
The discovery modes
66
Configuration Sample- IMPB (DGS-3200)
  • Step3 configure the binding table
  • D-View will automatically query switchs ARP and
    FDB table and generate the IP-MAC-Port binding
    entries.
  • Select the legitimate entries and add to the
    Step2 Binding Table
  • Configure each entrys ARP/ACL mode
  • When you complete the setting, you may backup the
    configuration
  • If you have an existing configuration, you may
    restore it to the switch.
  • The backup/restore will only backup/restore the
    IMPB entries. It will not backup the whole
    configuration

67
Configuration Sample- IMPB (DGS-3200)
D-View queries switchs ARP FDB table and
associate the binding entries
Add the legitimate entries to the Binding Table,
the White List
Configure the ARP/ACL mode for each entry
Backup/Restore the configured IMPB entries
Check the NetBIOS name
68
Configuration Sample- IMPB (DGS-3200)
  • Step4 enable the IMPB on port/ports
  • Be able to configure single/multiple ports
    simultaneously

69
Configuration Sample- IMPB (DGS-3200)
  • Step5 enable global parameters, save
    configuration and apply to switch

Configure global parameters
Save configuration to specific location
Back to device list table
Apply settings to switch
70
Backup and Restore Binding Entries
  • Backup and Restore the IMPB
  • Click Backup or Restore button to complete
    the task
  • D-View only backup/restores the binding entries.
    Other parameters or IMPB associated configuration
    are NOT included
  • Follow up association procedures to complete the
    IMPB configuration

After restoration
71
Type of Client Survey Mode- Auto Scan
  • D-View will query switchs ARP FDB table and
    associate to IMPB entries
  • Uncompleted entries will be gray out
  • Support querying NetBIOS name to facilitate the
    identification

72
Type of Client Survey Mode- Manually
  • Manually enter single binding entry with below
    parameters
  • IP Address
  • MAC Address
  • ARP/CLI Mode
  • Port

73
Type of Client Survey Mode- Scan Mode
  • Provide an IP range to filter the scanned result

74
Configuration Sample- IMPB (DES-3528)
  • Step1 select device which you want to configure
    IMPB

75
Configuration Sample- IMPB (DES-3528)
  • Step2 decide the survey mode
  • D-View will query switchs ARP FDB table and
    associate IMPB table

76
Configuration Sample- IMPB (DES-3528)
  • Step3 configure the binding table
  • D-View will automatically queries switchs ARP
    and FDB table to generate the IP-MAC-Port binding
    entries.
  • Select the legitimate entries and add to the
    Step2 Binding Table
  • Configure each entrys ARP/ACL mode
  • When you complete the setting, you may backup the
    configuration
  • If you have existing configuration, you may
    restore it to the switch.
  • The backup/restore will only backup/restore the
    IMPB entries. It will not backup the whole
    configuration

77
Configuration Sample- IMPB (DES-3528)
D-View queries switchs ARP FDB table and
associate the binding entries
Add the legal entries to the Binding Table, the
White List
Configure the ARP/ACL mode for each entry
Backup/Restore the configured IMPB entries
Check the NetBIOS name
78
Configuration Sample- IMPB (DES-3528)
  • Step4 enable the IMPB on port/ports
  • Be able to configure single/multiple ports
    simultaneously
  • Enable with port range or discrete one

79
Configuration Sample- IMPB (DES-3528)
  • Step5 enable global parameters, save
    configuration and apply to switch

Configure global parameters
Save configuration to specific location
Back to device list table
Status bar for Apply to Switch
Apply settings to switch
80
Configuration Sample- IMPB (DES-3028)
  • Step1 select device which you want to configure
    IMPB

81
Configuration Sample- IMPB (DES-3028)
  • Step2 decide the survey mode
  • D-View will query switchs ARP FDB table and
    associate IMPB table

82
Configuration Sample- IMPB (DES-3028)
  • Step3 configure the binding table
  • D-View will automatically queries switchs ARP
    and FDB table to generate the IP-MAC-Port binding
    entries.
  • Select the legitimate entries and add to the
    Step2 Binding Table
  • Configure each entrys ARP/ACL mode
  • When you complete the setting, you may backup the
    configuration
  • If you have existing configuration, you may
    restore it to the switch.
  • The backup/restore will only backup/restore the
    IMPB entries. It will not backup the whole
    configuration

83
Configuration Sample- IMPB (DES-3028)
D-View queries switchs ARP FDB table and
associate the binding entries
Add the legal entries to the Binding Table, the
White List
Configure the ARP/ACL mode for each entry
Backup/Restore the configured IMPB entries
Check the NetBIOS name
84
Configuration Sample- IMPB (DES-3028)
  • Step4 enable the IMPB on port/ports
  • Be able to configure single/multiple ports
    simultaneously
  • Enable with port range or discrete one

85
Configuration Sample- IMPB (DES-3028)
  • Step5 enable global parameters, save
    configuration and apply to switch

Configure global parameters
Save configuration to specific location
Back to device list table
Status bar for Apply to Switch
Apply settings to switch
86
Thank You!
Write a Comment
User Comments (0)
About PowerShow.com