Fujitsu BX600 Security Feature, Port Based Authentication, Locked Port Support, Radius Client

Page 19

Compliance Statements

Important Notes

2.1.4Security Feature

SSL

Secure Socket Layer (SSL) is an application-level protocol that enables secure transactions of data through privacy, authentication, and data integrity. It relies upon certificates and public and private keys. SSL version 3 and TLS version 1 are currently supported.

Port Based Authentication (802.1x)

Port based authentication enables authenticating system users on a per-port basis via an external server. Only authenticated and approved system users can transmit and receive data. Ports are authenticated via the Remote Authentication Dial In User Service (RADIUS) server using the Extensible Authentication Protocol (EAP).

Locked Port Support

Locked Port increases network security by limiting access on a specific port only to users with specific MAC addresses. These addresses are either manually defined or learned on that port. When a frame is seen on a locked port, and the frame source MAC address is not tied to that port, the protection mechanism is invoked.

RADIUS Client

RADIUS is a client/server-based protocol. A RADIUS server maintains a user database, which contains per-user authentication information, such as user name, password and accounting information. For more information, see "Configuring RADIUS Global Parameters".

SSH

Secure Shell (SSH) is a protocol that provides a secure, remote connection to an IBP Module. SSH version 1 and version 2 are currently supported. The SSH server feature enables an SSH client to establish a secure, encrypted connection with a IBP Module. This connection provides functionality that is similar to an inbound telnet connection. SSH uses RSA Public Key cryptography for IBP Module connections and authentication.

TACACS+

TACACS+ provides centralized security for validation of users accessing the IBP Module. TACACS+ provides a centralized user management system, while still retaining consistency with RADIUS and other authentication processes.

Image 19

Contents Primergy BX600 Blade Server Systems Primergy BX600 Blade Server Systems Comments… Suggestions… Corrections… Page Contents Page Page Page 1Information About Boards Important NotesIndustry Canada Class a 2Compliance StatementsLVD Taiwan Bsmi Class a Australia AS/NZS 3548 1995 Class a Head of Line Blocking Features of the IBP ModuleJumbo Frames Support MAC Address Supported Features MAC Address Capacity SupportFlow Control Support Ieee Back Pressure SupportPort Security Layer 2 Features Igmp SnoopingVlan Transparency Supported Features Automatic Aging for MAC AddressesFailover Propogation Support Port Backup SupportBootP and Dhcp Clients Port Group SupportDuplication of Management file IBP Module Management FeaturesSave Configuration as file Various Files of Management OperationSnmp Version 1,Version 2, and Version Snmp Alarms and Trap LogsConfiguration File Download and Upload Command Line InterfaceRadius Client Security FeaturePort Based Authentication Locked Port SupportInternal Ports Description of HardwareCompliance Statements Important Notes Primergy BX620 Primergy GbE Switch Blade 30/12 Internal Ports ListSystem LED Features and BenefitsStatus of LEDs Port LEDsManagement PerformanceNotational Conventions Target Group National and international standards Technical DataDimensions Electrical dataEnvironmental conditions Introduction to IBP Network PlanningMaking Network Connections Connecting to 1000BASE-T Devices1000BASE-T Cable Requirements Cable Testing for Existing Category 5 Cable1000BASE-T Pin Assignments Adjusting Existing Category 5 Cabling for 1000BASE-TOverview Package ContentsUnpacking the IBP Module Mount the IBP Module Connecting the IBP ModuleSelect 2 Console Redirection Switch Blade Port Default Settings Start up and Configuration the IBP ModuleUnder Properties, select VT100 for Emulation mode Configuring the TerminalBooting Device Boot Image Download Erasing the Device ConfigurationSoftware Download System Image Download Operation Code CLI Software Download Through Tftp ServerTftp Main Menu Web-Based Management Interface Web-Based Management Interface Selection Criteria Configurable DataCommand Buttons Main MenuNon-Configurable Data Configuring Port ConfigurationCompliance Statements Important Notes Viewing Port Group Information Configurable Data Compliance Statements Important Notes Viewing Management Vlan Information Managing Port Backup Configuring Port Backup Configuration Viewing Port Backup Status Refresh Updates the information on Compliance Statements Important Notes Viewing Panel Description Page Configurable Data Terminal interface via the EIA-232 port Configuring Inband AdministrationNon-Configurable Data Compliance Statements Important Notes Configuring Telnet Session Page Configurable Data Main Menu Web-Based Management Interface Configuring Serial Port Page Configurable Data Selection Criteria Command Buttons Configuring Dhcp Client-identifier Defining Dhcp Client Configuring Dhcp RestartDefining Snmp Configuring Snmp Community Configuration Configuring Snmp Trap Receiver Configuration Viewing Snmp supported MIBs Main Menu Web-Based Management Interface Command Buttons Viewing Sntp Global Status Non-Configurable Data Configuring Sntp Server Configuration Configurable Data Unknown IPV4 Viewing Sntp Server Status Non-Configurable DataMain Menu Web-Based Management Interface Configurable Data Intelligent Blade Panel Module Refresh Refresh the configuration value again Reset All Configuration to Defaults Page Command Buttons Managing System Utilities Panel Reset Command ButtonsReset the Passwords to Defaults Page Command Buttons Overview Web-Based Management Interface Uploading Specific Files from Panel Removing Specific File Defining Ping Function Copying Running Configuration to PanelSubmit This will initiate the ping Non-Configurable Data Viewing Radius Statistics Page Non-Configurable Data Viewing Radius Server Statistics Page Selection Criteria Command Buttons Non-Configurable Data Resetting All Radius Statistics Page Command Buttons Configurable Data Command Buttons Non-Configurable Data Overview Web-Based Management Interface Viewing Buffered Log Configuring Command Logger Page Configurable Data Viewing Event Log Configuring Console LogConfiguring Hosts configuration Page Configurable Data Configuring syslog configuration Page Configurable Data Overview Web-Based Management Interface Viewing Login Session Page Non-Configurable Data CLI Mode-based Topology Command Reference Command Buttons Non-Configurable Data CLI Mode-based Topology Command Reference CLI Mode-based Topology Command Reference 104 Intelligent Blade Panel Module 105 Intelligent Blade Panel Module CLI Mode-based Topology Command Reference CLI Mode-based Topology Command Reference Viewing Each Port Summary Statistics Page Selection Criteria Configurable Data Command Buttons Non-Configurable Data CLI Mode-based Topology Command Reference Viewing Access Control Summary Page Non-Configurable Data Command Buttons Non-Configurable Data Defining Access Control User Login Page Selection Criteria Defining Each Port Access Privileges Page Selection Criteria CLI Mode-based Topology Command Reference Managing IP Filter IP Filter Configuration Selection Criteria Defining User Login Selection Criteria Example Clear port-group CLI Command FormatCommand Example Ip address ipaddr netmask vlan-idNetwork Address Syntax Address Type Format Range IPAddr CLI Mode-based TopologyParameters ValuesAnnotations MacAddrSystem Information and Statistics commands Show eventlog Show running-configShow sysinfo Show running-config all scriptnameSystem Information Show systemShow hardware Show version Show loginsession Interface Show interface status Device Configuration CommandsShow interface status slot/port all Show interface slot/port Show interfaceShow interface counters Default Setting Show interface counters detailed slot/port switchport Total Packets Received with MAC Errors Total Packets Received Without ErrorsTotal Packets Transmitted Octets Total Packets Transmitted Successfully Total Transmit ErrorsTotal Transmited Packets Discards Management Commands Command Reference Show interface IBP Interface range InterfaceFull duplex Full duplex half duplex Half duplex Speed-duplexSpeed-duplex 10 100 full-duplex half-duplex Speed-duplex all 10 100 full-duplex half-duplexNegotiate no negotiate NegotiateNegotiate all no negotiate all Capabilities Storm-control flowcontrol DescriptionStorm-control flowcontrol no storm-control flowcontrol Syntax Show mac-addr-table macaddr all Show mac-address-table igmpsnooping Show mac-address-table multicast macaddr vlanid all Show mac-address-table multicastShow mac-address-table agetime Show mac-address-table stats Default SettingShow mac-address-table agetime Default Setting Show mac-address-table statsManagement Vlan Show mgmt-vlan Mac-address-table aging-timeMgmt-vlan mgmtVlanName vlan-id no mgmt-vlan mgmtVlanName Mgmt-vlanMgmt-vlan mgmtVlanName no mgmt-vlan mgmtVlanName Igmpsnooping portGroupName no igmpsnooping portGroupName Igmp Snooping Show Commands Show igmp snoopingConfiguration Commands Igmpsnooping Show igmpsnoopingLacp portGroupName no lacp portGroupName Port Channel LacpShow lacp Port-group portGroupName no port-group portGroupName Port Group Show CommandsPort Backup Show Commands Port-backup portGroupName no port-backup portGroupName Configuration Commands Port-backupDefault Setting Command Mode Link State Show Commands Port-backup no port-backupLinkstate portGroupName no linkstate portGroupName Configuration Commands LinkstateNetwork Commands Show ip interface Management CommandsShow ip redirects 1.4 mtu Show ip filterMtu 1518-9216 no mtu Ip address Command UsageIp default-gateway Ip default-gateway gateway no ip default-gatewayIp address protocol Ip address protocol bootp dhcp vlanID noneIp address mgmt-vlan Ip filter no ip filter Ip filterIp filter ipaddr no ip filter ipaddr Serial Interface Commands Show line consoleBaudrate Line consolePassword-threshold Exec-timeoutPassword-threshold 0-120 no password-threshold Silent-time Telnet Session CommandsTelnet host port debug line echo Line vty Show line vtyExec-timeout 1-160 no exec-timeout Maxsessions 0-5 no maxsessions MaxsessionsSessions Telnet maxsessions Sessions no sessionsTelnet sessions Telnet sessions no telnet sessionsTelnet exec-timeout 1-160 no telnet exec-timeout Telnet exec-timeoutTelnet maxsessions 0-5 no maxsessions Show telnet Snmp Server Commands Show snmpShow trapflags Syntax Snmp-server location loc Snmp-server sysnameSnmp-server sysname name Snmp-server locationSnmp-server community Snmp-server contactSnmp-server community name no snmp-server community name Default Setting Snmp-server community ro rw name Snmp-server host Snmp-server enable trapsSnmp-server host ipaddr name no snmp-server host name No This command disables Multiple User trap Snmp Trap Commands Show snmptrap Snmp trap link-status no snmp trap link-status Snmp trap link-statusSnmp trap link-status all no snmp trap link-status all Snmptrap name ipaddr no snmptrap name ipaddr Snmptrap name ipaddrSnmptrap ipaddr Snmptrap ipaddr name ipaddr ipaddrnew Snmptrap modeSnmptrap mode name ipaddr no snmptrap mode name ipaddr Http commands Show ip httpIp javamode no ip javamode Ip javamodeIp http server no ip http server Ip http portIp http port 1-65535 no ip http port Ip http serverIp http secure-server no ip http secure-server Ip http secure-portIp http secure-port portid no ip http secure-port Ip http secure-serverIp http secure-protocol Secure Shell SSH Commands Show ip sshIp ssh no ip ssh Ip sshIp ssh protocol Ip ssh maxsessions Ip ssh timeoutIp ssh maxsessions 0-5 no ip ssh maxsessions Dhcp Client Commands Ip dhcp restart Ip ssh timeout 1-160 no ip ssh timeoutIp dhcp client-identifier System Burned In MAC Address Lockmessage Lock CommandsLockmessage messagestring default Lock lockidentifier Exclusive no lock lockidentifierALLShow lock LockresetShow Commands Show logging System Log Management CommandsShow logging buffered Show logging traplogs Show logging traplogShow logging hosts Display Message Index used for deleting Configuration Commands Logging bufferedLogging buffered no logging buffered Logging console Logging buffered wrap no logging buffered wrapLogging console severitylevel 0-7 no logging console Logging host hostaddress port severitylevel Logging hostLogging syslog Logging host reconfigure hostindex hostaddressLogging syslog no logging syslog Clear logging buffered Logging syslog port portid no logging syslog portScript delete Script Management CommandsScript apply Script apply scriptnameScript show Script listScript show scriptname Show Commands Show users User Account Management CommandsConfiguration Commands Username Username snmpv3 authentication Username username password nopassword no username usernameUsername snmpv3 encryption Show Commands Show users authentication Security CommandsShow authentication Show dot1x Show authentication usersShow dot1x detail Show dot1x statistics slot/port Show dot1x statisticsShow dot1x summary slot/port all Show dot1x summaryShow dot1x users Show radius-servers Secret Configured Yes / NoShow radius Show radius accounting statistics ipaddr Radius Accounting Mode Enabled or disabledShow radius statistics Secret Configured Yes or NoShow radius statistics ipaddr Show tacacs Show port-security Show port-security dynamic slot/port Configuration Commands Authentication login Possible method values are local, radius, reject, and tacacs Username defaultloginUsername login user listname Username login3.2 dot1x default-login 3 Dot1x Configuration Commands 3.1 dot1x initializeDot1x system-auth-control no dot1x system-auth-control 3.3 dot1x loginDot1x login user listname 3.4 dot1x system-auth-control3.6 dot1x port-control 3.5 dot1x user3.7 dot1x max-req Dot1x max-req 1-10 no dot1x max-req 3.8 dot1x re-authenticationDot1x re-authentication no dot1x re-authentication 3.9 dot1x re-reauthenticate3.10 dot1x timeout Radius accounting mode no radius accounting mode Radius Configuration Commands Radius accounting modeRadius-sever key Radius-server hostRetries the maximum number of times Range 1 Radius-server retransmitRadius-server timeout seconds no radius-server timeout Radius-server timeoutRadius-server msgauth Radius-server primary Tacacs Configuration CommandsTacacs no tacacs Tacacs server-ip 1-3 ipaddr no tacacs server-ip Tacacs modeTacacs mode 1-3 master slave no tacacs mode Tacacs server-ipTacacs key 1-3 no tacacs key Tacacs portTacacs port 1-3 1-65535 no tacacs port Tacacs keyTacacs retry 1-3 1-9 no tacacs retry Tacacs timeoutTacacs timeout 1-3 1-255 no tacacs timeout Tacacs retryPort-security no port-security Default Setting Port Security Configuration Commands Port-securityPort-security max-dynamic Port-security max-static 0-20 no port-security max-static Port-security max-staticPort-security mac-address Syntax Port-security mac-address move Default SettingPort-security mac-address move Show Commands Show sntp Sntp Simple Network Time Protocol CommandsShow sntp client Configuration Commands Sntp broadcast client poll-interval Sntp client mode broadcast unicast no sntp client mode Sntp client modeSntp client port portid 6-10 no sntp client port Sntp client portSntp unicast client poll-interval Sntp unicast client poll-retry Sntp unicast client poll-timeoutSntp clock timezone Sntp serverClear Clear arp System Utilities10.2.9 Sntp clock timezone name 0-12 0-59 before-utc after-utcClear eventlog Clear traplogClear pass Clear configClear counters slot/port all Syntax Clear mac-addr-table dynamic Default SettingClear mac address table Clear countersClear igmp snooping Enable passwdSyntax Clear dot1x statistics all slot/port Syntax Clear ip filter Default SettingClear ip filter Clear dot1x statisticsClear tacacs Clear radius statisticsCopy Privileged Exec Files download from PC to board Syntax Copy running-config startup-config filename 11.4 dir Syntax Copy clibanner url copy url clibanner no clibannerDelete Syntax Delete filenameDisplay Message Column Heading Description Dir boot-rom config opcode filenameWhichboot Boot-systemPing Boot-system boot-rom config opcode filenameTraceroute Calendar set mm/dd/yy hhmmss Logging cli-commandSyntax Logging cli-command Default Setting Calendar setDisconnect 0-10 all ConfigureReload DisconnectHostname Syntax Quit Default SettingQuit Syntax Ip dhcp restart Default Setting Dhcp CommandsSyntax Ip dhcp client-identifier text text hex hex Using Snmp Standard MIBs are listed in the following table Supported MIBsPrivate enterprise MIB is listed below RFC 2233 IF-MIB Accessing MIB ObjectsSupported MIBs Using Snmp Supported MIBs Using Snmp Snmp traps supported include the following items Supported TrapsDefault Settings SB9 Default Config In-band Administration Line console mode SSL Diagnosing IBP Indicators Troubleshooting and TipsSymptom Action Accessing the Management Interface

Related manuals

Manual 46 pages 40.75 Kb

Manual 288 pages 28.92 Kb

Manual 289 pages 43.4 Kb