Allied Telesis 2.6.1 manual Secure Access, Create a Security Officer user account

Page 29

Getting Started with the Graphical User Interface (GUI)

29

4.Browse to the switch

For normal access, point your web browser to http://ip-address

where ip-addressis the interface’s IP address.

To access the switch securely if SSL (Secure Sockets Layer) has been configured on the interface, point your web browser to

https://ip-address

For more information about secure access, see “Secure Access” on page 29.

5.At the login prompt, enter the user name and password

The default username is manager:

User Name: manager

Password: friend

The System Status page is displayed (see Figure 6 on page 31). Select options from the sidebar menu to configure and manage the switch.

If the Firewall and/or VPN (IPSec) have already been configured on the switch using the CLI, this configuration may conflict with the GUI. Do not attempt to modify existing CLI firewall or VPN configuration with the GUI.

Secure Access

You can optionally browse to the switch using Secure Sockets Layer (SSL). This means that sensitive data including passwords and email addresses can not be accessed by malicious parties. This section details the required configuration.

For information about SSL, refer to the Secure Sockets Layer (SSL) chapter of your Software Reference.

For this configuration to succeed your switch must have PKI, ISAKMP, SSH and SSL feature licences. If these licences are not already present on your switch, please contact your authorised distributor or reseller.

To secure your switch’s HTTP Server with SSL for secure switch management via the GUI.

1. Create a Security Officer user account

Only a user with Security Officer privilege can enable system security and SSL.

To add a user with the login name “CIPHER”, password “sbr4y3”, login=yes, and SECURITY OFFICER privilege, use the command:

ADD USER="CIPHER" PASSWORD="sbr4y3"

PRIVILEGE=SECURITYOFFICER Login=yes

CREATE CONFIG=ssl.cfg

RESTART SWITCH

Software Release 2.6.1 C613-02039-00 REV A

Image 29
Contents AT-8800 Series Switch Page Contents AT-8800 Series Switch User Guide Operating the switchMaintenance and Troubleshooting Page Chapter Introducing the AT-8800 Series SwitchWhy Read this User Guide? AT-8800 Series Switch Documentation Set Where To Find More InformationIntroduction Features of the AT-8800 Series SwitchOnline Technical Support Software Features Management FeaturesSpecial Feature Licences Do if You Clear Flash Memory Completely on This Chapter Getting Started with the Command Line Interface CLIParameters for terminal communication Value Connecting a Terminal or PCTerminal Communication Parameters Getting Started with the Command Line Interface CLI Enter the password at the password promptLogging Assigning an IP AddressTo change the IP address for an interface, enter the command Setting RoutesTo add a static route, enter the command Changing a PasswordChoosing a Password Not available Using the CommandsAliases Getting Command Line HelpTo display the current help file, enter the command Setting System Parameters Enabling Special Feature LicencesGetting Started with the Graphical User Interface GUI Getting Started with the Graphical User Interface GUIAccessing the Switch via the GUI What is the GUI?Browser and PC Setup Supported browsers and operating systemsHttp Proxy Servers See Option 3 Connecting to an Installed Switch on Establishing a Connection to the SwitchSee Option 1 Configuring the Switch before Installation on See Option 2 Installing the Switch into the LAN onSee Http Proxy Servers on page 23 for more information Option 1 Configuring the Switch before InstallationUse this procedure if Default username is manager Option 2 Installing the Switch into the LANAt the login prompt, enter the user name and password Plug the switch into the LANAssign the vlan1 interface an IP address See Secure Access on page 29 for more informationFind out the IP address of the switch’s interface Option 3 Connecting to an Installed SwitchSelect a PC If necessary, bypass the Http proxy serverCreate a Security Officer user account Secure AccessTo create an RSA key pair, use the command Then enter the password for CIPHER, sbr4y3To enable system security, use the command System Status System StatusConfiguration Menu Using the GUI Navigation and FeaturesUsing Configuration Pages Quality of Service and traffic filtersAn example of a configuration page with a selection table Editable Fields Monitoring Menu Management MenuContext Sensitive GUI Help Diagnostics MenuChanging the Password Configuring Multiple Devices Saving Configuration Entered with the GUICombining GUI and CLI Configuration Then delete the GUI resource file, using the command To upgrade the GUILoad the new file onto the switch Upgrading the GUIPoint your web browser at the switch’s IP address TroubleshootingInstall the new file as the preferred GUI Deleting Temporary Files Accessing the Switch via the GUITraffic Flow Solutions SolutionIP Addresses and Dhcp Time and NTPLoading Software Page User Accounts and Privileges Using Scripts onSnmp and MIBs on A Security Officer prompt looks likeLogin Operating the switch Normal Mode and Security ModeTo display the current operating mode, enter the command Specific Parameters Storing Files in Flash Memory Remote ManagementExample output from the Show File command Using ScriptsStoring Multiple Scripts Saving the Switch’s ConfigurationFile extensions and file types Extension File type/function Loading and Uploading FilesFile Naming Conventions SPA Loading FilesExample Load a Patch File Using Http Setting Loader DefaultsTo load a patch file Configure the Loader Download the patch fileExample Upload a Configuration File Using Tftp Uploading Files From the SwitchMore information To upload a log fileUpgrading Switch Software Load the new release file onto the switch Example Upgrade to a New Software Release UsingTo upgrade to a new software release Make the release the default permanent release Enter the licence password for the software releaseEnter licence information for the release Test the releaseCheck that the file is successfully loaded Example Upgrade to a new patch fileTo upgrade to a new patch file Snmp and MIBs Using the Built-in EditorFor More About Operations and Facilities Where interface is the name of an interface, such as vlan11AT-8800 Series Switch User Guide Enabling and Disabling Switch Ports Switch PortsTo display information about switch ports, use the command To enable or disable a switch port, use the commandsSTP Autonegotiation of Port Speed and Duplex Mode Speed 10/100 Port TrunkingShow VLAN=ALL Packet Storm Protection Layer 2 SwitchingPort Mirroring Port security Virtual Local Area Networks VLANs Example output from the Show Switch Port Intrusion commandTpid Vlan TaggingFormat of user priority and Vlan data in an Ethernet frame Vlan Membership using Vlan Tags Member ports Vlan membership of example of a network using tagged portsVlan Membership of Untagged Packets Vlans with untagged ports Creating VLANsTo destroy a VLAN, use the command To add tagged ports to a VLAN, use the commandVlan Interaction with STPs and Trunk Groups Summary of Vlan tagging rulesProtected VLANs Ingress Rules Layer 2 Switching ProcessGeneric Vlan Registration Protocol Gvrp Learning Process Forwarding Process Layer 2 Filtering Example output from the Show Switch Filter command Egress Rules Quality of ServiceSpanning Tree Modes Spanning Tree Protocol STPRapid Spanning Tree port states State Meaning Spanning Tree and Rapid Spanning Tree Port StatesSpanning tree port states State Meaning Configuring STP SET STP=stpnameALL PRIORITY=0..65535 Example output from the Show STP command Do not occur Parameter Meaning Switch Max AgeTo display STP port information, use the command Example output from the Show STP Port command 94AT-8800 Series Switch User GuideTo show STP counters, use the command Receive 96AT-8800 Series Switch User GuideTransmit DiscardedIgmp Snooping Interfaces to Layer 3 ProtocolsDisable Igmpsnooping Group List Example output from the Show IP Igmp commandEvent TriggersDescription ParametersLayer Displays the interfaces enabled for IP routing Figure Then use either of the following commandsInternet Protocol IP IP MulticastingLayer 103 Routing Information Protocol RIPNovell IPX AppleTalk Example output from the Show IPX Circuit commandLayer 105 Resource Reservation Protocol RsvpPage Maintenance and Troubleshooting Switch startup messages How the Switch Starts UpSet system territory How to Avoid ProblemsWatch for software updates If you accidentally do this, you will need to What to Do if You Clear Flash Memory CompletelyGetting the Most Out of Technical Support What to Do if Passwords are LostWhat to Do if the PPP Link Disconnects Regularly Checking Connections Using Ping Resetting Switch DefaultsTo get debugging output, enter the command Maintenance and Troubleshooting 113To set Ping defaults, enter the command Troubleshooting IP ConfigurationsStop a Ping that is in progress, enter the command Telnet FailsYour switch is acting as a Dhcp client Troubleshooting Dhcp IP AddressesYour switch is acting as a Dhcp server Maintenance and Troubleshooting 115To check that the PPP link is active, enter the command Troubleshooting IPX ConfigurationsLocal Workstations Can Not Access Remote Servers No Routes are Visible to the Remote RouterCheck route tables Using Trace Route for IP TrafficTo halt a trace route that is in progress, enter the command