EX2500 Ethernet Switch Configuration Guide
| TACACS+ Authentication | 14 |
| How TACACS+ Authentication Works | 14 |
| TACACS+ Authentication Features in the EX2500 Switch | 14 |
| Command Authorization and Logging | 16 |
| Configuring TACACS+ Authentication on the Switch | 16 |
| Secure Shell | 17 |
| Configuring SSH Features on the Switch | 17 |
| SSH Encryption of Management Messages | 17 |
| Generating RSA Host and Server Keys for SSH Access | 17 |
| SSH Integration with RADIUS and TACACS+ Authentication | 18 |
| End User Access Control | 18 |
| Considerations for Configuring End User Accounts | 19 |
| User Access Control | 19 |
| Listing Current Users | 20 |
| Logging In to an End User Account | 20 |
Chapter 2 | VLANs | 21 |
| VLAN Overview | 21 |
| VLANs and Port VLAN ID Numbers | 22 |
| VLAN Numbers | 22 |
| PVID Numbers | 22 |
| VLAN Tagging | 23 |
| VLAN Topologies and Design Considerations | 26 |
| VLAN Configuration Rules | 26 |
| Multiple VLANs Configuration Example | 27 |
| Private VLANs | 29 |
| Private VLAN Ports | 29 |
| Private VLAN Configuration Guidelines | 30 |
| Private VLAN Configuration Example | 30 |
Chapter 3 | Spanning Tree Protocol | 31 |
| Spanning Tree Overview | 31 |
| Bridge Protocol Data Units (BPDUs) | 32 |
| Determining the Path for Forwarding BPDUs | 32 |
| Bridge Priority | 32 |
| Port Priority | 33 |
| Port Path Cost | 33 |
| Spanning Tree Group Configuration Guidelines | 33 |
| Changing the Spanning Tree Mode | 33 |
| Assigning a VLAN to a Spanning Tree Group | 33 |
| Creating a VLAN | 34 |
| Rules for VLAN Tagged Ports | 34 |
| Adding and Removing Ports from STGs | 34 |
| Rapid Spanning Tree Protocol | 35 |
| Port State Changes | 35 |
| Port Type and Link Type | 36 |
| Edge Port | 36 |
| Link Type | 36 |
| RSTP Configuration Guidelines | 36 |
| RSTP Configuration Example | 36 |
| Per VLAN Rapid Spanning Tree | 37 |
| Default Spanning Tree Configuration | 37 |
| Why Do We Need Multiple Spanning Trees? | 37 |
iv Table of Contents