Asante Technologies IC36240 user manual Security Levels, Support

Page 44

5.3.3 Security Levels

SNMPv3 has three levels of security. The lowest level does not provide authentication or privacy (noAuthNoPriv). This level is comparable to SNMPv1. The second level provides authentication, but no privacy (AuthNoPriv). The highest level provides authentication and security (AuthPriv). Based on protection needs you should use some combination of these security levels.

Authentication, privacy, and access control combined address the security threats faced by SNMP, including Modification of Information, Masquerade, Disclosure, and Message Stream Modification attacks. SNMPv3 provides these security features.

SNMPv3 does not protect the network from Denial of Service and Traffic Analysis attacks.

5.3.4 Support

The IntraCore IC36240 switch supports Simple Network Management Protocol (SNMP) v1, v2 and v3. SNMP v3 provides additional security for your network. The SNMP system consists of three parts: an SNMP manager, an SNMP agent, and a Management Information Base (MIB). SNMP is an application-layer protocol that allows SNMP manager and agent stations to communicate. SNMP provides a message format for sending information between an SNMP manager and an SNMP agent. The agent and MIB reside on the switch. In configuring SNMP on the switch, the relationship between the manager and the agent must be defined.

The SNMP agent gathers data from the MIB, which holds the information about device parameters and network data. The agent also responds to the manager’s requests to get or set data. An agent can also send unsolicited traps to the manager. Traps are messages alerting the SNMP manager to a specific event on the network. Such events include improper user authentication, restarts, link status (up or down), closing of a TCP connection, or loss of connection to a neighboring switch. An SNMP manager can request a value from an agent, or store or change a value in that agent.

To configure support for SNMP on the switch, perform the following tasks:

Create or Modify Access Control for SNMP Community

Establish the Contact and Location of SNMP Agent

Define SNMP Trap Operations

Disable the SNMP Agent

Create or Modify Access Control for SNMP Community

You can configure a community string, which acts like a password, to permit access to the agent on the switch.

Read Only (ro): The string that defines access rights for reading SNMP data objects. The default is public.

Read-Write (rw): The string that defines access rights for writing SNMP data objects. The default is private.

Important! Be sure to change the SNMP default community strings in order to prevent unauthorized access to management information.

44

Asante IntraCore IC36240

User’s Manual

Page 43 Page 45
Image 44
Page 43 Page 45
Contents IntraCore IC36240 Series Layer 2+ Gigabit Ethernet Switch User’s Manual IntraCore IC36240Table of Contents Password Service Password-Encryption Snmp Configuration Commands Trunk Ieee 802.1q Technical Support and Warranty Features IntroductionPackage Contents Front and Back Panel DescriptionsLEDs LEDManagement and Configuration Console InterfaceSafety Overview Hardware Installation and SetupInstallation Overview Installing into an Equipment Rack Recommended Installation ToolsPower Requirements Environmental RequirementsEquipment Rack Guidelines Installing the Optional External Power SupplySFP Mini Gbic Ports 1 10/100/1000BaseT Ports Cabling Procedures Connecting PowerConnecting to the Network Gigabit Ethernet Ports Cabling Procedures Pin Number Pair Number & Wire ColorsAsante IntraCore IC36240 Initial Software Setup Connecting to a ConsoleConnecting to a PC User Access Verification PasswordEnable Password Passwords and Privileges CommandsPrivileges Commands Password Service Password-EncryptionLogin Security Configuring an IP AddressUsername Command Password and login CommandsRestoring Factory Defaults System Boot ParametersSetting a Default IP Gateway Address Switchconfig# ip default-gatewayUnderstanding the Command Line Interface CLI User Top User Exec ModeAccess Each Command Mode Document ConventionsPrivileged Top Privileged Exec Mode Command Show ? PurposeGlobal Configuration Mode Command Exit End Ctrl-Z Purpose Switch# configureInterface Configuration Mode Spanning-Tree Configuration ModeSpanning-tree mst configuration Advanced Features Supported within the Command ModeVlan Configuration Mode Command Help Purpose Example of Context Sensitive HelpChecking Command Syntax Switch# configure ?Using CLI Command History Using the No and Default Forms of CommandsUsing Command-Line Editing Features and Shortcuts Keystrokes/Command PurposeKeystrokes Purpose Moving Around on the Command LineCompleting a Partial Command Name Editing Command Lines That Wrap Scrolling Down a Line or a Screen Redisplaying the Current Command LineDeleting Entries Keystrokes Transposing Mistyped CharactersControlling Capitalization Managing the System and Configuration Files Setting the System ClockSwitch# clock ? Switch# clock set 092930 28 January Switch# reload crChanging the Password Testing Connections with Ping TestsSpecifying the Hostname Enabling the System LogManaging Configuration Files Displaying the Operating ConfigurationConfiguring from the Terminal Switch# show running-configCopying Configuration Files to a Network Server Newname# copy running-config startup-configSwitch# copy startup-config ? Switch# copy running-config tftp//192.168.0.1/my-config Switch# copy running-configSwitch# copy running-config Tftp Configuring Snmp AuthenticationAccess Control Switch# copy tftp//192.168.123.59/my-confg running-configSupport Create or Modify Access Control for Snmp CommunitySecurity Levels Command Purpose Snmp-server community string view Establish the Contact and Location of the Snmp AgentConfiguring Spanning Tree Snmp Configuration CommandsSpanning Tree Parameters Spanning-tree mst?Spanning Tree Port Configuration Rapid Spanning Tree Protocol RstpPort Priority Port Path CostConfiguring Switch/Bridge Priority Switchconfig# spanning-tree priority priorityRapid Convergence Enabling Rapid Spanning TreeConfiguring Link Type Configuring an Edge PortConfiguring Port Path Cost Configuring Port PriorityMultiple Spanning-Tree MST Configuring Vlan VlanShow mac-address-table Switchconfig# mac-address-table aging-timeMAC Address Table Class Address or Range Status Configuring IPAssign IP Addresses to Switch Establish Address Resolution Define a Static ARP CacheConfiguring Igmp Managing IP Multicast TrafficIgmp Overview Forwarding Unknown Multicast PacketsUsing Access Lists Switchconfig-if-veth1#ip igmp query-intervalCommand Purpose Ip igmp query-max-response-time Host-query messagesUsing a Classification ACL Asante IntraCore IC36240 Create a Standard Access List Switchconfig# mac access-list standard Create a MAC Access ListCreate an Expanded Access List Access-list 101 ? Access-list 101 deny ?Access-list 101 deny tcp ? Access-list 101 deny tcp 192.168.123.0 0.0.0.255 ?Creating an Access List with a Name Applying an Access List to an InterfaceAccess-list ? Access-list standard ?Configuring Common Access Lists Switchconfig# access-list 110 permit udp any any eqAccess-list 101 deny ip any any Vlan Configuration Creating or Modifying a VlanDeleting a Vlan Switch# show vlanSwitchconfig-vlan#port-member delete eth Trunk Ieee 802.1q Static AccessVlan Port Membership Modes Command Purpose Switchconfig# vlan dot1q tag native Switchconfig# endQuality of Service Configuration Configuring Weighted Fair QueuingMonitoring Weighted Fair Queuing Lists Priority QueuingConfiguring Traffic Shaping for an Interface Traffic ShapingDefining the Priority List Monitoring Priority Queuing ListsConfiguring Rate Limit Configuring Traffic Shaping for an Access ListMonitoring the Traffic Shaping Configuration Generic Traffic Shaping ExampleAsante IntraCore IC36240 Configuring the Switch Using the GUI Main Configuration MenuInformation Screens Front Panel Information ScreenAssign IP Addresses to Switch General Information ScreenClass Address or Range Status Port Configuration Menu Individual Port Configuration ScreenAsante IntraCore IC36240 Press go Spanning Tree Protocol Configuration STP Port Configuration Global STP Bridge Configuration Snmp Configuration Asante IntraCore IC36240 Address Table Screen Asante IntraCore IC36240 Asante IntraCore IC36240 Vlan Configuration Asante IntraCore IC36240 Click Apply Igmp Configuration Asante IntraCore IC36240 Asante IntraCore IC36240 Web CLI Screen System Clock Menu Save Appendix a Basic Troubleshooting Problem Possible SolutionsAppendix B Specifications Physical CharacteristicsEnvironmental Range PerformanceTechnical Support and Warranty Standards ComplianceAppendix C FCC Compliance and Warranty Statements FCC Compliance Statement Important Safety InstructionsIntraCare Warranty Statement Appendix D Online Warranty Registration Access List IndexIgmp LED Safety Priority Queuing Vlan
Top Page Image Contents