Implementing, AAA and Radius, Protocols | 3Com 10014298 manual

Implementing the AAA and RADIUS Protocols 215

[SW7750-radius-radius1]primary authentication 10.11.1.1

[SW7750-radius-radius1]primary accounting 10.11.1.2

5Set the IP address of the second authentication/accounting RADIUS servers.

[SW7750-radius-radius1]secondary authentication 10.11.1.2

[SW7750-radius-radius1]secondary accounting 10.11.1.1

6Set the encryption key when the system exchanges packets with the authentication RADIUS server.

[SW7750-radius-radius1]key authentication name

7Set the encryption key when the system exchanges packets with the accounting RADIUS server.

[SW7750-radius-radius1]key accounting money

8Set the timeouts and times for the system to retransmit packets to the RADIUS server.

[SW7750-radius-radius1]timer 5

[SW7750-radius-radius1]retry 5

9Set the interval for the system to transmit real-time accounting packets to the RADIUS server.

[SW7750-radius-radius1]timer realtime-accounting 15

10Configure the system to transmit the user name to the RADIUS server after removing the domain name.

[SW7750-radius-radius1]user-name-format without-domain

[SW7750-radius-radius1]quit

11Create the user domain 3com163.net and enters isp configuration mode.

[SW7750]domain 3com163.net

12Specify radius1 as the RADIUS server group for the users in the domain 3com163.net.

[SW7750-isp-3com163.net]radius-scheme radius1

13Set a limit of 30 users to the domain 3com163.net.

[SW7750-isp-3com163.net]access-limit enable 30

14Enable idle cut function for the user and set the idle cut parameter in the domain 3com163.net.

[SW7750-isp-3com163.net]idle-cut enable 50 5000

15Add a local supplicant and set its parameter.

[SW7750]local-user localuser

[SW7750-luser-localuser]attribute service-type lan-access

[SW7750-luser-localuser]password simple localpass

16Enable the 802.1x globally.

[SW7750]dot1x

Implementing the	The Authentication, Authorization, and Accounting (AAA) protocol provides a
AAA and RADIUS	uniform framework for configuring these three security functions and implements
Protocols	network security management.

Image 215

3Com 10014298 manual Implementing, AAA and Radius, Protocols, Network security management

Contents

Switch Configuration Guide 01752-3064 3Com CorporationCampus Drive Marlborough, MA Contents 110 IP Multicast Protocols 112 104 Route Capacity 105 Configuring Route CapacityIP Multicast Overview 109 191 137 Configuring PIM-SM 138 Gmrp Configuring Gmrp 146STP Overview 181 Configuring STP Configuring the Mstp Running Mode 192 239 Dynamic Vlan with Radius Server Configuration Example 240244 Configuring File Management 245 237 286 274 Configuring Rmon278 Configuring NTP 279 Page Icon Description Lists icon conventions that are used throughout this bookLists the text conventions used in this book Text Conventions Display user-interface Product Overview Console port. To set up the local configuration environment ConfiguringSwitch Dialog box, as shown in Figure Setting TerminalParameters To set terminal parameters Select Properties HyperTerminal Window Enter system view, return to user view by pressing Ctrl+Z Connecting the PC to the SwitchTelnet Run Telnet Connecting Two Switch 7750 Systems SW7750telnet Dial-up Modem Set Up Remote Configuration Environment Dial the Remote PC Interface Enter User Interface View Configuring the Attributes of the AUX Console PortConfigure the Attributes of the AUX Console Port Entering the User Interface View Configuring the Terminal Attributes Managing Users By default, the terminal screen length is 24 lines Configure the Local Authentication Password Perform the following configuration in user interface viewAuthorize users to use the command lines Configure Authentication Method Set Command Level After User Login Perform the following configuration in local-user viewSet Command Level Used After a User Logs Configure Modem Configuring the Attributes of a ModemConfiguring Redirection Set Command Priority Displaying and Debugging User Interface Perform the following configuration in user viewConfigure to Send Messages Between User Interfaces Configure Automatic Command Execution Interface Command Line Command Line Interface Function Feature of Command View Online Help Command LineDisplaying Features of the Command Line Editing Features of the Command Line Retrieve History Command Common Command Line Error MessagesHistory Command Common Command Line Error Messages Display Functions Editing Features of the Command LineDisplaying Features of the Command Line Editing Functions System Access Ethernet Port Overview Port Configuration Enabling and Disabling Ethernet Ports Setting Description Character String for Ethernet PortEntering Ethernet Port View Setting Cable Type for Ethernet Port Setting Duplex Attribute of the Ethernet PortSetting the Speed of the Ethernet Port Set Flow Control for Ethernet Port Setting Flow Control for Ethernet PortSetting Ethernet Port Broadcast Suppression Ratio Permitting/Forbidding Jumbo Frames on the Ethernet port Set Link Type for Ethernet Port Setting the Link Type for an Ethernet PortSetting Ethernet Port Broadcast Suppression Ratio Adding the Ethernet Port to a Vlan Adding the Ethernet Port to Specified VLANs Setting the Default Vlan ID for Ethernet PortSet the Default Vlan ID for the Ethernet Port Display and Debug Ethernet Port Copying a Port Configuration to Other PortsCopying a Port Configuration to Other Ports Displaying and Debugging Ethernet Ports Aggregation Configuring LinkExample Configuring the Default Vlan ID of the Trunk Port Port Configuration Manual and Static Lacp Aggregation Port Configuration Dynamic Lacp aggregation Enabling/Disabling Lacp at a Port Lacp enableUndo lacp enable Enabling or Disabling Lacp at a Port Add/Delete Ethernet Port to/from Aggregation Group Creating or Deleting an Aggregation GroupCreate or Delete an Aggregation Group By default, system priority is Setting or Deleting an Aggregation Group DescriptorBy default, an aggregation group has no descriptor Configuring System Priority Display and Debug Link Aggregation Default value for port priority isConfigure Port Priority Displaying and Debugging Link Aggregation Networking For Link Aggregation Example Link Aggregation Configuration Configuring Link Aggregation Port Configuration Vlan Overview Configuring VLANsConfiguring GARP/GVRP Vlan Overview Creating or Deleting a Vlan Setting the Broadcast Suppression Ratio for VlanCreating or Deleting a Vlan Specifying the Broadcast Suppression Ratio for a Vlan Create a Vlan before creating an interface for it Setting or Deleting the Vlan Description Character StringBy default, the string parameter is null Specifying or Removing Vlan Interfaces Displaying and Debugging a Vlan Example Vlan Configuration Adding Ethernet Ports to a Vlan By default, the system adds all ports to VLAN1Adding Ethernet Ports to a Vlan Creating and Deleting a Vlan Protocol Type Creating and Deleting a Vlan Protocol TypeAdd Ethernet1/0/1 and Ethernet1/0/2 to VLAN2 SW7750-vlan3port ethernet1/0/3 to ethernet1/0/4 Example Protocol-Based Vlan ConfigurationAdd Ethernet1/0/3 and Ethernet1/0/4 to VLAN3 SW7750-vlan2port ethernet1/0/1 to ethernet1/0/2 SW7750int g1/0/1 Configure the protocol Vlan on port G1/0/1SW7750-vlan2protocol-vlan ? SW7750-vlan2protocol-vlan ip Vlan and multicast addresses Configure port G1/0/3 as Vlan 3 and port G1/0/2 as Vlan Setting the Garp Timers Setting the Garp Timers Display and Debug Garp Displaying and Debugging Garp Enabling or Disabling Port Gvrp By default, Gvrp is disabled on a portSetting the Gvrp Registration Type Enabling or Disabling Global Gvrp Displaying and Debugging Gvrp By default, the Gvrp registration type is normalExample Gvrp Configuration Example Setting the Gvrp Registration Type Create VLANs Enable Gvrp globallyEnable Gvrp on the trunk port Address Configuring IP Subnet and Mask Configure IP Address and HostName for a HostConfiguring the IP Address of the Vlan Interface Configure the Host Name and the Corresponding IP Address Display and Debug IP Address Example Configuring an IP AddressConfigure IP Address for a Vlan Interface Displaying and Debugging an IP Address Enter Vlan interface Configure the IP address for Vlan interfaceAddress Configuration Example IP Address Resolution Learning Gratuitous ARPs Manually Adding/Deleting Static ARP Mapping EntriesLearning Gratuitous ARPs Manually Adding/Deleting Static ARP Mapping Entries Displaying and Debugging ARP Configuring the Dynamic ARP Aging TimerDhcp Relay Ipaddress2 Configuring a Dhcp Server IP Address in a Dhcp Server GroupConfigure/Delete the IP Address of the Dhcp Server Dhcp-server groupNo ip ipaddress1 Configure/Delete the Address Table Entry Configuring the Dhcp Server Group for the Vlan InterfaceConfiguring the Address Table Entry Enabling/Disabling Dhcp Security Features Displaying and Debugging Dhcp Relay Example Configuring Dhcp Relay SW7750display dhcp-server interface vlan-interface Show the configuration of Dhcp server groups in User viewRelay Configuration Dynamically SW7750display dhcp-server Attributes IP Performance Display and Debug IP Performance Configure Whether to Forward L3 Broadcast Packets SW7750terminal debugging SW7750debugging tcp transact SW7750terminal debugging SW7750debugging tcp packet Network Protocol Operation IP Routing Protocol Operation About Hops Routing Table Routes Shared Between Routing Protocols Static RoutesUnreliable source Individual static routes can be different Configuring a Static Route Default RouteConfiguring a Static Route Transmitting interface or next hop address Configuring a Default RouteConfiguring a Default Route Parameters are explained as follows IP address and mask Displaying and Debugging the Routing Table Example Typical Static Route ConfigurationDisplaying and Debugging Static Routes Deleting All Static Routes Enabled, but the IP packets cannot be forwarded normally Configure the static route for Ethernet Switch aConfigure the static route for Ethernet Switch B Configure the static route for Ethernet Switch C Network or host is unreachable RIP Undo rip Enabling RIP and Entering the RIP ViewEnabling RIP and Entering the RIP View Rip Specifying the RIP Version By default, RIP is not enabledConfiguring Unicast RIP Messages Enabling the RIP Interface Specifying RIP Version of the Interface Configuring RIP Timers Specifying the Operating State of the Interface Configuring RIP-1 Zero Field Check of the Interface PacketBy default, RIP-1 performs zero field check on the packet Configuring Zero Field Check of the Interface Packet Disabling Host Route By default, the router receives the host routeBy default, RIP-2 uses the route aggregation function Setting RIP-2 Packet Authentication Configuring Split Horizon Configuring Split HorizonBy default, split horizon of the interface is enabled Setting RIP-2 Packet Authentication By default, the preference of RIP is Configuring the Default Cost for the Imported RouteBy default, the cost value for the RIP imported route is Setting the RIP Preference Displaying and Debugging RIP Configuring Route FilteringConfiguring RIP to Filter Routes Configure RIP on Switch C Example Typical RIP ConfigurationConfigure RIP on Switch a Configure RIP on Switch B IP Prefix IP Routing PolicyInformation that meets its conditions Advertise, receive, and import the route information Permit deny node IP PrefixDefining a Route Policy Defining a Route Policy Defining If-match Conditions By default, no matching is performedDefining If-match Clauses for a Route Policy Defining Apply Clauses Configuring Importing Routes of Other ProtocolsDefining Apply Clauses for a Route Policy Defining Prefix-list Configuring for Filtering Received RoutesConfiguring Filtering for Received Routes Defining IP Prefix Displaying and Debugging the Route Policy Configuring for Filtering Distributed RoutesConfiguring Filtering of Distributed Routes Displaying and Debugging the Routing Policy Setting the Lower Limit of the Ethernet Switch Memory Configuring Route CapacitySetting the Lower Limit for Switch Memory Setting the Safety Value for Switch Memory Setting the Safety Value of the Ethernet Switch Memory Setting the Lower Limit and the Safety Value Simultaneously Displaying and Debugging Route Capacity Operation Command Enable automatic recovery of disconnectedMemory auto-establish enable Displaying and Debugging Route Capacity IP Routing Protocol Operation Multicast Protocol Comparison Between the Unicast and Multicast Transmission Reserved Multicast Address List Ranges and meanings of Class D addresses are shown in TableEthernet Multicast MAC Addresses Ranges and Meanings of Class D Addresses Multicast Routing Protocol Internet Group Management Protocol Igmp RPF Reverse Path Forwarding PIM-SM Protocol-Independent Multicast Sparse Mode Enabling Multicast By default, multicast routing is disabledMulticast routing-enable Undo multicast routing-enable Clearing MFC Forwarding Entries or Statistic Information Configuring the Multicast Route LimitBy default, the multicast route-limit is Participating in multicast must implement Igmp Configuring IgmpDisplaying and Debugging Common Multicast Configuration Display and Debug Common Multicast Configuration Specific group query Enabling Igmp on an Interface By default, Igmp is not enabledConfiguring the Igmp Version Default is Igmp Version Undo igmp By default, the interval is 1 secondIgmp lastmember-queryinterval Seconds Configure a Router to Be a Member of a Group Configuring the Limit of Igmp Groups on an InterfaceConfiguring a Router to be a Member of a Group Default interval is 60 seconds By default, a router does not join a multicast groupLimiting Access to IP Multicast Groups Configuring the Igmp Query Message Interval Configure the Maximum Query Response Time Configuring the Igmp Querier Present TimerConfiguring the Maximum Query Response Time Configure the Igmp Querier Present Timer Display and Debug Igmp Displaying and Debugging Igmp Igmp Snooping Multicast Packet Transmission With Igmp Snooping Implement Igmp Snooping Implementing Igmp Snooping Enabling/Disabling Igmp Snooping Configure Router Port Aging TimeConfigure Router Port Aging Time Configure Aging Time of Multicast Group Member By default, the port aging time is 260 secondsConfiguring Maximum Response Time By default, the maximum response time is 10 seconds Display the status of Gmrp Example Igmp Snooping ConfigurationEnable Igmp Snooping if it is disabled Multicast Protocol Assert Mechanism Diagram Entering PIM View See Configuring Common Multicast onConfiguring the Interface Hello Message Interval Enabling PIM-DM Configure Hello Message Interval on an Interface Configuring the Filtering of Multicast Source/GroupPerform the following configuration in the PIM view Configuring the Filtering of PIM Neighbors Displaying and Debugging PIM-DM Displaying and Debugging PIM-DM Enable PIM-DM Example PIM-DM ConfigurationConfiguration procedure Enable the multicast routing protocol Build the RP shared tree RPT Neighbor discovery mechanism is the same as that of PIM-DM Configure Static RP Preparing to ConfigureConfigure Candidate RPs Configure BSRs Enabling PIM-SM Refer to Configuring Common Multicast onRefer to Configuring Igmp on Enabling PIM-SM Pim bsr-boundary Setting the PIM-SM Domain BorderConfiguring Candidate-BSRs Setting the PIM-SM Domain Border Configuring Candidate-RPs Configuring Candidate-RPsConfiguring Static RP Configuring Candidate-BSRs Configuring the Interface Hello Message Interval See Configuring PIM-DMonConfiguring the Filtering of PIM Neighbor Configuring RP to Filter the Register Messages Sent by DR Undo bsr-policy Limiting the Range of Legal BSRLimiting the Range of Legal C-RP Bsr-policy acl-number Clearing Multicast Route Entries from PIM Routing Table Clearing Multicast Route Entries from PIM Routing TableClearing PIM Neighbors Displaying and Debugging PIM-SM Display and Debug PIM-SM Execute the debugging command in user view to debug PIM-SMExample Configuring PIM-SIM Configure Switch a Enable PIM-SM Configure PIM domain border Configure Switch B Enable PIM-SMConfigure the C-BSR Configure the C-RP Multicast in Vlan Configure Switch C Enable PIM-SMInformation dynamically registered by other switches Displaying and Debugging Gmrp Enable/Disable Gmrp GloballyExample Configuring Gmrp Enabling/Disabling Gmrp on the Port Configure LSB Enable Gmrp globally Enable Gmrp on the port Hardware ACL OverviewFiltering or Classifying Value range Maximum Quantitative Limitation to the ACL Range Configuring ACLsConfiguring the Time Be done in sequence Define Basic ACL Defining a Basic ACLBasic ACL is defined by numbers from 2000 to Define an Advanced ACL Define Layer-2 ACL Perform the following configuration in designated viewDefining a Layer-2 ACL Define Advanced ACL Activate ACL Displaying and Debugging an ACL Access Control ACL Configuration Examples Define the time range Define time range 800 to Select ACL mode Select ip-based ACL modeDefine the work time range Set the time range 800 to Activate ACL Activate the traffic-of-payserver ACL Activate ACL Activate the ACL traffic-of-host Configuring QoSSelect ACL mode Select link-based ACL mode Define the rules for packet with source IP address Traffic Classification Traffic refers to all packets passing through a switchTraffic Port Traffic Limit Packet FilterTraffic Policing Bandwidth Assurance Traffic Counting Traffic Mirroring Restore the default priority Undo priority Setting Port PrioritySetting Port Priority Operation Command Set port priority Setting Port Mirroring Setting Port MirroringSetting Queue Scheduling Mapping Between Dscp Priority Levels and Outbound Queues Configure the COS local-precedence mapping tableRestore the default mapping By default, the switch selects the default mapping Entering QoS View Configuring the Traffic LimitConfiguring the Priority for Queue Scheduling Configuring the Traffic Limit Setting the Line Rate Setting Line LimitSetting Traffic Bandwidth Setting Traffic Redirection Relabeling the Priority Level Configuring the RED OperationConfigure RED Operation Relabeling the Priority Level Display and Debug QoS Configuring Traffic StatisticsConfiguring Traffic Statistics Displaying and Debugging QoS Display priority-trust Traffic Bandwidth Traffic StatisticsTraffic Limit and Line Rate Port Mirroring Define the traffic-of-payserver rule in the advanced ACLSet traffic limit for the wage server Enter QoS view SW7750acl number Priority Relabeling Configuration ExampleDefine traffic classification rules for PC1 packets Packet Redirection SW7750queue-scheduler wrr 5 5 10 10 15 15 9 View the configuration with the display commandOther interface units support only SP algorithm Rule 0 interface gigabitetherent7/0/8 Traffic Bandwidth Define traffic rules for the packets of IP address Traffic Bandwidth Traffic Statistics Define traffic rules for PC1 packets Configuring ACLSecurity, see System Access Control Defining a Basic ACL Defining an ACLImporting an ACL Example Controlling Telnet Users with ACL Define a Numbered Basic ACL Call an ACLImporting an ACL to Control Snmp Users Snmp-agent group v3 group-name Authentication privacy read-viewExample Controlling Snmp Users with an ACL Read-view read-view write-view Import the basic ACLs QOS/ Operation STP Overview Configuring STP Illustrates the network Algorithm Configuring STP STP Operation Final Stabilized Spanning Tree Mstp Overview Common Spanning Tree CST MST RegionVlan Mapping Table Internal Spanning Tree IST Boundary port Multiple Spanning Tree Instance MstiMsti Region root Common Root Bridge Msti calculation Configuring MstpMstp Principles Cist calculation Enter MST Region View Stp region-configurationUndo stp Region-configuration Entering MST region view Configure the MST Region for a Switch Configuring the MST RegionPerform the following configuration in MST region view Root Switch Specify the Switch as Primary or Secondary Root Switch Configure the Priority for a Switch By default, the switch priority isConfigure the Mstp Running Mode Configure the Switching Network Diameter Configure the Max Hops in an MST Region Configure the Time Parameters of a Switch Port Configuring in system viewConfiguring in Ethernet port view Configure the Max Transmission Speed on a Port Configure a Port as an Edge Port or a Non-edge Port Stp instance instance-id cost Configure the Path Cost of a PortSpecify the Standard To BeFollowed in Path Cost Calculation Instance instance-id cost Dot1d-1998 dot1t legacy Calculates the default Path Cost for the connectedLink Restore the default standard to be used Stp pathcost-standard Stp instance instance-idport Configure the Port PriorityInstance instance-id port Priority priority Configure the Port Connection With the Point-to-point Link Configuring the Port Connection with Point-to-Point Link Mcheck Configure the mCheck Variable of a PortVariable of a Port Security Function Configure the Switch Security Function Device Enable/Disable Mstp on a DeviceEnable/Disable Mstp on a Port Snooping Configuring DigestDigest Snooping Prerequisites Configure digest snooping Ieee 802.1x Authentication Process Implement 802.1x on Ethernet Switch Enabling/Disabling Setting the Port Access Control ModeSetting Port Access Control Method Set to Enable Dhcp to Launch Authentication Checking the Users that Log on the Switch by ProxySetting Number of Users on a Port Enabling Dhcp to Launch Authentication Configuring Timers Configuring the Authentication Method for 802.1x UsersSetting the Maximum Retransmission Times Displaying and Debugging Enabling/Disabling Quiet-Period TimerExample 802.1x Configuration Enable/Disable a Quiet-Period Timer SW7750radius scheme radius1 SW7750dot1x interface ethernet 1/0/2SW7750dot1x port-method macbased interface ethernet 1/0/2 Network security management ImplementingAAA and Radius Protocols Radius Creating/Deleting an ISP Domain Configuring AAAImplementing AAA/RADIUS on Ethernet Switch Create/Delete ISP Domain Configuring Relevant Attributes of an ISP DomainConfigure Relevant Attributes of ISP Domain Creating a Local User By default, there is no local user in the systemSetting Attributes of a Local User Radius server type, etc Disconnecting a User by ForceBy default, no online user will be disconnected by force Radius Protocol Undo radius scheme Creating/Deleting a Radius Server GroupCreate/Delete a Radius Server Group Set IP Address and Port Number of Radius Server Setting the IP Address and Port Number of Radius Server Setting Retransmission Times of the Radius Request Packet Setting the Radius Packet Encryption KeySetting the Response Timeout Timer of Radius Server By default, timeout timer of Radius server is 3 seconds Set Retransmission Times of Radius Request Packet Setting a Real-time Accounting IntervalEnable the Selection of the Radius Accounting Option Enabling the Selection of the Radius Accounting Option Recommended Ratio of Minute to Number of Users By default, minute is set to 12 minutesSetting Maximum Times of Real-time Accounting Request Enabling/Disabling Stop Accounting Request Buffer Enable/Disable Stopping Accounting Request Buffer Setting the Supported Type of Radius ServerBy default, the Radius server type is standard Setting Radius Server State Set the Unit of Data Flow Transmitted to Radius Server Setting Username Format Transmitted to Radius ServerSet Radius Server State Setting the Response Timeout Timer of the Radius Server Configuring a Local Radius Server GroupConfiguring Source Address for Radius Packets Sent by NAS Setting the Timers of the Radius Server 229 36 Hwtacacs configuration III. Configure the Radius Server Response Timer35 Configure the Radius server response timer Hwtacacs configuration tasks include Configuring Hwtacacs AAA and Radius Operation Configuring Hwtacacs Perform the following configuration in Hwtacacs view Configuring Hwtacacs Interval is in minutes and must be a multiple Setting Tacacs Server TimersDefault response timeout timer is set to 5 seconds Hwtacacs Protocols DisplayingDebugging the AAA RADIUS, Remote Radius Server Examples Authentication at a Configure the domainConfigure Radius scheme Configure the association between domain and Radius Associate the domain with the Hwtacacs Configure a Hwtacacs schemeConfigure Vlan delivery mode as string Configure name of the delivered Vlan Radius packet cannot be transmitted to Radius server ConfigurationsUser authentication/authorization always fails AAA and Radius Operation Managing Devices File SystemFile System Managing the MAC Address Table File System Operation Mode of the File SystemPerform the following operation in system view File Operation Create a directory named test Example File System OperationFormat the flash Display the working directory in the flash Erasing the Configuration Files from Flash Memory Perform the following configuration in all viewsSaving the Current Configuration Enabling and Disabling the FTP Server Configuring the FTP Server Authentication and AuthorizationEnable/Disable FTP Server Configure the FTP Server Authentication and Authorization Introduction to FTP Client Configuring FTP Server ParametersBy default, the FTP server connection timeout is 30 minutes Displaying and Debugging the FTP Server Uploading Files with Tftp Configuring the File Transmission ModeBy default, Tftp transmits files in binary mode Downloading Files with Tftp Setting MAC Address Table Entries Disabling or Enabling MAC Address Learning on a Port By default, the MAC address learning function is enabledDisabling or Enabling Global MAC Address Learning Displaying and Debugging MAC Address Table Setting MAC Address Aging TimeSetting the MAC Address Aging Time for the System Displaying and Debugging the MAC Address Table Add a MAC address specify the native VLAN, port and state Example Configuring MAC Address Table ManagementEnter the system view of the switch Display the MAC address configurations in all views If you input reboot only, the whole system will be reset Is booted Perform the following configuration in user viewUpgrading BootROM Resetting a Slot Maintaining Debugging System Setting the Slot Temperature LimitSetting the Backboard View Setting Daylight Saving Time Setting the System NameSetting the System Clock Setting the Time Zone Display Commands of the System Perform this command in user viewBy default, daylight saving time is not set Setting Daylight Saving Time Enabling and Disabling Debugging Displaying Diagnostic Information Ping Testing Tools forFollowing sections Ping Tracert Command Tracert Command Tracert -f first-TTL -m Tracert CommandOperation Command Trace a route Timeout host Enabling and Disabling the Logging Function Setting the Output Channel of the LogEnable/Disable the Logging Function Syslog-Defined Severity Defining the Log Filtering RulesLog Output Numbers and Names of the Channels for Log Output Define the Filtering Rules of the Channels Configuring the Snmp Timestamp Output FormatConfiguring the Snmp Timestamp Output Format SW7750 security messages Configuring the Info-center LoghostExample Log Configuration Enable Rstp module debugging Displaying and Debugging the Syslog Function Displaying and Debugging the Syslog Function Architecture of the MIB Tree MIB Attribute MIB Content References Setting the Community NameMIBs Supported by the Ethernet Switch Enabling and Disabling the Snmp Agent to Send a Trap Setting the Destination Address of a TrapSetting the Community Name Setting the Destination Address of a Trap By default, syslocation is specified as Marlborough MA Setting the Lifetime of the Trap MessageBy default, the lifetime of a trap message is 120 seconds Setting Snmp Information Setting the Source Address of the Trap Setting and Deleting an Snmp GroupSetting the Source Address of the Trap Setting and Deleting an Snmp Group Creating and Updating View Information or Deleting a View Creating and Updating View Information or Deleting a ViewAdding and Deleting a User to or from an Snmp Group Displaying and Debugging Snmp Enabling and Disabling Transmission of Trap InformationDisabling the Snmp Agent Set the community name, group name, and user Example Snmp ConfigurationOperation Command Display the contact character string Enter the system view Networks Used network management standards Add or Delete an Entry to or from the Event Table Adding and Deleting an Entry to or from the Alarm TableAdding or Delete an Entry to or from the Alarm Table Adding and Deleting an Entry to or from the Event Table Add or Delete an Entry to or from the Statistics Table View the configurations in user view Displaying the Rmon ConfigurationExample Rmon Configuration Configure Rmon NTP Configuring NTP Operating Mode Undo ntp-service unicast-server Configuring NTP Time ServerNtp-service unicast-server Authentication-keyid keyid Configuring NTP Broadcast Server Mode Perform the following configurations in Vlan interface viewConfiguring NTP Peer Mode Configuring NTP Multicast Client Mode Configuring NTP Broadcast Client ModeConfiguring NTP Multicast Server Mode Key number key-numberranges from 1 to Configuring NTP ID AuthenticationSetting the NTP Authentication Key Setting the Specified Key to Be Reliable Designating an Interface to Transmit NTP Message Setting the NTP Master Clock Displaying and Debugging NTP Setting the Authority to Access a Local SwitchSetting Maximum Local Sessions Set the local clock as the NTP master clock at stratum Example Configuring NTP ServersConfigure the Switch SW77501 Enter system view Configure Ethernet Switch SW77502 Enter system view SW77502display ntp-service status Configure Ethernet Switch SW77504 Enter system view Example Configuring NTP Peers SW77504display ntp-service sessions SW77504display ntp-service status Set it as broadcast server Example Configuring NTP Broadcast ModeConfigure Ethernet Switch SW77501 Enter system view Enter Vlan-interface2 view Set it as a multicast server Example Configuring NTP Multicast ModeConfigure Ethernet Switch SW77503 Enter system view # Set the local clock as a master NTP clock at stratum Example Configuring Authentication-Enabled NTP Server Mode SW77501ntp-service reliable authentication-keyid Configure the key as reliableSW77501ntp-service authentication enable System Management