Configuring AAA, Creating/Deleting an ISP Domain | 3Com 10014298

Configuring AAA 217

RADIUS server generally uses a proxy function of the devices, like access server, to perform user authentication. The operation process is as follows:

1Send client username and encrypted password to RADIUS server.

2User receives one of the following response messages:

■ACCEPT: Indicates that the user has passed the authentication

■REJECT: Indicates that the user has not passed the authentication and needs to input username and password again, otherwise he will be rejected from access.

Implementing AAA/RADIUS on Ethernet Switch

As described above, the Switch 7750, serving as the user access device, or NAS, is the RADIUS client. Figure 57 illustrates the RADIUS authentication network.

Figure 57 Networking with Switch 7750 Applying RADIUS Authentication

	PC use1	Authentication
	PC use1	server
		server

PC user2

Accountin server1

Switch 7700

Switch 7700

ISP1

PC user3

Switch 7700

PC user4

Internet

Switch 7700

ISP2

Configuring AAA	AAA configuration includes tasks that are described in the following sections:
	■ Creating/Deleting an ISP Domain
	■ Configuring Relevant Attributes of an ISP Domain
	■ Creating a Local User
	■ Setting Attributes of a Local User
	■ Disconnecting a User by Force
	Among the above configuration tasks, creating an ISP domain is required,
	otherwise the supplicant attributes cannot be distinguished. The other tasks are
	optional. You can configure them as required.
	Creating/Deleting an ISP Domain
	An ISP domain is a group of users belonging to the same ISP. Taking
	gw20010608@3com163.net as an example in the userid@isp-name format, the
	isp-name (i.e. 3com163.net) following the @ is the ISP domain name. When the
	Switch 7750 controls user access, as for an ISP user whose username is in

Image 217

3Com 10014298 manual Configuring AAA, Implementing AAA/RADIUS on Ethernet Switch, Creating/Deleting an ISP Domain

Contents

Switch Configuration Guide Campus Drive 3Com CorporationMarlborough, MA 01752-3064 Contents IP Multicast Overview 109 104 Route Capacity 105 Configuring Route Capacity110 IP Multicast Protocols 112 STP Overview 181 Configuring STP 137 Configuring PIM-SM 138 Gmrp Configuring Gmrp 146Configuring the Mstp Running Mode 192 191 244 Configuring File Management 245 Dynamic Vlan with Radius Server Configuration Example 240237 239 278 Configuring NTP 279 274 Configuring Rmon286 Page Lists the text conventions used in this book Lists icon conventions that are used throughout this bookText Conventions Icon Description Display user-interface Product Overview Switch ConfiguringConsole port. To set up the local configuration environment Parameters Setting TerminalTo set terminal parameters Dialog box, as shown in Figure Select Properties HyperTerminal Window Telnet Connecting the PC to the SwitchEnter system view, return to user view by pressing Ctrl+Z Run Telnet Connecting Two Switch 7750 Systems SW7750telnet Dial-up Modem Set Up Remote Configuration Environment Dial the Remote PC Interface Configure the Attributes of the AUX Console Port Configuring the Attributes of the AUX Console PortEntering the User Interface View Enter User Interface View Configuring the Terminal Attributes Managing Users By default, the terminal screen length is 24 lines Authorize users to use the command lines Perform the following configuration in user interface viewConfigure Authentication Method Configure the Local Authentication Password Set Command Level Used After a User Logs Perform the following configuration in local-user viewSet Command Level After User Login Configuring Redirection Configuring the Attributes of a ModemSet Command Priority Configure Modem Configure to Send Messages Between User Interfaces Perform the following configuration in user viewConfigure Automatic Command Execution Displaying and Debugging User Interface Interface Command Line Command Line Interface Function Feature of Command View Displaying Features of the Command Line Command LineEditing Features of the Command Line Online Help History Command Common Command Line Error MessagesCommon Command Line Error Messages Retrieve History Command Displaying Features of the Command Line Editing Features of the Command LineEditing Functions Display Functions System Access Ethernet Port Overview Port Configuration Entering Ethernet Port View Setting Description Character String for Ethernet PortEnabling and Disabling Ethernet Ports Setting the Speed of the Ethernet Port Setting Duplex Attribute of the Ethernet PortSetting Cable Type for Ethernet Port Setting Ethernet Port Broadcast Suppression Ratio Setting Flow Control for Ethernet PortPermitting/Forbidding Jumbo Frames on the Ethernet port Set Flow Control for Ethernet Port Setting Ethernet Port Broadcast Suppression Ratio Setting the Link Type for an Ethernet PortAdding the Ethernet Port to a Vlan Set Link Type for Ethernet Port Set the Default Vlan ID for the Ethernet Port Setting the Default Vlan ID for Ethernet PortAdding the Ethernet Port to Specified VLANs Copying a Port Configuration to Other Ports Copying a Port Configuration to Other PortsDisplaying and Debugging Ethernet Ports Display and Debug Ethernet Port Example Configuring the Default Vlan ID of the Trunk Port Configuring LinkPort Configuration Aggregation Manual and Static Lacp Aggregation Port Configuration Dynamic Lacp aggregation Undo lacp enable Lacp enableEnabling or Disabling Lacp at a Port Enabling/Disabling Lacp at a Port Create or Delete an Aggregation Group Creating or Deleting an Aggregation GroupAdd/Delete Ethernet Port to/from Aggregation Group By default, an aggregation group has no descriptor Setting or Deleting an Aggregation Group DescriptorConfiguring System Priority By default, system priority is Configure Port Priority Default value for port priority isDisplaying and Debugging Link Aggregation Display and Debug Link Aggregation Networking For Link Aggregation Example Link Aggregation Configuration Configuring Link Aggregation Port Configuration Configuring GARP/GVRP Configuring VLANsVlan Overview Vlan Overview Creating or Deleting a Vlan Setting the Broadcast Suppression Ratio for VlanSpecifying the Broadcast Suppression Ratio for a Vlan Creating or Deleting a Vlan By default, the string parameter is null Setting or Deleting the Vlan Description Character StringSpecifying or Removing Vlan Interfaces Create a Vlan before creating an interface for it Displaying and Debugging a Vlan Example Vlan Configuration Adding Ethernet Ports to a Vlan By default, the system adds all ports to VLAN1Adding Ethernet Ports to a Vlan Add Ethernet1/0/1 and Ethernet1/0/2 to VLAN2 Creating and Deleting a Vlan Protocol TypeCreating and Deleting a Vlan Protocol Type Add Ethernet1/0/3 and Ethernet1/0/4 to VLAN3 Example Protocol-Based Vlan ConfigurationSW7750-vlan2port ethernet1/0/1 to ethernet1/0/2 SW7750-vlan3port ethernet1/0/3 to ethernet1/0/4 SW7750-vlan2protocol-vlan ? Configure the protocol Vlan on port G1/0/1SW7750-vlan2protocol-vlan ip SW7750int g1/0/1 Vlan and multicast addresses Configure port G1/0/3 as Vlan 3 and port G1/0/2 as Vlan Setting the Garp Timers Setting the Garp Timers Display and Debug Garp Displaying and Debugging Garp Setting the Gvrp Registration Type By default, Gvrp is disabled on a portEnabling or Disabling Global Gvrp Enabling or Disabling Port Gvrp Example Gvrp Configuration Example By default, the Gvrp registration type is normalSetting the Gvrp Registration Type Displaying and Debugging Gvrp Enable Gvrp on the trunk port Enable Gvrp globallyCreate VLANs Address Configuring IP Configuring the IP Address of the Vlan Interface Configure IP Address and HostName for a HostConfigure the Host Name and the Corresponding IP Address Subnet and Mask Configure IP Address for a Vlan Interface Example Configuring an IP AddressDisplaying and Debugging an IP Address Display and Debug IP Address Address Configuration Configure the IP address for Vlan interfaceExample IP Address Resolution Enter Vlan interface Learning Gratuitous ARPs Manually Adding/Deleting Static ARP Mapping EntriesManually Adding/Deleting Static ARP Mapping Entries Learning Gratuitous ARPs Dhcp Relay Configuring the Dynamic ARP Aging TimerDisplaying and Debugging ARP Configure/Delete the IP Address of the Dhcp Server Configuring a Dhcp Server IP Address in a Dhcp Server GroupDhcp-server groupNo ip ipaddress1 Ipaddress2 Configuring the Address Table Entry Configuring the Dhcp Server Group for the Vlan InterfaceEnabling/Disabling Dhcp Security Features Configure/Delete the Address Table Entry Displaying and Debugging Dhcp Relay Example Configuring Dhcp Relay Relay Configuration Dynamically Show the configuration of Dhcp server groups in User viewSW7750display dhcp-server SW7750display dhcp-server interface vlan-interface Attributes IP Performance Display and Debug IP Performance Configure Whether to Forward L3 Broadcast Packets SW7750terminal debugging SW7750debugging tcp transact SW7750terminal debugging SW7750debugging tcp packet Network Protocol Operation IP Routing Protocol Operation About Hops Routing Table Unreliable source Static RoutesIndividual static routes can be different Routes Shared Between Routing Protocols Configuring a Static Route Default RouteConfiguring a Static Route Configuring a Default Route Configuring a Default RouteParameters are explained as follows IP address and mask Transmitting interface or next hop address Displaying and Debugging Static Routes Example Typical Static Route ConfigurationDeleting All Static Routes Displaying and Debugging the Routing Table Configure the static route for Ethernet Switch B Configure the static route for Ethernet Switch aConfigure the static route for Ethernet Switch C Enabled, but the IP packets cannot be forwarded normally Network or host is unreachable RIP Enabling RIP and Entering the RIP View Enabling RIP and Entering the RIP ViewRip Undo rip Configuring Unicast RIP Messages By default, RIP is not enabledEnabling the RIP Interface Specifying the RIP Version Specifying RIP Version of the Interface Configuring RIP Timers By default, RIP-1 performs zero field check on the packet Configuring RIP-1 Zero Field Check of the Interface PacketConfiguring Zero Field Check of the Interface Packet Specifying the Operating State of the Interface By default, RIP-2 uses the route aggregation function By default, the router receives the host routeSetting RIP-2 Packet Authentication Disabling Host Route By default, split horizon of the interface is enabled Configuring Split HorizonSetting RIP-2 Packet Authentication Configuring Split Horizon By default, the cost value for the RIP imported route is Configuring the Default Cost for the Imported RouteSetting the RIP Preference By default, the preference of RIP is Configuring RIP to Filter Routes Configuring Route FilteringDisplaying and Debugging RIP Configure RIP on Switch a Example Typical RIP ConfigurationConfigure RIP on Switch B Configure RIP on Switch C Information that meets its conditions IP Routing PolicyAdvertise, receive, and import the route information IP Prefix Defining a Route Policy IP PrefixDefining a Route Policy Permit deny node Defining If-match Clauses for a Route Policy By default, no matching is performedDefining If-match Conditions Defining Apply Clauses for a Route Policy Configuring Importing Routes of Other ProtocolsDefining Apply Clauses Configuring Filtering for Received Routes Configuring for Filtering Received RoutesDefining IP Prefix Defining Prefix-list Configuring Filtering of Distributed Routes Configuring for Filtering Distributed RoutesDisplaying and Debugging the Routing Policy Displaying and Debugging the Route Policy Setting the Lower Limit for Switch Memory Configuring Route CapacitySetting the Safety Value for Switch Memory Setting the Lower Limit of the Ethernet Switch Memory Setting the Safety Value of the Ethernet Switch Memory Setting the Lower Limit and the Safety Value Simultaneously Memory auto-establish enable Operation Command Enable automatic recovery of disconnectedDisplaying and Debugging Route Capacity Displaying and Debugging Route Capacity IP Routing Protocol Operation Multicast Protocol Comparison Between the Unicast and Multicast Transmission Ethernet Multicast MAC Addresses Ranges and meanings of Class D addresses are shown in TableRanges and Meanings of Class D Addresses Reserved Multicast Address List Multicast Routing Protocol Internet Group Management Protocol Igmp RPF Reverse Path Forwarding PIM-SM Protocol-Independent Multicast Sparse Mode Multicast routing-enable By default, multicast routing is disabledUndo multicast routing-enable Enabling Multicast By default, the multicast route-limit is Configuring the Multicast Route LimitClearing MFC Forwarding Entries or Statistic Information Displaying and Debugging Common Multicast Configuration Configuring IgmpDisplay and Debug Common Multicast Configuration Participating in multicast must implement Igmp Specific group query Configuring the Igmp Version By default, Igmp is not enabledDefault is Igmp Version Enabling Igmp on an Interface Igmp lastmember-queryinterval By default, the interval is 1 secondSeconds Undo igmp Configuring a Router to be a Member of a Group Configuring the Limit of Igmp Groups on an InterfaceConfigure a Router to Be a Member of a Group Limiting Access to IP Multicast Groups By default, a router does not join a multicast groupConfiguring the Igmp Query Message Interval Default interval is 60 seconds Configuring the Maximum Query Response Time Configuring the Igmp Querier Present TimerConfigure the Igmp Querier Present Timer Configure the Maximum Query Response Time Display and Debug Igmp Displaying and Debugging Igmp Igmp Snooping Multicast Packet Transmission With Igmp Snooping Implement Igmp Snooping Implementing Igmp Snooping Configure Router Port Aging Time Configure Router Port Aging TimeEnabling/Disabling Igmp Snooping Configuring Maximum Response Time By default, the port aging time is 260 secondsBy default, the maximum response time is 10 seconds Configure Aging Time of Multicast Group Member Enable Igmp Snooping if it is disabled Example Igmp Snooping ConfigurationDisplay the status of Gmrp Multicast Protocol Assert Mechanism Diagram Configuring the Interface Hello Message Interval See Configuring Common Multicast onEnabling PIM-DM Entering PIM View Perform the following configuration in the PIM view Configuring the Filtering of Multicast Source/GroupConfiguring the Filtering of PIM Neighbors Configure Hello Message Interval on an Interface Displaying and Debugging PIM-DM Displaying and Debugging PIM-DM Configuration procedure Example PIM-DM ConfigurationEnable the multicast routing protocol Enable PIM-DM Build the RP shared tree RPT Neighbor discovery mechanism is the same as that of PIM-DM Configure Candidate RPs Preparing to ConfigureConfigure BSRs Configure Static RP Refer to Configuring Igmp on Refer to Configuring Common Multicast onEnabling PIM-SM Enabling PIM-SM Configuring Candidate-BSRs Setting the PIM-SM Domain BorderSetting the PIM-SM Domain Border Pim bsr-boundary Configuring Static RP Configuring Candidate-RPsConfiguring Candidate-BSRs Configuring Candidate-RPs Configuring the Filtering of PIM Neighbor See Configuring PIM-DMonConfiguring RP to Filter the Register Messages Sent by DR Configuring the Interface Hello Message Interval Limiting the Range of Legal C-RP Limiting the Range of Legal BSRBsr-policy acl-number Undo bsr-policy Clearing PIM Neighbors Clearing Multicast Route Entries from PIM Routing TableDisplaying and Debugging PIM-SM Clearing Multicast Route Entries from PIM Routing Table Example Configuring PIM-SIM Execute the debugging command in user view to debug PIM-SMConfigure Switch a Enable PIM-SM Display and Debug PIM-SM Configure the C-BSR Configure Switch B Enable PIM-SMConfigure the C-RP Configure PIM domain border Information dynamically registered by other switches Configure Switch C Enable PIM-SMMulticast in Vlan Example Configuring Gmrp Enable/Disable Gmrp GloballyEnabling/Disabling Gmrp on the Port Displaying and Debugging Gmrp Configure LSB Enable Gmrp globally Enable Gmrp on the port Filtering or Classifying ACL OverviewHardware Value range Maximum Quantitative Limitation to the ACL Configuring the Time Configuring ACLsBe done in sequence Range Basic ACL is defined by numbers from 2000 to Defining a Basic ACLDefine an Advanced ACL Define Basic ACL Defining a Layer-2 ACL Perform the following configuration in designated viewDefine Advanced ACL Define Layer-2 ACL Activate ACL Displaying and Debugging an ACL Access Control ACL Configuration Examples Define the work time range Set the time range 800 to Select ACL mode Select ip-based ACL modeActivate ACL Activate the traffic-of-payserver ACL Define the time range Define time range 800 to Select ACL mode Select link-based ACL mode Configuring QoSDefine the rules for packet with source IP address Activate ACL Activate the ACL traffic-of-host Traffic Traffic refers to all packets passing through a switchTraffic Classification Traffic Policing Packet FilterBandwidth Assurance Port Traffic Limit Traffic Counting Traffic Mirroring Setting Port Priority Setting Port PriorityOperation Command Set port priority Restore the default priority Undo priority Setting Queue Scheduling Setting Port MirroringSetting Port Mirroring Restore the default mapping Configure the COS local-precedence mapping tableBy default, the switch selects the default mapping Mapping Between Dscp Priority Levels and Outbound Queues Configuring the Priority for Queue Scheduling Configuring the Traffic LimitConfiguring the Traffic Limit Entering QoS View Setting Traffic Bandwidth Setting Line LimitSetting Traffic Redirection Setting the Line Rate Configure RED Operation Configuring the RED OperationRelabeling the Priority Level Relabeling the Priority Level Configuring Traffic Statistics Configuring Traffic StatisticsDisplaying and Debugging QoS Display and Debug QoS Traffic Limit and Line Rate Traffic Bandwidth Traffic StatisticsDisplay priority-trust Set traffic limit for the wage server Enter QoS view Define the traffic-of-payserver rule in the advanced ACLPort Mirroring Define traffic classification rules for PC1 packets Priority Relabeling Configuration ExampleSW7750acl number Packet Redirection Other interface units support only SP algorithm View the configuration with the display commandRule 0 interface gigabitetherent7/0/8 SW7750queue-scheduler wrr 5 5 10 10 15 15 9 Traffic Bandwidth Define traffic rules for the packets of IP address Traffic Bandwidth Traffic Statistics Security, see System Access Configuring ACLControl Define traffic rules for PC1 packets Importing an ACL Defining an ACLExample Controlling Telnet Users with ACL Defining a Basic ACL Importing an ACL to Control Snmp Users Call an ACLDefine a Numbered Basic ACL Example Controlling Snmp Users with an ACL Authentication privacy read-viewRead-view read-view write-view Snmp-agent group v3 group-name Import the basic ACLs QOS/ Operation STP Overview Configuring STP Illustrates the network Algorithm Configuring STP STP Operation Final Stabilized Spanning Tree Mstp Overview Vlan Mapping Table MST RegionInternal Spanning Tree IST Common Spanning Tree CST Msti Region root Multiple Spanning Tree Instance MstiCommon Root Bridge Boundary port Mstp Principles Configuring MstpCist calculation Msti calculation Undo stp Region-configuration Stp region-configurationEntering MST region view Enter MST Region View Perform the following configuration in MST region view Configuring the MST RegionRoot Switch Configure the MST Region for a Switch Specify the Switch as Primary or Secondary Root Switch Configure the Mstp Running Mode By default, the switch priority isConfigure the Priority for a Switch Configure the Switching Network Diameter Configure the Max Hops in an MST Region Configure the Time Parameters of a Switch Configuring in Ethernet port view Configuring in system viewConfigure the Max Transmission Speed on a Port Port Configure a Port as an Edge Port or a Non-edge Port Specify the Standard To BeFollowed in Path Cost Calculation Configure the Path Cost of a PortInstance instance-id cost Stp instance instance-id cost Link Restore the default standard to be used Calculates the default Path Cost for the connectedStp pathcost-standard Dot1d-1998 dot1t legacy Instance instance-id port Configure the Port PriorityPriority priority Stp instance instance-idport Configure the Port Connection With the Point-to-point Link Configuring the Port Connection with Point-to-Point Link Variable of a Port Configure the mCheck Variable of a PortSecurity Function Mcheck Configure the Switch Security Function Enable/Disable Mstp on a Port Enable/Disable Mstp on a DeviceDevice Digest Snooping Configuring DigestSnooping Prerequisites Configure digest snooping Ieee 802.1x Authentication Process Implement 802.1x on Ethernet Switch Setting Port Access Control Method Setting the Port Access Control ModeEnabling/Disabling Setting Number of Users on a Port Checking the Users that Log on the Switch by ProxyEnabling Dhcp to Launch Authentication Set to Enable Dhcp to Launch Authentication Setting the Maximum Retransmission Times Configuring the Authentication Method for 802.1x UsersConfiguring Timers Example 802.1x Configuration Enabling/Disabling Quiet-Period TimerEnable/Disable a Quiet-Period Timer Displaying and Debugging SW7750dot1x port-method macbased interface ethernet 1/0/2 SW7750dot1x interface ethernet 1/0/2SW7750radius scheme radius1 AAA and Radius ImplementingProtocols Network security management Radius Implementing AAA/RADIUS on Ethernet Switch Configuring AAACreating/Deleting an ISP Domain Configure Relevant Attributes of ISP Domain Configuring Relevant Attributes of an ISP DomainCreate/Delete ISP Domain Setting Attributes of a Local User By default, there is no local user in the systemCreating a Local User By default, no online user will be disconnected by force Disconnecting a User by ForceRadius Protocol Radius server type, etc Create/Delete a Radius Server Group Creating/Deleting a Radius Server GroupUndo radius scheme Set IP Address and Port Number of Radius Server Setting the IP Address and Port Number of Radius Server Setting the Response Timeout Timer of Radius Server Setting the Radius Packet Encryption KeyBy default, timeout timer of Radius server is 3 seconds Setting Retransmission Times of the Radius Request Packet Enable the Selection of the Radius Accounting Option Setting a Real-time Accounting IntervalEnabling the Selection of the Radius Accounting Option Set Retransmission Times of Radius Request Packet Setting Maximum Times of Real-time Accounting Request By default, minute is set to 12 minutesEnabling/Disabling Stop Accounting Request Buffer Recommended Ratio of Minute to Number of Users By default, the Radius server type is standard Setting the Supported Type of Radius ServerSetting Radius Server State Enable/Disable Stopping Accounting Request Buffer Set Radius Server State Setting Username Format Transmitted to Radius ServerSet the Unit of Data Flow Transmitted to Radius Server Configuring Source Address for Radius Packets Sent by NAS Configuring a Local Radius Server GroupSetting the Timers of the Radius Server Setting the Response Timeout Timer of the Radius Server 229 35 Configure the Radius server response timer III. Configure the Radius Server Response TimerHwtacacs configuration tasks include 36 Hwtacacs configuration Configuring Hwtacacs AAA and Radius Operation Configuring Hwtacacs Perform the following configuration in Hwtacacs view Configuring Hwtacacs Default response timeout timer is set to 5 seconds Setting Tacacs Server TimersInterval is in minutes and must be a multiple Debugging the AAA DisplayingRADIUS, Hwtacacs Protocols Remote Radius Server Examples Configure Radius scheme Configure the domainConfigure the association between domain and Radius Authentication at a Configure Vlan delivery mode as string Configure a Hwtacacs schemeConfigure name of the delivered Vlan Associate the domain with the Hwtacacs User authentication/authorization always fails ConfigurationsRadius packet cannot be transmitted to Radius server AAA and Radius Operation File System File SystemManaging the MAC Address Table Managing Devices Perform the following operation in system view Mode of the File SystemFile Operation File System Operation Format the flash Example File System OperationDisplay the working directory in the flash Create a directory named test Saving the Current Configuration Perform the following configuration in all viewsErasing the Configuration Files from Flash Memory Enable/Disable FTP Server Configuring the FTP Server Authentication and AuthorizationConfigure the FTP Server Authentication and Authorization Enabling and Disabling the FTP Server By default, the FTP server connection timeout is 30 minutes Configuring FTP Server ParametersDisplaying and Debugging the FTP Server Introduction to FTP Client By default, Tftp transmits files in binary mode Configuring the File Transmission ModeDownloading Files with Tftp Uploading Files with Tftp Setting MAC Address Table Entries Disabling or Enabling Global MAC Address Learning By default, the MAC address learning function is enabledDisabling or Enabling MAC Address Learning on a Port Setting the MAC Address Aging Time for the System Setting MAC Address Aging TimeDisplaying and Debugging the MAC Address Table Displaying and Debugging MAC Address Table Enter the system view of the switch Example Configuring MAC Address Table ManagementDisplay the MAC address configurations in all views Add a MAC address specify the native VLAN, port and state Upgrading BootROM Is booted Perform the following configuration in user viewResetting a Slot If you input reboot only, the whole system will be reset Setting the Backboard View Setting the Slot Temperature LimitMaintaining Debugging System Setting the System Clock Setting the System NameSetting the Time Zone Setting Daylight Saving Time By default, daylight saving time is not set Perform this command in user viewSetting Daylight Saving Time Display Commands of the System Enabling and Disabling Debugging Displaying Diagnostic Information Following sections Ping Tracert Command Testing Tools forTracert Command Ping Operation Command Trace a route Tracert CommandTimeout host Tracert -f first-TTL -m Enable/Disable the Logging Function Setting the Output Channel of the LogEnabling and Disabling the Logging Function Log Output Defining the Log Filtering RulesNumbers and Names of the Channels for Log Output Syslog-Defined Severity Configuring the Snmp Timestamp Output Format Configuring the Snmp Timestamp Output FormatDefine the Filtering Rules of the Channels Example Log Configuration Configuring the Info-center LoghostEnable Rstp module debugging SW7750 security messages Displaying and Debugging the Syslog Function Displaying and Debugging the Syslog Function Architecture of the MIB Tree MIBs Supported by the Ethernet Switch Setting the Community NameMIB Attribute MIB Content References Setting the Community Name Setting the Destination Address of a TrapSetting the Destination Address of a Trap Enabling and Disabling the Snmp Agent to Send a Trap By default, the lifetime of a trap message is 120 seconds Setting the Lifetime of the Trap MessageSetting Snmp Information By default, syslocation is specified as Marlborough MA Setting the Source Address of the Trap Setting and Deleting an Snmp GroupSetting and Deleting an Snmp Group Setting the Source Address of the Trap Adding and Deleting a User to or from an Snmp Group Creating and Updating View Information or Deleting a ViewCreating and Updating View Information or Deleting a View Disabling the Snmp Agent Enabling and Disabling Transmission of Trap InformationDisplaying and Debugging Snmp Operation Command Display the contact character string Example Snmp ConfigurationEnter the system view Set the community name, group name, and user Networks Used network management standards Adding or Delete an Entry to or from the Alarm Table Adding and Deleting an Entry to or from the Alarm TableAdding and Deleting an Entry to or from the Event Table Add or Delete an Entry to or from the Event Table Add or Delete an Entry to or from the Statistics Table Example Rmon Configuration Displaying the Rmon ConfigurationConfigure Rmon View the configurations in user view NTP Configuring NTP Operating Mode Ntp-service unicast-server Configuring NTP Time ServerAuthentication-keyid keyid Undo ntp-service unicast-server Configuring NTP Peer Mode Perform the following configurations in Vlan interface viewConfiguring NTP Broadcast Server Mode Configuring NTP Multicast Server Mode Configuring NTP Broadcast Client ModeConfiguring NTP Multicast Client Mode Setting the NTP Authentication Key Configuring NTP ID AuthenticationSetting the Specified Key to Be Reliable Key number key-numberranges from 1 to Designating an Interface to Transmit NTP Message Setting the NTP Master Clock Setting Maximum Local Sessions Setting the Authority to Access a Local SwitchDisplaying and Debugging NTP Configure the Switch SW77501 Enter system view Example Configuring NTP ServersConfigure Ethernet Switch SW77502 Enter system view Set the local clock as the NTP master clock at stratum SW77502display ntp-service status Configure Ethernet Switch SW77504 Enter system view Example Configuring NTP Peers SW77504display ntp-service sessions SW77504display ntp-service status Configure Ethernet Switch SW77501 Enter system view Example Configuring NTP Broadcast ModeEnter Vlan-interface2 view Set it as broadcast server Configure Ethernet Switch SW77503 Enter system view Example Configuring NTP Multicast Mode# Set the local clock as a master NTP clock at stratum Set it as a multicast server Example Configuring Authentication-Enabled NTP Server Mode SW77501ntp-service authentication enable Configure the key as reliableSW77501ntp-service reliable authentication-keyid System Management