Managing Device Security | 3Com 2924-PWR specification

62CHAPTER 4: MANAGING DEVICE SECURITY

Defining Access Access Control Lists (ACLs) allow network managers to define

Control Lists classification actions and rules for specific ingress ports. A network manager can configure an ACL on an ingress port so that packets are either admitted or denied entry. The user can also specify that when packets are denied entry, the ingress port is also disabled.

For example, an ACL rule is defined stating that port number 20 can receive TCP packets, however, if a UDP packet is received, the packet is dropped. ACLs are composed of access control entries (ACEs) that are made of the filters that determine traffic classifications.

The following are examples of filters that can be defined as ACEs:

■Source Port IP Address and Wildcard Mask — Filters the packets by the source port IP address and wildcard mask.

■Destination Port IP Address and Wildcard Mask — Filters the packets by the destination port IP address and wildcard mask.

■ACE Priority — Filters the packets by the ACE priority.

■Protocol — Filters the packets by the IP protocol.

■DSCP — Filters the packets by the DiffServ Code Point (DSCP) value.

■IP Precedence — Filters the packets by the IP Precedence.

■Action — Indicates the action assigned to the packet matching the ACL. Packets are forwarded or dropped. In addition, the port can be shut down, a trap can be sent to the network administrator, or packet is assigned rate limiting restrictions for forwarding.

This section includes the following topics:

■Viewing MAC Based ACLs

■Configuring MAC Based ACLs

■Removing MAC Based ACLs

■Viewing IP Based ACLs

■Defining IP Based ACLs

■Modifying IP Based ACLs

■Removing IP Based ACLs

■Viewing ACL Binding

■Configuring ACL Binding

■Removing ACL Binding

Image 62

3Com 2924-PWR manual Managing Device Security

Contents

3Com Baseline Switch 2924-PWR Plus 3Com Corporation Campus Drive Marlborough Managing System Information Provides information for User GuideOverview About this Guide Documentation ConventionsRelated Contents Viewing Basic Settings Configuring Ports Configuring Igmp Snooping Managing Power Over Ethernet Devices Device Specifications and Features Glossary Getting Started Hardware Features 2924-PWR Hardware Features Switch 2924-PWR Plus 24-Port-front panel Describes the meanings of the LEDs IndicatorsLED Status System Installing Switch Management Setting Up forMethods of Managing a Switch Web Interface Management Refer to Setting Up Snmp Management V1 or V2 on Switch SetupRefer to Setting Up Web Interface Management on Snmp Management Initial Switch Setup and Management Flow Diagram Automatic IP Configuration using Dhcp Manual IP Configuration Interface CLI Prerequisites Connecting the Workstation to the Switch Manually set the IP Address using the Console Port IpSetup xxx.xxx.xxx.xxx mmm.mmm.mmm.mmm ggg.ggg.ggg.gggg Getting Started Choosing a Browser Setting Up WebInterface Over the Network \ ping Following prompt displays Upgrading Software usingEnter yes and press Return. The system reboots the switch Using the 3COM WEB Interface Web Interface Accessing the 3Com Web InterfaceStarting the 3Com Multi-Session Web Connections Enter Network Password Web Interface Understanding 3Com Web Interface 3Com Web Interface Home Web Interface Components Management Buttons To access the Device RepresentationClick Device Summary Device View Table Options Using ScreenViewing Configuration Information Adding Configuration Information Click Administration IP Setup. The IP Setup Page opens Modify the fields Click . The access fields are modified System Access Modify System Access Remove To save the device configuration ConfigurationLatest configuration to be saved to the flash memory Click . The configuration is saved Click . a confirmation message is displayed Resetting the DeviceClick Administration Reset. The Reset Page opens User Name and Password Defaults Restoring Factory To log off the device Logging OffDevice Click Viewing Basic Settings To view the Device Summary Settings Click Device Summary. The Device Summary Page opensPage Click Device Summary Color Key. The Color Key Page opens Color Key Managing Device Security Managing Device Security System Access Summary To define System Access Interface To modify System Access Click . The Users are deleted, and the device is updated To remove users To configure the Radius client Managing Device Security 802.1X AuthenticationDefining Port-Based Click Security 802.1X Summary. The 802.1X Summary Page opens Defining Port-Based Authentication 802.1X Global Settings Click Security 802.1X Setup. The 802.1X Setup Page opens 802.1X Port Settings Managing Device Security To view MAC Based ACLs MAC Based ACL Summary MAC Based ACL Setup Page contains the following fields To configure MAC-based ACLsClick Device ACL MAC Based ACL Setup. The MAC Based ACL Add Rules to ACL Select Create ACL Modify To modify a MAC-based ACL rule Managing Device Security Click Device ACL MAC Based ACL Remove. The MAC Based ACL MAC Based ACL Remove Page contains the following fields Check Remove ACL IP Based ACL Summary Managing Device Security To configure IP-based ACLs IP Based ACL Setup Managing Device Security Defining Access Control Lists Select Create ACL Modify Rule IP Based ACL Modify Managing Device Security Defining Access Control Lists Click Device ACL IP Based ACL Remove. The IP Based ACL IP Based ACL Remove Updated ACL Binding Summary ACL Binding Setup To define ACL Binding To remove ACL Binding ACL Binding Remove Managing Device Security Broadcast Storm Setup To define Broadcast Storm Traffic Information Device View Managing System Information Page To configure the System Name System Name To configure the System Time Local SettingsEnabled on the device System Time Setup Page contains the following fields Managing System Information Page Monitor users have no access to this To reset the device configuration Define the fields Click or . The device is reset Configuring Ports Page To view Port Settings Port Administration Summary 101 To configure Port Settings Port Administration Setup 103 Click Port Administration Detail. The Port Detail Page opens To view Port Details 105 Aggregating Ports Link Aggregation Summary Deselected ports To create Link AggregationBlue Displays a member of the aggregation being created Summary Blue Displays a member of the modified aggregation To modify Link AggregationLink Aggregation Modify Page includes the following fields Summary To remove Link Aggregation Link Aggregation Remove Page includes the following fields Lacp Summary Lacp Modify 115 Configuring Vlans Click Device Vlan Vlan Detail. The Vlan Detail Page opens Vlan Vlan Port Detail Create Click Device Vlan Setup. The Vlan Setup Page opensVlan Setup Page contains the following fields To create VLANs Rename Vlan To edit Vlan Settings Click Device Vlan Modify VLAN. The Modify Vlan Page opens Configuring Vlans To modify Port Vlan Settings Modify Vlan Port To delete VLANs Click Device Vlan Remove. The Vlan Remove Page opens Address Information IP Setup Page contains the following fields To define an IP interface Configuring ARP Settings ARP Settings Summary To configure ARP entries ARP Settings Setup ARP Settings Remove To remove ARP entries Configuring ARP Settings Databases is forwarded immediately to the port. The Dynamic ConfiguringAddress Tables Traffic is seen for a certain period, are erased Table Settings To view address table settings Port Summary Configuring Address Tables Address Table To add MAC addresses to the Address Table Configuring Address Tables Address Table Setup Page contains the following field To define the Aging Time To remove ports Port Remove Configuring IP and MAC Address Information To remove MAC addresses from the Address Table Address Table Remove Configuring IP and MAC Address Information Configuring Igmp Snooping Opens To configure Igmp SnoopingClick Device Igmp Snooping Setup. The Igmp Snooping Setup Select Enable or Disable from the Igmp Status list Configuring Spanning Tree Spanning Tree Summary Configuring Spanning Tree 149 Spanning Tree Setup Page contains the following fields Global SettingsTo configure Spanning Tree Setup Bridge Settings Designated Root To modify Spanning Tree Spanning Tree Modify Configuring Spanning Tree Configuring Snmp Snmp version Snmp version 2c Snmp Communities Setup To define Snmp communities Community String Insert New Community Enables adding an Snmp communitySnmp Management To remove Snmp communities Snmp Communities Remove Snmp Traps Setup To define Snmp traps To remove Snmp traps Snmp Traps Remove Snmp Traps Remove Page contains the following fields Service Click Device QoS CoS Summary. The CoS Summary Page opens CoS Summary To configure CoS Settings Click Device QoS CoS Setup. The CoS Setup Page opens CoS to Queue Summary To configure CoS values to queues CoS to Queue Setup Can be assigned to queue To view the Dscp Queue Dscp to Queue Summary Be assigned to queue To map CoS to Queues Click Device QoS Trust Setup. The Trust Setup Page opens Trust Setup Ingress Rate Limit Bandwidth Summary Egress Shaping Rates To configure Bandwidth Settings Bandwidth Setup Page contains the following fields Egress Shaping Rate There are two operational modes for IP Phones Defining VoiceReceived unevenly. The system supports one Voice Vlan Tagged packets are used for all communications Voice Vlan Summary Voice Vlan Setup Voice Vlan Port Setup Device is updated Defining Voice Vlan To view Voice Vlan Port Detail Settings Voice Vlan Port Details Voice Vlan OUI Summary Page contains the following fields To view Voice Vlan OUI SettingsOUI List Voice Vlan OUI Modify Page contains the following fields Voice Vlan OUI Modify Defining Voice Vlan Managing System Files 185 Configuration Upload To backup System files Configuration Download To restore System files To download the software image Software Download Active Image Page contains the following fields Active Image Ethernet Devices Device Power Display Port PoE Summary Page displays the following information Ports Power Display Click Port PoE Setup. The Port PoE Setup Page opens Managing Power Over Ethernet Devices Managing System Logs System Log Severity Levels To view Logging Logging Display Logging Setup To define Log Parameters Managing System Logs 199 Viewing Statistics To view Rmon statistics Port Statistics Summary Viewing Statistics 203 Managing Device Diagnostics Configuring Port Mirroring To enable port mirroring Port Mirroring Setup Configuring Port Mirroring To remove port mirroring Port Mirroring Remove Viewing Cable DiagnosticsTo view cables diagnostics Copper cable attached to a port Managing Device Diagnostics Diagnostics To test cables 3Com Network Supervisor Access Manager Director Manager HP OpenViewNetwork Node Application such as 3Com Enterprise Management Suite EMS Environmental Physical Features of the Baseline Switch 2924-PWR Plus Electrical Switch Features Interface with Crossover Mdix SSL Vlan PC-AT Serial Cable Null Modem Cable RJ-45 to RS-232 25-pin Ethernet Port RJ-45 Pin Assignments 10/100 and 1000BASE-T RJ-45 connections Ethernet Port RJ-45 Pin Assignments Solutions ProblemTroubleshooting Problems Possible Cause Solution Contact 3Com Line Interface With the CommandGetting Started CLI Commands Sessions Example Syntax Default ConfigurationUser Guidelines Syntax Parameters Syntax Summary Default Configuration Summary No default IP address is defined for interfaces Following example displays an IP address configured manually Upgrade Tftp Server IP AddressDestination File NameFile Type Syntax Initialize Syntax Reboot Logout The Logout command terminates the CLI session Syntax Logout Default Configuration Password The Password command changes the user’s password Syntax Password Default Configuration Boot Protocol Access Control ListAddress Resolution Service Dscp 239 Group LAG Link Aggregation See Port Trunk MIB Port Authentication See Ieee Controller Access AuthenticationTerminal Access Remote 243 Warranty Service BenefitsSolve Problems Online Services Contact Us Access SoftwareDownloads Support and Repair Country Telephone Number US and Canada Telephone Technical Support and Repair 800 876 Regulatory Notices