Encrypting, Connection to | 3Com 3CRDSF9PWR guide

74CHAPTER 4: MANAGING DEVICE SECURITY

Encrypting	HTTPS allows secure access to the Web interface of the switch. If you
Connection to the	administer your switch remotely or over an insecure network, the switch
Web Interface	can encrypt all HTTP traffic to and from the Web interface using the
(HTTPS)	Secure Sockets Layer (SSL) of HTTP. If your network traffic is intercepted,
	no passwords or configuration information will be visible in the data.

To use HTTPS you need the following:

■A browser that supports SSL

■A digital certificate installed on the switch

The switch ships with a default certificate installed. This certificate has not been validated by a Certifying Authority and your browser may warn you that the certificate has not been certified. Using a properly validated certificate provides a higher level of security than the default certificate.

You can securely browse your switch by using the HTTPS (HTTP over SSL) protocol. To access the Web interface securely, enter the following into your browser:

https://xxx.xxx.xxx.xxx/

where xxx.xxx.xxx.xxx is the IP address of your switch.

Both HTTP and HTTPS service can be enabled independently on the switch. However, you cannot configure the HTTP and HTTPS servers to use the same TCP port.

If you enable HTTPS, you must indicate this in the URL that you specify in your browser and specify the port number if not using the default value: https://device[:port_number]

When you start HTTPS, the connection is established in this way:

■The client authenticates the server using the server’s digital certificate.

■The client and server negotiate a set of security protocols to use for the connection.

■The client and server generate session keys for encrypting and decrypting data.

Image 74

3Com 3CRDSF9PWR manual Encrypting, Connection to

Contents

3Com OfficeConnect Managed PoE Switch 3Com Corporation Campus Drive Marlborough Managing System Information Provides information for User GuideOverview About this Guide Documentation ConventionsRelated Lists conventions that are used throughout this guide About this Guide Contents Viewing Basic Settings Configuring Ports Configuring Igmp Snooping Managing System Files Managing Device Diagnostics -O UTS Troubleshooting Page Getting Started OfficeConnect SwitchAbout Managed Fast OfficeConnect Managed Fast Ethernet PoE Switch-front panel LED Status IndicatorsOfficeConnect Managed Fast Ethernet PoE switch provides LED Describes the meanings of the LEDs System SpecificationsFast Ethernet PoE switch Installing Management Setting Up forMethods of Managing a Switch Refer to Setting Up Web Interface Management on Refer to Setting Up Command Line Interface Management on Configure IP information manually for your switch or view Switch SetupRefer to Setting Up Snmp Management V1 or V2 on Automatically configured IP information Initial Switch Setup and Management Flow Diagram Automatic IP Configuration using Dhcp Manual IP Configuration Interface CLI Prerequisites Connecting the Workstation to the Switch Manually set the IP Address using the Console Port Console#configure Console#show ip interface Choosing a Browser Setting Up WebInterface Interface Management Setting UpCommand Line Over the Network Network Using Telnet Where xxx.xxx.xxx.xxx is the IP address of the switch Upgrading Software using Default Users Enter y and press Return. The system reboots the switch Following prompt displays Using the 3COM WEB Interface Web Interface Accessing the 3Com Web InterfaceStarting the 3Com Multi-Session Web Connections Enter Network Password Web Interface Understanding 3Com Web Interface 3Com Web Interface Home Following table lists the user interface components Interface Components View Description Management Buttons To access the Device RepresentationClick Device Summary Device View Table Options Using ScreenTo view configuration information Click Administration IP Setup. The IP Setup Page opens IP Setup Modify the fields Click . The access fields are modified System Access Modify To save the device configuration ConfigurationConfiguration to be saved to the flash memory Click . The configuration is saved Click . a confirmation message is displayed Resetting the DeviceClick Administration Reset. The Reset Page opens Click Reboot in 15 secondsPassword is displayed To restore the device DefaultsRestores device factory defaults Restoring Factory To log off the device Logging OffDevice Following message appears Viewing Basic Settings To view the Device Summary Settings Device Summary Page contains the following fields Polling Interval Page contains the following fields Polling Interval Click Device Summary Color Key. The Color Key Page opens Color Key Managing Device Security Managing Device Security System Access Summary To define System Access Interface To modify System Access Click . The Users are deleted, and the device is updated To remove users To configure the Radius client Managing Device Security 802.1X AuthenticationDefining Port-Based Click Security 802.1X Summary. The 802.1X Summary Page opens Defining Port-Based Authentication Click Security 802.1X Setup. The 802.1X Setup Page opens 802.1X System SettingPort Settings Defining Port-Based Authentication Forwarded on to the originally requested web DefiningLocal Database Local Database Setup Page contains the following fields AuthenticationTo configure Local Database Settings Local Database Port Detail Local Database Port Setup Page contains the following fields To display the users stored in the Local Database User Name The name of users stored in the local database Summary To create user entries in the Local DatabaseCreate a User Local Database User Modify To remove a user entry from the Local Database Local Database User Remove Encrypting Connection to To configure Https settings Client and server establish a secure encrypted connection Disabled Https is disabled on the device Https//deviceportnumber Https Download Certificate Managing Device Security Switch supports both SSH Version 1.5 and 2.0 clients SSH Host Key Page contains the following fields To view the DSA and RSA keysClick Security SSH Host Key. The SSH Host Key Page opens Must use this web page to create a public host key SSH Key Generate Control Lists Defining AccessAccess Control Lists ACLs allow network managers to define Filters that determine traffic classifications MAC Based ACL Summary To configure MAC-based ACLs Click Device ACL MAC Based ACL Setup. The MAC Based ACL Add Rules to ACL Select Create ACL To define a new MAC-based ACL rule Click Device ACL MAC Based ACL Remove. The MAC Based ACL Check Remove ACL IP Based ACL Summary Defining Access Control Lists Opens To configure IP-based ACLsClick Device ACL IP Based ACL Setup. The IP Based ACL Setup Add Rules to ACL Managing Device Security To create a new IP-based ACL Click Device ACL IP Based ACL Remove. The IP Based ACL Updated ACL Binding Summary ACL Binding Setup To define ACL Binding To remove ACL Binding ACL Binding Remove Managing Device Security Storm Control SettingsTo display the storm control settings For all ports Control ConfiguringTo configure Broadcast Storm Control Define the relevant fields Using Broadcast Storm Control Managing Device Security Information Device View Viewing System Description Configuring the System Name SettingsSystem settings. The section includes the following topics Configuring System Time To configure the System Name Device To configure the System Time System Time Setup Defining System Settings Saving the Device Saved to the flash memory To reset the device configuration Managing System Information Configuring Ports Port Administration Summary 115 To configure Port Settings Port Administration Setup 117 Click Port Administration Detail. The Port Detail Page opens 119 Configuring Ports Aggregating Ports Link Aggregation Summary To create Link Aggregation Blue Displays a member of the aggregation being created Summary Deselected ports Blue Displays a member of the modified aggregation To modify Link AggregationLink Aggregation Modify Page includes the following fields Summary To remove Link Aggregation Link Aggregation Remove Page includes the following fields Lacp Summary Lacp Modify Aggregating Ports Configuring Vlans Click Device Vlan Vlan Detail. The Vlan Detail Page opens Vlan Vlan Port Detail Create VLANs Click Device Vlan Setup. The Vlan Setup Page opensVlan Setup Page contains the following fields To create VLANs To rename VLANs Click Device Vlan Rename. The Vlan Rename Page opens To edit Vlan Settings Click Device Vlan Modify VLAN. The Modify Vlan Page opens 137 To modify Port Vlan Settings Click Device Vlan Modify Port. The Modify Port Page opens To delete VLANs Click Device Vlan Remove. The Vlan Remove Page opens Configuring Vlans Address Information Addressing IP Setup Page contains the following fieldsDefining IP To define an IP interface Configuring ARP Settings ARP Settings Summary To configure ARP entries ARP Settings Setup ARP Settings Remove To remove ARP entries Configuring ARP Settings Configuring IP and MAC Address Information Table Settings To view address table settings Port Summary Configuring Igmp Snooping To configure Igmp Snooping Click Device Igmp Snooping Setup. The Igmp Snooping Vlan Settings Configuring Igmp Snooping Configuring Spanning Tree Spanning Tree Summary 157 To configure Spanning Tree Setup Spanning Tree 159 Spanning Tree Port Setup To modify Spanning Tree Recommended STA Path Cost Range Configuring Spanning Tree Configuring Snmp Snmp version Snmp version 2c Click Administration Snmp Setup. The Snmp Setup Page opens To set the operational status for Snmp Click Administration Snmp Snmp Add. The Snmp Add Page opens To define Snmp communities Snmp Add Page contains the following fields Community StringSnmp Trap Communities Remove Community StringRemoving Snmp To remove Snmp communities or traps Remove Snmp Trap Service Click Device QoS CoS Summary. The CoS Summary Page opens CoS Summary To configure CoS Settings Click Device QoS CoS Setup. The CoS Setup Page opens To configure the queue mode Click Device QoS Queue. The Queue Setup Page opens CoS to Queue Summary To configure CoS values to queues With 0 representing the lowest queue and 3 as the highest To view the Dscp to CoS mapping Dscp to CoS Summary Dscp to CoS Setup To map Dscp to CoS values Click Device QoS Trust Setup. The Trust Setup Page opens Trust Setup Page contains the following fields Ingress Rate Limit Bandwidth Summary Egress Shaping Rates Be applied to the egress traffic on a specified interface To configure Bandwidth SettingsBandwidth Setup Page contains the following fields Egress Shaping Rate Configuring Quality of Service Voice Vlan Summary To configure Voice Vlan Settings Voice Vlan Setup Voice Vlan is defined, and the device is To configure Voice Vlan port settings Voice Vlan Port Setup Device is updated For specific ports To view Voice Vlan Port Detail SettingsPort Definitions Configuring Voice Vlan Voice Vlan OUI Summary Page contains the following fields To view Voice Vlan OUI SettingsOUI List To modify Voice Vlan OUI Settings Voice Vlan OUI Modify Page contains the following fields Configuring Quality of Service Managing System Files Managing System Files Configuration Upload To backup System files Configuration Download To restore System files To download the software image RestoringSoftware Software Download Managing System Files Ethernet Devices Device Power Display Port PoE Summary Page displays the following information Port Power Display To configure Port PoE Settings Click Port PoE Setup. The Port PoE Setup Page opens 203 Managing Power Over Ethernet Devices Managing System Logs System Log Severity Levels To view Logging Logging Display Logging Setup Page contains the following fields To define Log Parameters Managing System Logs Viewing Statistics To view port statistics Port Statistics Summary Port Statistics Summary Page Field Description Port Statistics Summary Page Field Description 213 Port Statistics Summary Page Field Description Managing Device Diagnostics Port mirroring is not supported for trunk ports To enable port mirroring Port Mirroring Setup Managing Device Diagnostics To remove port mirroring Port Mirroring Remove To view cables diagnostics Cable Diagnostics Summary Configuring Cable Diagnostics Diagnostics To test cables Request packets to another node on the network Using the command line interface to ping another devicePinging Another Press Esc to stop pinging 3Com Network Supervisor Access Manager Director Manager HP OpenViewNetwork Node Application such as 3Com Enterprise Management Suite EMS Appendix a 3COM Network Management Environmental Physical Feature Description Electrical Switch Features Interface with Crossover Mdix SSL Appendix B Device Specifications and Features PC-AT Serial Cable Null Modem Cable RJ-45 to RS-232 25-pin Ethernet Port RJ-45 Pin Assignments 10/100 and 1000BASE-T RJ-45 connections Ethernet Port RJ-45 Pin Assignments Appendix C PIN-OUTS Solutions ProblemTroubleshooting No connection and the port LED is off Lost Password Problems Possible Cause Solution Problems Possible Cause Solution Appendix D Troubleshooting Boot Protocol Access Control ListAddress Resolution Service Dscp Appendix E Glossary Igmp Snooping Ieee 802.3uIeee Igmp Query Port Authentication See Ieee Link Aggregation See Port Trunk Protocol Rstp RemoteRemote Monitoring Secure Shell SSH XModem Byte blocks and error-correctedThough located on the same LAN Product to Gain Service BenefitsRegister Your TTroubleshoot Access Software WarrantyServices Purchase Extended Next section Must apply for a user name and passwordContact Us Directory of 3Com resources by region at 00800 4411 Contact Us Appendix F Obtaining Support for Your 3COM Products Regulatory Notices