3Com 3CRDSF9PWR guide

Using the Secure Shell Protocol (SSH)

79

Using the Secure Secure Shell (SSH) provides a secure replacement for management access Shell Protocol (SSH) via Telnet. When an SSH management client contacts the switch, the

switch first compares the public-key and password provided by the client against those stored locally before granting access. SSH also encrypts all data transfers passing between the switch and SSH management clients, and ensures that data traveling over the network arrives unaltered.

Note that you need to install an SSH client on the management station to access the switch for management via the SSH protocol.

The switch supports both SSH Version 1.5 and 2.0 clients.

The SSH server on this switch supports local password authentication. Note that although the switch only supports password authentication, you still have to generate a public key on the switch.

To use the SSH server, complete these steps:

1Generate a Host Key Pair – No keys are generated in the switch’s factory default configuration. You must use the SSH Key Generate Page to create a public host key.

2Provide Host Public Key to Clients – Many SSH client programs automatically import the host public key during the initial connection setup with the switch. Otherwise, you need to manually create a known hosts file on the management station and place the host public key in it. An entry for a public key in the known hosts file would appear similar to the following example:

10.1.0.54 1024 35 15684995401867669259333946775054617325313674890836547254150202455 93199868544358361651999923329781766065830956108259132128902337654 68017262725714134287629413011961955667825956641048695742788814620 65194174677298486546861571773939016477935594230357741309802273708 779454524083971752646358058176716709574804776117

Password Authentication (for SSH v1.5 or V2 Clients)

aThe client sends its password to the server.

bThe switch compares the client's password to those stored in memory.

cIf a match is found, the connection is allowed.

Image 79

3Com 3CRDSF9PWR manual Switch supports both SSH Version 1.5 and 2.0 clients

Contents

3Com OfficeConnect Managed PoE Switch 3Com Corporation Campus Drive Marlborough Overview User GuideManaging System Information Provides information for About this Guide Lists conventions that are used throughout this guide ConventionsRelated Documentation About this Guide Contents Viewing Basic Settings Configuring Ports Configuring Igmp Snooping Managing System Files -O UTS Managing Device Diagnostics Troubleshooting Page Getting Started Managed Fast SwitchAbout OfficeConnect OfficeConnect Managed Fast Ethernet PoE Switch-front panel Describes the meanings of the LEDs IndicatorsOfficeConnect Managed Fast Ethernet PoE switch provides LED LED Status Fast Ethernet PoE switch SpecificationsSystem Installing Methods of Managing a Switch Setting Up forManagement Refer to Setting Up Command Line Interface Management on Refer to Setting Up Web Interface Management on Automatically configured IP information Switch SetupRefer to Setting Up Snmp Management V1 or V2 on Configure IP information manually for your switch or view Initial Switch Setup and Management Flow Diagram Manual IP Configuration Automatic IP Configuration using Dhcp Prerequisites Interface CLI Manually set the IP Address using the Console Port Connecting the Workstation to the Switch Console#configure Console#show ip interface Interface Setting Up WebChoosing a Browser Over the Network Setting UpCommand Line Interface Management Where xxx.xxx.xxx.xxx is the IP address of the switch Network Using Telnet Default Users Upgrading Software using Following prompt displays Enter y and press Return. The system reboots the switch Using the 3COM WEB Interface Multi-Session Web Connections Accessing the 3Com Web InterfaceStarting the 3Com Web Interface Web Interface Enter Network Password 3Com Web Interface Home Understanding 3Com Web Interface Interface Components View Description Following table lists the user interface components Click Device Summary Device View To access the Device RepresentationManagement Buttons To view configuration information Using ScreenTable Options IP Setup Click Administration IP Setup. The IP Setup Page opens System Access Modify Modify the fields Click . The access fields are modified Click . The configuration is saved ConfigurationConfiguration to be saved to the flash memory To save the device configuration Click Administration Reset. The Reset Page opens Resetting the DeviceClick . a confirmation message is displayed Password is displayed Reboot in 15 secondsClick Restoring Factory DefaultsRestores device factory defaults To restore the device Following message appears Logging OffDevice To log off the device Viewing Basic Settings Device Summary Page contains the following fields To view the Device Summary Settings Polling Interval Polling Interval Page contains the following fields Color Key Click Device Summary Color Key. The Color Key Page opens Managing Device Security Managing Device Security System Access Summary Interface To define System Access To modify System Access To remove users Click . The Users are deleted, and the device is updated To configure the Radius client Managing Device Security Defining Port-Based Authentication802.1X Click Security 802.1X Summary. The 802.1X Summary Page opens Defining Port-Based Authentication Port Settings 802.1X System SettingClick Security 802.1X Setup. The 802.1X Setup Page opens Defining Port-Based Authentication Local Database DefiningForwarded on to the originally requested web To configure Local Database Settings AuthenticationLocal Database Setup Page contains the following fields Local Database Port Detail Local Database Port Setup Page contains the following fields User Name The name of users stored in the local database To display the users stored in the Local Database Create a User To create user entries in the Local DatabaseSummary Local Database User Modify Local Database User Remove To remove a user entry from the Local Database Connection to Encrypting Client and server establish a secure encrypted connection To configure Https settings Https//deviceportnumber Disabled Https is disabled on the device Https Download Certificate Managing Device Security Switch supports both SSH Version 1.5 and 2.0 clients Click Security SSH Host Key. The SSH Host Key Page opens To view the DSA and RSA keysSSH Host Key Page contains the following fields SSH Key Generate Must use this web page to create a public host key Filters that determine traffic classifications Defining AccessAccess Control Lists ACLs allow network managers to define Control Lists MAC Based ACL Summary Click Device ACL MAC Based ACL Setup. The MAC Based ACL To configure MAC-based ACLs Select Create ACL Add Rules to ACL Click Device ACL MAC Based ACL Remove. The MAC Based ACL To define a new MAC-based ACL rule Check Remove ACL IP Based ACL Summary Defining Access Control Lists Click Device ACL IP Based ACL Setup. The IP Based ACL Setup To configure IP-based ACLsOpens Add Rules to ACL Managing Device Security Click Device ACL IP Based ACL Remove. The IP Based ACL To create a new IP-based ACL Updated ACL Binding Summary To define ACL Binding ACL Binding Setup ACL Binding Remove To remove ACL Binding Managing Device Security For all ports SettingsTo display the storm control settings Storm Control Define the relevant fields ConfiguringTo configure Broadcast Storm Control Control Using Broadcast Storm Control Managing Device Security Information Device View Viewing System Description Configuring System Time SettingsSystem settings. The section includes the following topics Configuring the System Name Device To configure the System Name System Time Setup To configure the System Time Defining System Settings Saved to the flash memory Saving the Device To reset the device configuration Managing System Information Configuring Ports Port Administration Summary 115 Port Administration Setup To configure Port Settings 117 Click Port Administration Detail. The Port Detail Page opens 119 Configuring Ports Aggregating Ports Link Aggregation Summary Blue Displays a member of the aggregation being created To create Link Aggregation Deselected ports Summary Link Aggregation Modify Page includes the following fields To modify Link AggregationBlue Displays a member of the modified aggregation Summary Link Aggregation Remove Page includes the following fields To remove Link Aggregation Lacp Summary Lacp Modify Aggregating Ports Configuring Vlans Vlan Click Device Vlan Vlan Detail. The Vlan Detail Page opens Vlan Port Detail To create VLANs Click Device Vlan Setup. The Vlan Setup Page opensVlan Setup Page contains the following fields Create VLANs Click Device Vlan Rename. The Vlan Rename Page opens To rename VLANs Click Device Vlan Modify VLAN. The Modify Vlan Page opens To edit Vlan Settings 137 Click Device Vlan Modify Port. The Modify Port Page opens To modify Port Vlan Settings Click Device Vlan Remove. The Vlan Remove Page opens To delete VLANs Configuring Vlans Address Information To define an IP interface IP Setup Page contains the following fieldsDefining IP Addressing Configuring ARP Settings ARP Settings Summary ARP Settings Setup To configure ARP entries To remove ARP entries ARP Settings Remove Configuring ARP Settings Configuring IP and MAC Address Information To view address table settings Table Settings Port Summary Configuring Igmp Snooping Click Device Igmp Snooping Setup. The Igmp Snooping To configure Igmp Snooping Vlan Settings Configuring Igmp Snooping Configuring Spanning Tree Spanning Tree Summary 157 Spanning Tree To configure Spanning Tree Setup 159 To modify Spanning Tree Spanning Tree Port Setup Recommended STA Path Cost Range Configuring Spanning Tree Snmp version Snmp version 2c Configuring Snmp To set the operational status for Snmp Click Administration Snmp Setup. The Snmp Setup Page opens To define Snmp communities Click Administration Snmp Snmp Add. The Snmp Add Page opens Snmp Trap Community StringSnmp Add Page contains the following fields To remove Snmp communities or traps Remove Community StringRemoving Snmp Communities Remove Snmp Trap Service CoS Summary Click Device QoS CoS Summary. The CoS Summary Page opens Click Device QoS CoS Setup. The CoS Setup Page opens To configure CoS Settings Click Device QoS Queue. The Queue Setup Page opens To configure the queue mode CoS to Queue Summary With 0 representing the lowest queue and 3 as the highest To configure CoS values to queues Dscp to CoS Summary To view the Dscp to CoS mapping To map Dscp to CoS values Dscp to CoS Setup Trust Setup Page contains the following fields Click Device QoS Trust Setup. The Trust Setup Page opens Bandwidth Summary Ingress Rate Limit Egress Shaping Rates Bandwidth Setup Page contains the following fields To configure Bandwidth SettingsBe applied to the egress traffic on a specified interface Egress Shaping Rate Configuring Quality of Service Voice Vlan Summary Voice Vlan Setup To configure Voice Vlan Settings Voice Vlan is defined, and the device is Voice Vlan Port Setup To configure Voice Vlan port settings Device is updated Port Definitions To view Voice Vlan Port Detail SettingsFor specific ports Configuring Voice Vlan OUI List To view Voice Vlan OUI SettingsVoice Vlan OUI Summary Page contains the following fields Voice Vlan OUI Modify Page contains the following fields To modify Voice Vlan OUI Settings Configuring Quality of Service Managing System Files Managing System Files To backup System files Configuration Upload To restore System files Configuration Download Software Download RestoringSoftware To download the software image Managing System Files Ethernet Devices Port PoE Summary Page displays the following information Device Power Display Port Power Display Click Port PoE Setup. The Port PoE Setup Page opens To configure Port PoE Settings 203 Managing Power Over Ethernet Devices System Log Severity Levels Managing System Logs Logging Display To view Logging To define Log Parameters Logging Setup Page contains the following fields Managing System Logs Viewing Statistics Port Statistics Summary To view port statistics Port Statistics Summary Page Field Description Port Statistics Summary Page Field Description 213 Port Statistics Summary Page Field Description Managing Device Diagnostics Port mirroring is not supported for trunk ports Port Mirroring Setup To enable port mirroring Managing Device Diagnostics Port Mirroring Remove To remove port mirroring Cable Diagnostics Summary To view cables diagnostics Configuring Cable Diagnostics To test cables Diagnostics Pinging Another Using the command line interface to ping another deviceRequest packets to another node on the network Press Esc to stop pinging Supervisor 3Com Network Director Access Manager Application such as 3Com Enterprise Management Suite EMS HP OpenViewNetwork Node Manager Appendix a 3COM Network Management Physical Environmental Electrical Feature Description Switch Features Interface with Crossover Mdix SSL Appendix B Device Specifications and Features Null Modem Cable RJ-45 to RS-232 25-pin PC-AT Serial Cable 10/100 and 1000BASE-T RJ-45 connections Ethernet Port RJ-45 Pin Assignments Ethernet Port RJ-45 Pin Assignments Appendix C PIN-OUTS Troubleshooting ProblemSolutions Problems Possible Cause Solution No connection and the port LED is off Lost Password Problems Possible Cause Solution Appendix D Troubleshooting Service Dscp Access Control ListAddress Resolution Boot Protocol Appendix E Glossary Igmp Query Ieee 802.3uIeee Igmp Snooping Link Aggregation See Port Trunk Port Authentication See Ieee Secure Shell SSH RemoteRemote Monitoring Protocol Rstp Though located on the same LAN Byte blocks and error-correctedXModem TTroubleshoot Service BenefitsRegister Your Product to Gain Purchase Extended WarrantyServices Access Software Directory of 3Com resources by region at Must apply for a user name and passwordContact Us Next section 00800 4411 Contact Us Appendix F Obtaining Support for Your 3COM Products Regulatory Notices