Manuals / Fujitsu / Computer Equipment / Switch

Fujitsu BX600 Security Feature, Port Based Authentication, Locked Port Support, Radius Client

Models: BX600

1 289

Download 289 pages 43.4 Kb

Page 19

Features of the IBP Module

Introduction

reference clock. The higher the stratum (where zero is the highest), the more accurate the clock.

2.1.4Security Feature

SSL

Secure Socket Layer (SSL) is an application-level protocol that enables secure transactions of data through privacy, authentication, and data integrity. It relies upon certificates and public and private keys. SSL version 3 and TLS version 1 are currently supported.

Port Based Authentication (802.1x)

Port based authentication enables authenticating system users on a per-port basis via an external server. Only authenticated and approved system users can transmit and receive data. Ports are authenticated via the Remote Authentication Dial In User Service (RADIUS) server using the Extensible Authentication Protocol (EAP).

Locked Port Support

Locked Port increases network security by limiting access on a specific port only to users with specific MAC addresses. These addresses are either manually defined or learned on that port. When a frame is seen on a locked port, and the frame source MAC address is not tied to that port, the protection mechanism is invoked.

RADIUS Client

RADIUS is a client/server-based protocol. A RADIUS server maintains a user database, which contains per-user authentication information, such as user name, password and accounting information. For more information, see "Configuring RADIUS Global Parameters".

SSH

Secure Shell (SSH) is a protocol that provides a secure, remote connection to an IBP Module. SSH version 1 and version 2 are currently supported. The SSH server feature enables an SSH client to establish a secure, encrypted connection with a IBP Module. This connection provides functionality that is similar to an inbound telnet connection. SSH uses RSA Public Key cryptography for IBP Module connections and authentication.

TACACS+

TACACS+ provides centralized security for validation of users accessing the IBP Module. TACACS+ provides a centralized user management system, while still retaining consistency with RADIUS and other authentication processes.

18	Intelligent Blade Panel Module

Image 19

Fujitsu BX600 manual Security Feature, Port Based Authentication, Locked Port Support, Radius Client

Contents

Primergy BX600 Blade Server Systems Primergy BX600 Blade Server Systems Comments… Suggestions… Corrections… Page Contents Intelligent Blade Panel Module Intelligent Blade Panel Module Intelligent Blade Panel Module Information About Boards Important NotesIndustry Canada Class a Compliance StatementsLVD Taiwan Bsmi Class a Australia AS/NZS 3548 1995 Class a Introduction Features of the IBP Module Automatic Aging for MAC Addresses Layer 2 Features Igmp SnoopingVlan Transparency Supported Features Self-Learning MAC AddressesPort Group Support Service Vlan & Service LAN SupportPort Backup Support Uplink Set SupportVarious Files of Management Operation BootP and Dhcp ClientsIBP Module Management Features Save Configuration as fileProvision Snmp Alarms and Trap LogsConfiguration File Download and Upload Command Line InterfaceRadius Client Security FeaturePort Based Authentication Locked Port SupportSystem LED Description of HardwareInternal Ports Page Primergy BX620 Primergy GbE Switch Blade 30/12 Internal Ports ListConnectivity Features and BenefitsStatus of LEDs Port LEDsManagement PerformanceNotational Conventions Target Group National and international standards Technical DataDimensions Electrical dataEnvironmental conditions Introduction to IBP Network PlanningMaking Network Connections Connecting to 1000BASE-T Devices1000BASE-T Cable Requirements Cable Testing for Existing Category 5 Cable1000BASE-T Pin Assignments Adjusting Existing Category 5 Cabling for 1000BASE-TOverview Package ContentsUnpacking the IBP Module Mount the IBP Module Connecting the IBP ModuleSelect 2 Console Redirection Switch Blade Port Default Settings Start up and Configuration the IBP ModuleUnder Properties, select VT100 for Emulation mode Configuring the TerminalBooting Device Boot Image Download Erasing the Device ConfigurationSoftware Download System Image Download Operation Code CLI Software Download Through Tftp ServerTftp Enter y. The device reboots Overview Main Menu Configurable DataNon-Configurable Data Command ButtonsView Uplink Set Information Groups AdministrationManaging Port Groups Configuring Port Group Configuration Command Buttons Viewing Port Group Information Selection Criteria Viewing Vlan Port Group Information Groups Administration Configurable Data Viewing Service LAN Information Groups Administration Configurable Data Viewing Service Vlan Information Groups Administration Managing Port Backup Configuring Port Backup Configuration Viewing Port Backup Status Groups Administration Panel Settings Menu Panel Settings Menu Viewing Panel Description Page Configurable Data Terminal interface via the EIA-232 port Configuring Inband AdministrationPanel Settings Menu Configuring Telnet Session Page Configurable Data Panel Settings Menu Configuring Serial Port Page Configurable Data Selection Criteria Panel Settings Menu Configuring Dhcp Client-identifier Defining Dhcp Client Configuring Dhcp RestartDefining Snmp Configuring Snmp Community Configuration Configuring Snmp Trap Receiver Configuration Viewing Snmp supported MIBs Panel Settings Menu Panel Settings Menu Viewing Sntp Global Status Non-Configurable Data Configuring Sntp Server Configuration Configurable Data Unknown IPV4 Viewing Sntp Server Status Non-Configurable DataPanel Settings Menu Configurable Data Panel Settings Menu Refresh Refresh the configuration value again Reset All Configuration to Defaults Page Command Buttons Managing System Utilities Panel Reset Command ButtonsReset the Passwords to Defaults Page Command Buttons Configurable Data Uploading Specific Files from Panel Removing Specific File Defining Ping Function Copying Running Configuration to PanelSubmit This will initiate the ping Security Menu Viewing Radius Statistics Page Non-Configurable Data Viewing Radius Server Statistics Page Selection Criteria Security Menu Security Menu Resetting All Radius Statistics Page Command Buttons Configurable Data Security Menu Non-Configurable Data Security Menu Viewing Buffered Log Extended Configuration MenuConfiguring Command Logger Page Configurable Data Viewing Event Log Configuring Console LogConfiguring Hosts configuration Page Configurable Data Configuring syslog configuration Page Configurable Data Extended Configuration Menu Viewing Login Session Page Non-Configurable Data 107 Intelligent Blade Panel Module 108 Intelligent Blade Panel Module 109 Intelligent Blade Panel Module 110 Intelligent Blade Panel Module 111 112 Intelligent Blade Panel Module 113 Intelligent Blade Panel Module Extended Configuration Menu Extended Configuration Menu Viewing Each Port Summary Statistics Page Selection Criteria 117 Intelligent Blade Panel Module 118 Intelligent Blade Panel Module 119 Intelligent Blade Panel Module 120 Intelligent Blade Panel Module Viewing Access Control Summary Page Non-Configurable Data 122 Intelligent Blade Panel Module 123 Intelligent Blade Panel Module Defining Access Control User Login Page Selection Criteria Defining Each Port Access Privileges Page Selection Criteria Extended Configuration Menu Managing IP Filter IP Filter Configuration 128 Intelligent Blade Panel Module Defining User Login 130 Intelligent Blade Panel Module Example Clear port-group CLI Command FormatCommand Example Ip address ipaddr netmask vlan-idParameters 2CLI Mode-based TopologyValues Annotations ConventionsNetwork Address Syntax Address Type Format Range IPAddr MacAddrSystem Information and Statistics commands Show eventlog Show running-configShow sysinfo Show running-config all scriptnameSystem Information Show systemShow hardware Show version Show loginsession Interface Show interface status 4Device Configuration CommandsShow interface status slot/port all Show interface slot/port Show interfaceShow interface counters 142 Intelligent Blade Panel Module Show interface counters detailed slot/port switchport Total Packets Received with MAC Errors Total Packets Received Without ErrorsTotal Packets Transmitted Octets Total Packets Transmitted Successfully Total Transmit ErrorsTotal Transmited Packets Discards 146 Intelligent Blade Panel Module Show interface IBP Show interface switchInterface range InterfaceFull duplex Full duplex half duplex Half duplex Speed-duplexSpeed-duplex 10 100 full-duplex half-duplex Speed-duplex all 10 100 full-duplex half-duplexNegotiate no negotiate NegotiateNegotiate all no negotiate all Capabilities Storm-control flowcontrol DescriptionStorm-control flowcontrol no storm-control flowcontrol Syntax Show mac-addr-table macaddr all Show mac-address-table igmpsnooping Show mac-address-table multicast macaddr vlanid all Show mac-address-table multicastShow mac-address-table agetime Show mac-address-table stats Default SettingShow mac-address-table agetime Default Setting Show mac-address-table statsMac-address-table aging-time Igmp Snooping Show Commands Show igmp snoopingLacp uplinkSetName no lacp uplinkSetName Configuration Commands IgmpsnoopingIgmpsnooping uplinkSetName no igmpsnooping uplinkSetName Port Channel LacpShow lacp Uplink Sets Show CommandsUplink-set uplinkSetName no uplink-set uplinkSetName Configuration Commands Uplink-setPort Group Port-group portGroupName no port-group portGroupName Configuration Commands Port-groupPort Backup Show Commands Port-backup no port-backup Configuration Commands Port-backupPort-backup uplinkSetName no port-backup uplinkSetName Default Setting Command ModeConfiguration Commands Linkstate Link State Show CommandsLinkstate uplinkSetName no linkstate uplinkSetName Vlan Port Groups Show CommandsShow vlan-group vlanGroupName Vlan-group vlanGroupName no vlan-group vlanGroupName Configuration Commands Vlan-group167 Intelligent Blade Panel Module Configuration Commands Svc-lan Service LAN Show CommandsSvc-lan svcLanName no svc-lan svcLanName Configuration Commands Svc-vlan Service Vlan Show CommandsSvc-vlan svcVlanName no svc-vlan svcVlanName Network Commands Show ip interface Management CommandsShow ip redirects 1.4 mtu Show ip filterMtu 1518-9216 no mtu Ip address Command UsageIp default-gateway Ip default-gateway gateway no ip default-gatewayIp address protocol Ip address protocol bootp dhcp vlanID noneIp address mgmt-vlan Ip filter no ip filter Ip filterIp filter ipaddr no ip filter ipaddr Serial Interface Commands Show line consoleBaudrate Line consolePassword-threshold Exec-timeoutPassword-threshold 0-120 no password-threshold Silent-time Telnet Session CommandsTelnet host port debug line echo Line vty Show line vtyExec-timeout 1-160 no exec-timeout Maxsessions 0-5 no maxsessions MaxsessionsSessions Telnet maxsessions Sessions no sessionsTelnet sessions Telnet sessions no telnet sessionsTelnet exec-timeout 1-160 no telnet exec-timeout Telnet exec-timeoutTelnet maxsessions 0-5 no maxsessions Show telnet Snmp Server Commands Show snmpShow trapflags Syntax Snmp-server location loc Snmp-server sysnameSnmp-server sysname name Snmp-server locationSnmp-server community Snmp-server contactSnmp-server community name no snmp-server community name 190 Intelligent Blade Panel Module Snmp-server community ro rw name Snmp-server host Snmp-server enable trapsSnmp-server host ipaddr name no snmp-server host name No This command disables Multiple User trap Snmp Trap Commands Show snmptrap Snmp trap link-status no snmp trap link-status Snmp trap link-statusSnmp trap link-status all no snmp trap link-status all Snmptrap name ipaddr no snmptrap name ipaddr Snmptrap name ipaddrSnmptrap ipaddr Snmptrap ipaddr name ipaddr ipaddrnew Snmptrap modeSnmptrap mode name ipaddr no snmptrap mode name ipaddr Http commands Show ip httpIp javamode no ip javamode Ip javamodeIp http server no ip http server Ip http portIp http port 1-65535 no ip http port Ip http serverIp http secure-server no ip http secure-server Ip http secure-portIp http secure-port portid no ip http secure-port Ip http secure-serverIp http secure-protocol Secure Shell SSH Commands Show ip sshIp ssh no ip ssh Ip sshIp ssh protocol Ip ssh maxsessions Ip ssh timeoutIp ssh maxsessions 0-5 no ip ssh maxsessions Dhcp Client Commands Ip dhcp restart Ip ssh timeout 1-160 no ip ssh timeoutIp dhcp client-identifier System Burned In MAC Address Lockmessage Lock CommandsLockmessage messagestring default Lock lockidentifier Exclusive no lock lockidentifierALLShow lock LockresetShow Commands Show logging System Log Management CommandsShow logging buffered Show logging traplogs Show logging traplogShow logging hosts Display Message Index used for deleting Configuration Commands Logging bufferedLogging buffered no logging buffered Logging console Logging buffered wrap no logging buffered wrapLogging console severitylevel 0-7 no logging console Logging host hostaddress port severitylevel Logging hostLogging syslog Logging host reconfigure hostindex hostaddressLogging syslog no logging syslog Clear logging buffered Logging syslog port portid no logging syslog portScript delete Script Management CommandsScript apply Script apply scriptnameScript show Script listScript show scriptname Show Commands Show users User Account Management CommandsConfiguration Commands Username Username snmpv3 authentication Username username password nopassword no username usernameUsername snmpv3 encryption Show Commands Show users authentication Security CommandsShow authentication Show dot1x Show authentication usersShow dot1x detail Show dot1x statistics slot/port Show dot1x statisticsShow dot1x summary slot/port all Show dot1x summaryShow dot1x users Show radius-servers Secret Configured Yes / NoShow radius Show radius accounting statistics ipaddr Radius Accounting Mode Enabled or disabledShow radius statistics Secret Configured Yes or NoShow radius statistics ipaddr Show tacacs Show port-security Show port-security dynamic slot/port Configuration Commands Authentication login Possible method values are local, radius, reject, and tacacs Username defaultloginUsername login user listname Username login3.2 dot1x default-login 3 Dot1x Configuration Commands 3.1 dot1x initializeDot1x system-auth-control no dot1x system-auth-control 3.3 dot1x loginDot1x login user listname 3.4 dot1x system-auth-control3.6 dot1x port-control 3.5 dot1x user3.7 dot1x max-req Dot1x max-req 1-10 no dot1x max-req 3.8 dot1x re-authenticationDot1x re-authentication no dot1x re-authentication 3.9 dot1x re-reauthenticate3.10 dot1x timeout Radius accounting mode no radius accounting mode Radius Configuration Commands Radius accounting modeRadius-sever key Radius-server hostRetries the maximum number of times Range 1 Radius-server retransmitRadius-server timeout seconds no radius-server timeout Radius-server timeoutRadius-server msgauth Radius-server primary Tacacs Configuration CommandsTacacs no tacacs Tacacs server-ip 1-3 ipaddr no tacacs server-ip Tacacs modeTacacs mode 1-3 master slave no tacacs mode Tacacs server-ipTacacs key 1-3 no tacacs key Tacacs portTacacs port 1-3 1-65535 no tacacs port Tacacs keyTacacs retry 1-3 1-9 no tacacs retry Tacacs timeoutTacacs timeout 1-3 1-255 no tacacs timeout Tacacs retryPort-security no port-security Default Setting Port Security Configuration Commands Port-securityPort-security max-dynamic Port-security max-static 0-20 no port-security max-static Port-security max-staticPort-security mac-address Syntax Port-security mac-address move Default SettingPort-security mac-address move Show Commands Show sntp Sntp CommandsShow sntp client Configuration Commands Sntp client mode broadcast unicast no sntp client mode Sntp client modeSntp broadcast client poll-interval Sntp client port portid 6-10 no sntp client port Sntp client portSntp unicast client poll-interval Sntp unicast client poll-retry Sntp unicast client poll-timeoutSntp clock timezone Sntp serverClear Clear arp System Utilities10.2.9 Sntp clock timezone name 0-12 0-59 before-utc after-utcClear eventlog Clear traplogClear pass Clear configClear counters slot/port all Syntax Clear mac-addr-table dynamic Default SettingClear mac address table Clear countersClear igmp snooping Enable passwdClear dot1x statistics Clear ip filterClear dot1x statistics all slot/port Clear tacacs Clear radius statisticsCopy Privileged Exec Files download from PC to board Syntax Copy running-config startup-config filename Delete Copy clibanner url copy url clibanner no clibanner11.4 dir Display Message Column Heading Description Dir boot-rom config opcode filenameWhichboot Boot-systemPing Boot-system boot-rom config opcode filenameTraceroute Calendar set mm/dd/yy hhmmss Logging cli-commandSyntax Logging cli-command Default Setting Calendar setDisconnect 0-10 all ConfigureReload DisconnectQuit Promptstring Prompt string Default SettingHostname Hostname promptstringIp dhcp client-identifier text text hex hex Dhcp CommandsUsing Snmp Standard MIBs are listed in the following table Supported MIBsPrivate enterprise MIB is listed below RFC 2233 IF-MIB Accessing MIB ObjectsAccessing MIB ObjectsUsing Snmp 279 Intelligent Blade Panel Module Snmp traps supported include the following items Supported TrapsOverview system default settings Default SettingsSSL Default settings for all the configuration commandsPage In-band Administration SSH DSA Key SSH RSA1 Key SSH RSA2 Key Diagnosing IBP Indicators Troubleshooting and TipsSymptom Action Accessing the Management InterfaceInformation on this document