Manuals / Brands / Computer Equipment / Switch / RuggedCom / Computer Equipment / Switch

RuggedCom RS400 1.12.3 802.1X Authentication (not supported in RS400, N/A for RMC30)

1 275

Download 275 pages, 2.77 Mb

Administration

RS400 43 ROS™ v3.5

The vendor specific attribute is used to determine the access level from the server, which may

be configured at the RADIUS server with following information:

• Vendor ID: Ruggedcom Inc. enterprise number (15004) assigned by Internet Assigned

Numbers Authority (IANA)

• Sub-attribute Format: String

• Vendor Assigned Sub-Attribute Number: 2

• Attribute value – any one of: admin, operator, guest

Note: If no access level is received in the response packet from the server then no access will be granted

to the user

Example RuggedCom Dictionary for a freeRadius server:

VENDOR RuggedCom 15004

BEGIN-VENDOR RuggedCom

ATTRIBUTE RuggedCom-Privilege-level 2 string

END-VENDOR RuggedCom

Sample entry for user “admin” Adding Users:

admin Auth-Type := Local, User-Password == "admin"

RuggedCom-Privilege-level = "admin

1.12.3 802.1X Authentication (not supported in RS400, N/A for RMC30)

RADIUS Server is also used to authenticate access on ports with 802.1X security support.

Attributes sent to RADIUS Server in RADIUS Request are:

• user name, derived from client’s EAP identity response

• NAS IP address

• service type: framed

• framed MTU:1500 (maximum size of EAP frame, which is the size of Ethernet frame)

• EAP message

• vendor specific attribute, as described above

RADIUS messages are sent as UDP messages. Switch and RADIUS server must use the same

authentication and encryption key.

Contents

Main Contacting RuggedCom Table Of Contents Page Page Page Page Page Table Of Figures Page Page Page Preface Supported Platforms Who Should Use This User Guide How Chapters are organized Document Conventions Applicable Firmware Revision Firmware/User Guide Version Numbering System 1 Administration 1.1 The ROS User Interface 1.1.1 Using the RS232 Port to Access the User Interface 1.1.2 The Structure of the User Interface 1.1.3 Making Configuration Changes 1.1.4 Updates Occur In Real Time 1.1.5 Alarm Indications Are Provided 1.1.6 The CLI Shell 1.2 The ROS Secure Shell Server 1.2.1 Using a Secure Shell to Access the User Interface 1.2.2 Using a Secure Shell to Transfer Files 1.3 The ROS Web Server Interface 1.3.1 Using a Web Browser to Access the Web Interface Page Page 1.3.2 The Structure of the Web Interface 1.3.3 Making Configuration Changes Page Page Page 1.5 IP Interfaces Page Page 1.6 IP Gateways 1.7 IP Services Page 1.8 System Identification 1.9 Passwords Page 1.10 Time and Date Page 1.11 SNMP Management 1.11.1 SNMP Users Page 1.11.2 SNMP Security to Group Maps 1.11.3 SNMP Access Page Page 1.12 RADIUS 1.12.1 RADIUS overview 1.12.2 User Login Authentication and Authorization 1.12.3 802.1X Authentication (not supported in RS400, N/A for RMC30) 1.12.4 Radius Server Configuration Page 1.13 TACACS+ 1.13.1 User Login Authentication and Authorization 1.13.2 TACACS+ Server Configuration Page 1.14 DHCP Relay Agent (N/A for RMC30) 1.15 Syslog 1.15.1 Configuring Local Syslog 1.15.2 Configuring Remote Syslog Client 1.15.3 Configuring Remote Syslog Server Page 1.16 Troubleshooting 2 Serial Protocols 2.1 Serial Protocols Overview 2.1.1 Raw Socket protocol features 2.1.2 Preemptive Raw Socket protocol features 2.1.3 Modbus protocol features 2.1.4 DNP protocol features 2.1.5 Microlok protocol features 2.1.6 WIN protocol features 2.1.7 TIN protocol features 2.2 Serial Protocols Operation 2.2.1 Serial Encapsulation Applications 2.2.1.1 Character Encapsulation (Raw Socket) 2.2.1.2 RTU Polling 2.2.1.3 Broadcast RTU Polling 2.2.1.4 Preemptive Raw Socket 2.2.1.5 Use of Port Redirectors 2.2.1.6 Message Packetization 2.2.2 Modbus Server and Client Applications 2.2.2.1 TCPModbus Performance Determinants Page 2.2.2.2 A Worked Example 2.2.2.3 Use of Turnaround Delay 2.2.3 DNP 3.0, Microlok, TIN and WIN Applications 2.2.3.1 Concept of Links 2.2.3.2 Address Learning Address Learning for TIN Address Learning for DNP 2.2.3.3 Broadcast Messages DNP Broadcast Messages TIN Broadcast Messages 2.2.4 Transport Protocols 2.2.4.1 Transport for Raw Socket 2.2.4.2 Transport for Protocols with Defined Links 2.2.4.3 Use of Differentiated Services Code Point (DSCP) 2.2.5 Force Half Duplex Mode of Operation Page Page Page 2.3.2 Raw Socket Page Page Page Page 2.3.4 Modbus Server 2.3.5 Modbus Client 2.3.6 WIN and TIN Page 2.3.7 MicroLok 2.3.8 DNP 2.3.9 Mirrored Bits Page Page Page 2.3.11 Dynamic Device Addresses 2.3.12 Links Statistics 2.3.13 Connection Statistics 2.3.14 Serial Port Statistics Page Page 2.4 Troubleshooting Page 3 Ethernet Ports 3.1 Controller Protection Through Link-Fault-Indication (LFI) Page Page Page Page Page 3.2.2 Port Rate Limiting 3.2.3 Port Mirroring Port Mirroring Limitations Page 3.2.4 Link Detection Options 3.2.5 PoE Parameters (when applicable) Page 3.2.6 EoVDSL Parameters (when applicable) Page Page 3.2.7 Port Status 3.2.8 Resetting Ports 3.3 Troubleshooting Problem One Problem Two Page 4 Ethernet Statistics 4.1 Viewing Ethernet Statistics Page Page Page Page Page Page Page 4.4 Remote Monitoring (RMON) 4.4.1 RMON History Controls Page 4.4.2 RMON History Samples Page Page 4.4.3 RMON Alarms Page Page Page 4.5 RMON Events Page 4.6 RMON Event Log Page 5 Spanning Tree 5.1 RSTP Operation 5.1.1 RSTP States and Roles State Forwarding Learning Discarding Disabled Link Down Role 5.1.2 Edge Ports 5.1.3 Point-to-Point and Multipoint Links 5.1.4 Path and Port Costs How Port Costs Are Generated STP vs. RSTP Costs 5.1.5 Bridge Diameter 5.2 MSTP Operation 5.2.1 MST Regions and Interoperability MSTI Page 5.2.2.2 Port Roles: CIST Port Roles MSTI Port Roles Boundary Ports 5.2.3 Benefits of MSTP Load Balancing Isolation of Spanning Tree Reconfiguration MSTP versus PVST Compatibility with STP and RSTP 5.2.4 Implementing MSTP on a Bridged Network 5.3 RSTP Applications 5.3.1 RSTP in Structured Wiring Configurations Design Considerations for RSTP in Structured Wiring Configurations 5.3.2 RSTP in Ring Backbone Configurations Design Considerations for RSTP in Ring Backbone Configurations 5.3.3 RSTP Port Redundancy Page 5.4.1 Bridge RSTP Parameters Page Page 5.4.2 Port RSTP Parameters Page Page 5.4.3 MST Region Identifier 5.4.4 Bridge MSTI Parameters 5.4.5 Port MSTI Parameters Page 5.5 Spanning Tree Statistics 5.5.1 Bridge RSTP Statistics Page Page Page Page 5.5.3 Bridge MSTI Statistics 5.5.4 Port MSTI Statistics Page Page 5.6 Troubleshooting Problem Three Problem Four Problem Five Problem Six Problem Seven Problem Eight Problem Nine 6 VLANs 6.1 VLAN Operation 6.1.1 VLANs and Tags 6.1.2 Tagged vs. Untagged Frames 6.1.3 Native VLAN 6.1.5 Edge and Trunk Port Types Edge Type Trunk Type 6.1.6 VLAN Ingress and Egress Rules Ingress Rules Egress Rules 6.1.7 Forbidden Ports List 6.1.8 VLAN-aware and VLAN-unaware operation modes 6.1.9 GVRP (Generic VLAN Registration Protocol) 6.1.10 QinQ (not supported in RS400 and RS8000/RS1600 families) Page 6.2 VLAN Applications 6.2.1 Traffic Domain Isolation 6.2.2 Administrative Convenience 6.2.3 Reduced Hardware 6.3 VLAN Configuration 6.3.1 Global VLAN Parameters 6.3.2 Static VLANs Page Page Page 6.3.4 VLAN Summary Explicit Implicit Dynamic 6.4 Troubleshooting Page 7 Classes of Service 7.1 CoS Operation 7.1.1 Inspection Phase 7.1.2 Forwarding Phase 7.2 CoS Configuration 7.2.1 Global CoS Parameters 7.2.2 Port CoS Parameters 7.2.3 Priority to CoS Mapping Page 7.2.4 DSCP to CoS Mapping 7.2.5 CoS Access Priorities (RS8000 and RS1600 families only) Page Page 8 Multicast Filtering 8.1 IGMP 8.1.1 Router and Host IGMP Operation 8.1.2 Switch IGMP Operation Active Mode Passive Mode IGMP Snooping Rules IGMP and RSTP 8.1.3 Combined Router and Switch IGMP Operation Multicast Router 1 P2 Switch P1 Processing Leaves 8.2 Multicast Filtering Configuration and Status 8.2.1 Configuring IGMP Parameters Page 8.2.2 Configuring Static Multicast Groups 8.2.3 Viewing IP Multicast Groups 8.3 Troubleshooting Problem Six Page 9 MAC Address Tables 9.1 Viewing MAC Addresses 9.2 Configuring MAC Address Learning Options 9.3 Configuring Static MAC Address Table Page 9.4 Purging MAC Address Table Page 10 Network Discovery 10.1 LLDP Operation Page 10.2.1 Global LLDP Parameters 10.2.2 Port LLDP Parameters 10.2.3 LLDP Global Remote Statistics 10.2.4 LLDP Neighbor Information 10.2.5 LLDP Statistics Page 11 PPP over Modem 11.1 PPP over Modem Operation 11.1.1 Remote Dial-in For Monitoring 11.1.2 Router Concentration 11.1.3 Assigning IP Addresses For PPP 11.1.4 PAP/CHAP Authentication 11.1.4.1 Users Profiles 11.1.4.2 Using PAP 11.1.4.3 Using CHAP 11.1.5 Static Routes Page 11.2.1 Modem Settings 11.2.2 PPP Control Page 11.2.3 PPP Users Page 11.2.4 PPP Statistics Page Page 11.3 Troubleshooting Page Page 12 Diagnostics 12.1 Using the Alarm System 12.1.1 Active Alarms 12.1.2 Passive Alarms 12.1.3 Alarms and the Critical Failure Relay 12.1.4 Viewing and Clearing Alarms 12.2 Viewing CPU Diagnostics Page 12.3 Viewing and Clearing the System Log 12.4 Viewing Product Information 12.5 Loading Factory Default Configuration 12.6 Resetting the Device Page 13 Using the CLI Shell 13.1 Entering and Leaving the Shell 13.2 Summary Of CLI Commands available in ROS 13.2.1 Getting Help for a Command 13.2.2 Viewing Files Listing files Viewing and Clearing Log Files 13.2.3 Pinging a Remote Device 13.2.4 Tracing Events Using the CLI Shell ROS v3.5 248 RS400 Enabling Trace Figure 176: Enabling Trace Starting Trace 13.2.5 Viewing DHCP Learned Information 13.2.6 Executing Commands Remotely Through RSH 13.2.7 Resetting the Device 14 Upgrading Firmware and Managing Configurations 14.1 Upgrading Firmware 14.1.1 Upgrading Firmware using XModem 14.1.2 Upgrading Firmware Using a TFTP Client on Your Workstation Checking Status of Download 14.1.3 Upgrading Firmware Using ROS TFTP Client 14.2 Capturing Configurations 14.2.1 Capturing Configurations with XModem 14.2.2 Capturing Configurations with TFTP 14.3 Using SQL Commands 14.3.1 Getting Started 14.3.2 Finding the Correct Table 14.3.3 Retrieving Information Retrieving a Table Retrieving Parameter from a Table Retrieving A Table with Where Clause 14.3.4 Changing Values in a Table 14.3.5 Setting Default Values in a Table 14.3.6 Using RSH and SQL Appendix A - SNMP MIB Support Standard MIBs RuggedCom proprietary MIBs Appendix B SNMP Trap Summary Appendix C List of Objects Eligible for RMON Alarms Page Page Page Page Appendix E ModBus Management Support and Memory Map Modbus Memory Map Page Page Text Cmd Uint16 Uint32 PortCmd Alarm PSStatusCmd Index