SMC Networks 10/100/1000 SMCGS8P-Smart 2-17

S

ECURITY

2-17

• RADIUS uses UDP while TACACS+ uses TCP. UDP only offers

best effort delivery, while TCP offers a connection-oriented

transport. Also, note that RADIUS encrypts only the password

in the access-request packet from the client to the server, while

TACACS+ encrypts the entire body of the packet.

• RADIUS and TACACS+ logon authentication control

management access via the console port, Web browser, or

Telnet.

• RADIUS and TACACS+ logon authentication assign a specific

privilege level for each user name/password pair. The user

name, password, and privilege level must be configured on the

authentication server.

• You can specify up to three authentication methods for any

user to indicate the authentication sequence. For example, if

you select (1) RADIUS, (2) TACACS and (3) Local, the user

name and password on the RADIUS server is verified first. If the

RADIUS server is not available, then authentication is attempted

using the TACACS+ server, and finally the local user name and

password is checked.

b_mgmt.book Page 17 Tuesday, July 8, 2003 5:24 PM

Contents

Main TigerSwitch 10/100/1000 Gigabit Ethernet Switch Managemen t Guide Page Page Page L W IMITED v ARRANTY W IMITED ARRANTY vi vii ONTENTS 1 Switch Management 1-1 2 Configuring the Switch 2-1 viii ix 3 Command Line Interface 3-1 x xi xii xiii Page 1-1 1 S M WITCH ANAGEMENT Connecting to the Switch M 1-2 Page M 1-4 Remote Connections C 1-5 Basic Configuration Console Connection M 1-6 Setting Passwords C 1-7 Setting an IP Address M 1-8 C 1-9 M 1-10 Enabling SNMP Management Access C 1-11 M 1-12 Saving Configuration Settings S F Managing System Files M 1-14 System Defaults D 1-15 M 1-16 D 1-17 Page 2-1 2 S THE ONFIGURING Navigating the Web Browser Interface Page S 2-4 Panel Display M 2-5 Main Menu S 2-6 M 2-7 S 2-8 Basic Configuration Displaying System Information C 2-9 Page C 2-11 Setting the IP Address S 2-12 C 2-13 Manual Configuration Using DHCP/BOOTP Security Configuring the Logon Password 2-15 S 2-16 Configuring RADIUS/TACACS+ Logon Authentication 2-17 S 2-18 2-19 Page 2-21 Configuring HTTPS S 2-22 2-23 Replacing the Default Secure-site Certificate S 2-24 Configuring SSH ECURITY 2-25 CLI Enter the following commands to configure the SSH service. S 2-26 Managing Firmware Downloading System Software from a Server Page S 2-28 Saving or Restoring Configuration Settings F 2-29 Page F 2-31 Displaying Bridge Extension Capabilities Page F ANAGING IRMWARE 2-33 Web Click System, Bridge Extension. Page F ANAGING IRMWARE 2-35 Web Click System, Switch Information. Port Configuration C ORT ONFIGURATION 2-37 CLI This example shows the connection status for Port 13. S 2-38 Configuring Interface Connections C 2-39 Page C 2-41 Setting Broadcast Storm Thresholds Page Page S 2-44 Configuring Port Security C 2-45 Port Security Action S 2-46 Port Security Configuration Address Table Settings Page Page Page Spanning Tree Protocol Configuration S 2-52 T C P 2-53 STP Information S 2-54 Page S THE ONFIGURING WITCH T C P 2-57 STP Configuration S 2-58 T C P 2-59 Page T C P 2-61 STP Port and Trunk Information S 2-62 T C P 2-63 Page T C P 2-65 STP Port and Trunk Configuration S 2-66 T C P 2-67 S 2-68 Page S 2-70 VLAN Configuration 2-71 Assigning Ports to VLANs S 2-72 2-73 Forwarding Tagged/Untagged Frames S 2-74 Displaying Basic VLAN Information 2-75 Displaying Current VLANs Command Attributes for Web Interface Page 2-77 Creating VLANs S 2-78 2-79 Adding Interfaces Based on Membership Type S 2-80 2-81 Page 2-83 Configuring VLAN Behavior for Interfaces S 2-84 2-85 Page Class of Service Configuration Page Page Page C S 2-91 Page C S 2-93 Mapping Layer 3/4 Priorities to CoS Values Page Page Page C S 2-97 Mapping DSCP Priority Page Page S 2-100 Port Trunk Configuration T C 2-101 Page Page S 2-104 Statically Configuring a Trunk Page S 2-106 Configuring SNMP Page Page Page Page SNMP 2-111 Page C 2-113 Multicast Configuration Configuring IGMP Parameters S 2-114 C 2-115 S THE ONFIGURING WITCH Page S 2-118 Specifying Interfaces Attached to a Multicast Router C 2-119 Displaying Port Members of Multicast Services Command Attribute Page C 2-121 Adding Multicast Addresses to VLANs Command Attribute Showing Device Statistics D S 2-123 Statistical Values S 2-124 D S 2-125 S 2-126 Page Page 801.1X P A ORT UTHENTICATION 801.1X Port Authentication S 2-130 801.1X P A 2-131 802.1x Port Configuration S 2-132 Page S 2-134 802.1x Statistics The 802.1x protocol includes statistics for 802.1x protocol exchanges for any port. Page Page 3-1 3 I INE L OMMAND L I 3-2 Telnet Connection Page Entering Commands Page L I 3-6 The command show interfaces ? will display the following information: Partial Keyword Lookup Page L I 3-8 Exec Commands E C 3-9 Configuration Commands L I 3-10 Command Line Processing Page L I 3-12 Command Groups The system commands can be broken down into the functional groups shown be low G 3-13 L I 3-14 General Commands enable C 3-15 disable L I 3-16 configure C 3-17 show history Page C 3-19 exit quit L Flash/File Commands C 3-21 copy L I 3-22 C 3-23 delete L I 3-24 dir C 3-25 whichboot L I 3-26 boot system M System Management Commands L I 3-28 M C 3-29 hostname L I 3-30 username M C 3-31 enable password L I 3-32 jumbo frame M C 3-33 ip http port L I 3-34 ip http server M C 3-35 ip http secure-server L I 3-36 ip http secure-port M C 3-37 ip ssh L I 3-38 ip ssh server M C 3-39 disconnect ssh Page M C 3-41 logging on L I 3-42 logging history M C 3-43 Page Page L I 3-46 Messages sent include the selected level up through level 0. Default Setting Level 3 - 0 Command Mode Global Configuration Example M C 3-47 clear logging show logging L I 3-48 show startup-config M C 3-49 L I 3-50 Example Related Commands show running-config (3-51) M C 3-51 show running-config L I 3-52 show system M C 3-53 show users L I 3-54 show version C Authentication Commands L I 3-56 authentication login C 3-57 Page C 3-59 radius-server key L I 3-60 radius-server retransmit radius-server timeout C 3-61 show radius-server tacacs-server host L I 3-62 tacacs-server port Page L I 3-64 Example SNMP Commands 3-65 snmp-server community Page 3-67 snmp-server host L I 3-68 3-69 snmp-server enable traps L I 3-70 snmp ip filter 3-71 show snmp L I 3-72 3-73 IP Commands L I 3-74 ip address 3-75 ip dhcp restart L I 3-76 ip default-gateway 3-77 show ip interface Page 3-79 L I 3-80 Line Commands C 3-81 line L I 3-82 login C 3-83 password L I 3-84 exec-timeout C 3-85 password-thresh L I 3-86 silent-time C 3-87 databits L I 3-88 parity C 3-89 speed Page C 3-91 Interface Commands L I 3-92 interface C 3-93 description L I 3-94 speed-duplex C 3-95 negotiation L I 3-96 capabilities C 3-97 flowcontrol L I 3-98 C 3-99 shutdown L I 3-100 switchport broadcast C 3-101 port security L I 3-102 clear counters C 3-103 show interfaces status L I 3-104 show interfaces counters C 3-105 L I 3-106 show interfaces switchport T Address Table Commands L I 3-108 mac-address-table static T C 3-109 show mac-address-table L I 3-110 Page Page T C 3-113 Spanning Tree Commands L I 3-114 spanning-tree T C 3-115 spanning-tree mode L I 3-116 spanning-tree forward-time T C 3-117 spanning-tree hello-time L I 3-118 spanning-tree max-age T C 3-119 spanning-tree priority L I 3-120 spanning-tree pathcost method Page L I 3-122 spanning-tree cost T C 3-123 spanning-tree port-priority L I 3-124 spanning-tree portfast T C 3-125 spanning-tree edge-port L I 3-126 spanning-tree protocol-migration T C 3-127 spanning-tree link-type L I 3-128 show spanning-tree T C REE PANNING OMMANDS VLAN Commands 3-131 vlan database L I 3-132 vlan 3-133 interface vlan L I 3-134 switchport mode 3-135 switchport acceptable-frame-types L I 3-136 switchport ingress-filtering 3-137 switchport native vlan L I 3-138 switchport allowed vlan 3-139 switchport forbidden vlan L I 3-140 show vlan GVRP GVRP and Bridge Extension Commands L I 3-142 switchport gvrp Page L I 3-144 garp timer Page L I 3-146 bridge-ext gvrp Page L I 3-148 IGMP Snooping Commands C 3-149 ip igmp snooping L I 3-150 ip igmp snooping vlan static C 3-151 ip igmp snooping version L I 3-152 show ip igmp snooping show mac-address-table multicast C 3-153 ip igmp snooping querier L I 3-154 ip igmp snooping query-count C 3-155 ip igmp snooping query-interval L I 3-156 ip igmp snooping query-max-response-time C 3-157 ip igmp snooping router-port-expire-time L I 3-158 ip igmp snooping vlan mrouter C 3-159 show ip igmp snooping mrouter L I Priority Commands C 3-161 switchport priority default L I 3-162 queue bandwidth C 3-163 queue cos-map L I 3-164 C 3-165 show queue bandwidth L I 3-166 show queue cos-map map ip precedence (Global Configuration) C 3-167 map ip precedence (Interface Configuration) L I 3-168 C 3-169 map ip dscp (Global Configuration) L I 3-170 map ip dscp (Interface Configuration) C 3-171 show map ip precedence L I 3-172 show map ip dscp C 3-173 L I 3-174 Mirror Port Commands port monitor P C 3-175 show port monitor L I 3-176 T C Port Trunking Commands L I 3-178 channel-group T C 3-179 lacp L I 3-180 A PPENDIX A-1 A T ROUBLESHOOTING A-2 Page U P S F B-3 Page G Glossary-1 LOSSARY Glossary-2 Glossary-3 Glossary-4 Glossary-5 Glossary-6 Glossary-7 Page I NDEX Index-2 P R S T U