Manuals / Brands / Computer Equipment / Switch / SMC Networks / Computer Equipment / Switch

SMC Networks SMC6724L3 , S, 3-30, Configuring Local/Remote Logon Authentication

1 618

Download 618 pages, 7.54 Mb

C

ONFIGURING

THE

S

WITCH

3-30

Configuring Local/Remote Logon Authentication

Use the Authentication Settings menu to restrict management access based

on specified user names and passwords. You can manually configure access

rights on the switch, or you can use a remote access authentication server

based on the RADIUS protocol.

Remote Authentication

Dial-in User Service

(RADIUS) is a logon

authentication protocol

that uses software

running on a central

server to control access

to RADIUS-compliant

devices on the network.

An authentication server contains a database of multiple user name/

password pairs with associated privilege levels for each user that requires

management access to the switch.

Command Usage

• By default, management access is always checked against the

authentication database stored on the local switch. If a remote

authentication server is used, you must specify the authentication

sequence and the corresponding parameters for the remote

authentication protocol. Local and remote logon authentication control

management access via the console port, web browser, or Telnet.

• RADIUS uses UDP, which only offers best effort delivery. Also,

RADIUS encrypts only the password in the access-request packet from

the client to the server.

• RADIUS logon authentication assigns a specific privilege level for each

user name/password pair. The user name, password, and privilege level

must be configured on the authentication server.

• You can specify one to two authentication methods for any user to

indicate the authentication sequence. For example, if you select

Web

Telnet

RADIUS

server

console

1. Client attempts management access.

2. Switch contacts authentication server.

3. Authentication server challenges client.

4. Client responds with proper password or key.

5. Authentication server approves access.

6. Switch grants management access.

Contents

Main TigerSwitch 10/100 24-Port Layer 3 Switch Managemen t Guide Page Page Page L W IMITED v ARRANTY vi vii ONTENTS 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-1 2 Initial Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1 3 Configuring the Switch . . . . . . . . . . . . . . . . . . . . . . . . 3-1 viii ix x xi 4 Command Line Interface . . . . . . . . . . . . . . . . . . . . . . 4-1 xii xiii xiv xv xvi xvii xviii xix xx Page Page 1-1 NTRODUCTION Key Features 1-2 Description of Software Features F S 1-3 1-4 F S 1-5 1-6 F S 1-7 1-8 System Defaults D 1-9 1-10 D 1-11 Page NITIAL 2-1 ONFIGURATION Connecting to the Switch Configuration Options C 2-2 Required Connections S 2-3 C 2-4 Remote Connections Basic Configuration C 2-6 Setting Passwords Setting an IP Address C 2-7 Manual Configuration C 2-8 Dynamic Configuration C 2-9 Enabling SNMP Management Access Community Strings C 2-10 C 2-11 Trap Receivers Saving Configuration Settings C Managing System Files Page Page 3-1 3 S THE ONFIGURING Page Navigating the Web Browser Interface Page I B W 3-5 S 3-6 I B W 3-7 S 3-8 I B W 3-9 S 3-10 I B W 3-11 Basic Configuration Displaying System Information C 3-13 S 3-14 Displaying Switch Hardware/Software Versions C ASIC ONFIGURATION 3-15 Web Click System, Switch Information. S 3-16 Displaying Bridge Extension Capabilities C 3-17 Setting the Switchs IP Address S 3-18 Page Page C 3-21 S 3-22 Managing Firmware Downloading System Software from a Server C 3-23 Saving or Restoring Configuration Settings Page C 3-25 Setting the System Clock S 3-26 Configuring SNTP C 3-27 Setting the Time Zone User Authentication A 3-29 S 3-30 Configuring Local/Remote Logon Authentication A 3-31 S 3-32 Configuring 802.1x Port Authentication A 3-33 S 3-34 Displaying 802.1x Global Settings A 3-35 S 3-36 Configuring 802.1x Global Settings A 3-37 S 3-38 Configuring Port Authorization Mode A 3-39 CLI This example sets the authentication mode to enable dot1x on port 2. Displaying 802.1x Statistics This switch can display statistics for dot1x protocol exchanges for any port. Statistical Values S CLI This example displays the dot1x statistics for port 4. 3-40 C Access Control Lists Configuring Access Control Lists S 3-42 Setting the ACL Name and Type C L 3-43 Configuring a Standard IP ACL S 3-44 Configuring an Extended IP ACL C L 3-45 Page C L 3-47 Configuring a MAC ACL Page Page S 3-50 Simple Network Management Protocol Setting Community Access Strings Page S 3-52 H P Dynamic Host Configuration Protocol Configuring DHCP Relay Service Page H P C 3-55 Configuring the DHCP Server S 3-56 Enabling the Server, Setting Excluded Addresses H P C 3-57 Configuring Address Pools S 3-58 Page Page Page S 3-62 Displaying Address Bindings C Port Configuration Displaying Connection Status S 3-64 C 3-65 S THE ONFIGURING WITCH C 3-67 Configuring Interface Connections S 3-68 C 3-69 Setting Broadcast Storm Thresholds S 3-70 Configuring Port Mirroring C 3-71 Showing Port Statistics S 3-72 C 3-73 S 3-74 C 3-75 Page C 3-77 Configuring Rate Limits Page C 3-79 Trunk Configuration } S 3-80 Dynamically Configuring a Trunk } Page } S 3-82 Statically Configuring a Trunk C RUNK ONFIGURATION 3-83 Address Table Settings Page Page Spanning Tree Algorithm Configuration S 3-88 x x T C A 3-89 Displaying Global Settings S 3-90 T C A 3-91 S 3-92 Configuring Global Settings T C A 3-93 Page T C A 3-95 Displaying Interface Settings x T x C A 3-97 Page T C A 3-99 Configuring Interface Settings S 3-100 T C A 3-101 VLAN Configuration 3-103 Assigning Ports to VLANs S 3-104 3-105 S 3-106 Forwarding Tagged/Untagged Frames Page S 3-108 Displaying Current VLANs 3-109 S 3-110 Creating VLANs 3-111 Adding Static Members to VLANs (VLAN Index) S 3-112 3-113 Adding Static Members to VLANs (Port Index) Page 3-115 S 3-116 3-117 x 3-119 Configuring Uplink and Downlink Ports S 3-120 Class of Service Configuration Setting the Default Priority for Interfaces Page S 3-122 Mapping CoS Values to Egress Queues Page S 3-124 Setting the Service Weight for Traffic Classes Page Page Page S 3-128 C S 3-129 Mapping DSCP Priority S THE ONFIGURING WITCH Page S 3-132 Page S 3-134 Multicast Filtering F 3-135 IGMP Protocol S 3-136 Layer 2 IGMP (Snooping and Query) F 3-137 Configuring IGMP Snooping Parameters S 3-138 F 3-139 Displaying Interfaces Attached to a Multicast Router S 3-140 Specifying Static Interfaces for a Multicast Router Page S 3-142 Displaying Port Members of Multicast Services F 3-143 Assigning Ports to Multicast Services S ( 3-144 Layer 3 IGMP (Query used with Multicast Routing) F 3-145 Configuring IGMP Interface Parameters S 3-146 Page S 3-148 Displaying Multicast Group Information 3-149 IP Routing Overview S 3-150 Initial Configuration 3-151 IP Switching S 3-152 Routing Path Management Routing Protocols 3-153 S 3-154 Basic IP Interface Configuration 3-155 Configuring IP Routing Interfaces S 3-156 3-157 Address Resolution Protocol S 3-158 Proxy ARP 3-159 Basic ARP Configuration S 3-160 Configuring Static ARP Addresses 3-161 Displaying Dynamically Learned ARP Entries S 3-162 3-163 Displaying Local ARP Entries Page 3-165 Displaying Statistics for IP Protocols IP Statistics S 3-166 3-167 Web - Click IP, Statistics, IP. CLI - See the example on page 3-164. S 3-168 ICMP Statistics Page S 3-170 UDP Statistics 3-171 TCP Statistics Page 3-173 Displaying the Routing Table Page 3-175 Configuring the Routing Information Protocol S 3-176 Configuring General Protocol Settings 3-177 S 3-178 Specifying Network Interfaces for RIP 3-179 Configuring Network Interfaces for RIP S 3-180 3-181 S 3-182 3-183 Displaying RIP Information and Statistics S 3-184 RIP Information and Statistics Page S 3-186 Configuring the Open Shortest Path First Protocol 3-187 S 3-188 Configuring General Protocol Settings 3-189 S 3-190 3-191 S 3-192 Configuring OSPF Areas 3-193 S 3-194 3-195 S 3-196 Configuring Area Ranges (Route Summarization for ABRs) 3-197 S 3-198 Configuring OSPF Interfaces 3-199 S 3-200 3-201 Page 3-203 S 3-204 Configuring Virtual Links Page S 3-206 Configuring Network Area Addresses 3-207 S 3-208 Configuring Summary Addresses (for External AS Routes) Page S 3-210 Redistributing External Routes 3-211 S 3-212 Configuring NSSA Settings 3-213 Displaying Link State Database Information S 3-214 Page S 3-216 Displaying Information on Border Routers 3-217 Displaying Information on Neighbor Routers S 3-218 Multicast Routing R 3-219 Configuring Global Settings for Multicast Routing Displaying the Multicast Routing Table S 3-220 Page S 3-222 Configuring DVMRP R 3-223 Configuring Global DVMRP Settings S 3-224 R 3-225 Page R 3-227 Configuring DVMRP Interface Settings S 3-228 R 3-229 Displaying Neighbor Information S 3-230 Displaying the Routing Table R 3-231 Configuring PIM-DM S 3-232 Configuring Global PIM-DM Settings R 3-233 Configuring PIM-DM Interface Settings S 3-234 R 3-235 S 3-236 Displaying Interface Information R 3-237 Displaying Neighbor Information Page 4-1 CHAPTER 4 COMMAND LINE I Using the Command Line Interface Accessing the CLI Console Connection L I 4-2 Telnet Connection C Entering Commands Keywords and Arguments Page C NTERING The command show interfaces ? will display the following information: OMMANDS 4-5 Page C 4-7 Exec Commands L I 4-8 Configuration Commands C 4-9 L I 4-10 Command Line Processing G Command Groups The system commands can be broken down into the functional groups shown below L I 4-12 C 4-13 Line Commands L I 4-14 line C 4-15 login L I 4-16 password C 4-17 exec-timeout L I 4-18 password-thresh C 4-19 silent-time L I 4-20 databits C 4-21 parity Page C 4-23 stopbits show line L General Commands I 4-24 Example To show all lines, enter this command: C 4-25 enable Page C 4-27 configure show history L I 4-28 reload C 4-29 end exit Page M C Device Designation Commands 4-31 System Management Commands Page M C 4-33 username L I 4-34 enable password M C 4-35 Web Server Commands ip http port L I 4-36 ip http server M C 4-37 Event Logging Commands logging on L I 4-38 logging history M C 4-39 clear logging Page M C 4-41 Time Commands L I 4-42 sntp client M C 4-43 sntp server L I 4-44 sntp poll Page L I 4-46 clock timezone M C 4-47 System Status Commands show startup-config L I 4-48 M C 4-49 show running-config L I 4-50 show startup-config (4-47) M C 4-51 show system show users L I 4-52 show version C Flash/File Commands copy L I 4-54 C 4-55 Page C 4-57 dir L I 4-58 whichboot C 4-59 boot system L I Authentication Commands Authentication Sequence authentication login C 4-61 RADIUS Client Page C 4-63 radius-server port radius-server key Page C 4-65 radius-server timeout show radius-server L I 4-66 802.1x Port Authentication Page L I 4-68 dot1x max-req dot1x port-control C 4-69 dot1x re-authenticate dot1x re-authentication Page C 4-71 dot1x timeout tx-period L I 4-72 show dot1x C 4-73 L I 4-74 Access Control List Commands C L 4-75 L I 4-76 IP ACLs access-list ip C L 4-77 L I 4-78 permit, deny (Standard ACL) C L 4-79 permit, deny (Extended ACL) L I 4-80 C L 4-81 ip access-group Page Page L I 4-84 MAC ACLs access-list mac C L 4-85 permit, deny (MAC ACL) L I 4-86 Page Page Page L I 4-90 SNMP Commands snmp-server community 4-91 snmp-server contact Page 4-93 snmp-server host L I 4-94 snmp-server enable traps 4-95 show snmp L I 4-96 4-97 DHCP Commands DHCP Client ip dhcp client-identifier L I 4-98 ip dhcp restart client 4-99 DHCP Relay ip dhcp restart relay L I 4-100 4-101 ip dhcp relay server L I 4-102 DHCP Server 4-103 service dhcp Page 4-105 network L I 4-106 default-router 4-107 domain-name Page 4-109 next-server bootfile L I 4-110 netbios-name-server 4-111 netbios-node-type L I 4-112 lease 4-113 host L I 4-114 client-identifier 4-115 hardware-address L I 4-116 clear ip dhcp binding 4-117 show ip dhcp binding L I 4-118 Interface Commands C 4-119 interface description L I 4-120 speed-duplex C 4-121 negotiation L I 4-122 capabilities C 4-123 L I 4-124 flowcontrol C 4-125 shutdown L I 4-126 switchport broadcast packet-rate C 4-127 clear counters Page C 4-129 show interfaces counters L I 4-130 C 4-131 show interfaces switchport L I 4-132 P C Mirror Port Commands port monitor L I 4-134 show port monitor L Rate Limit Commands L I 4-136 rate-limit A Link Aggregation Commands L I 4-138 channel-group Page L I 4-140 T C Address Table Commands mac-address-table static L I 4-142 clear mac-address-table dynamic T C 4-143 show mac-address-table L I 4-144 mac-address-table aging-time Page L I 4-146 Spanning Tree Commands T C 4-147 spanning-tree L I 4-148 spanning-tree mode T C 4-149 spanning-tree forward-time Page T C 4-151 spanning-tree priority L I 4-152 spanning-tree pathcost method Page L I 4-154 spanning-tree cost T C 4-155 spanning-tree port-priority L I 4-156 spanning-tree edge-port T C 4-157 spanning-tree portfast L I 4-158 spanning-tree link-type T C 4-159 spanning-tree protocol-migration L I 4-160 show spanning-tree T C REE PANNING OMMANDS VLAN Commands Editing VLAN Groups vlan database 4-163 vlan L I Configuring VLAN Interfaces 4-164 4-165 interface vlan L I 4-166 switchport mode 4-167 switchport acceptable-frame-types L I 4-168 switchport ingress-filtering 4-169 switchport native vlan L I 4-170 switchport allowed vlan 4-171 switchport forbidden vlan L I 4-172 Displaying VLAN Information show vlan 4-173 Configuring Private VLANs pvlan L I 4-174 show pvlan GVRP GVRP and Bridge Extension Commands bridge-ext gvrp Page GVRP C E B 4-177 L I 4-178 show gvrp configuration garp timer GVRP C E B 4-179 Page C 4-181 Priority Commands Priority Commands (Layer 2) L I 4-182 switchport priority default C 4-183 queue bandwidth L I 4-184 queue cos-map C 4-185 show queue bandwidth L I 4-186 show queue cos-map C 4-187 Priority Commands (Layer 3 and 4) map ip port (Global Configuration) L I 4-188 map ip port (Interface Configuration) C 4-189 map ip precedence (Global Configuration) map ip precedence (Interface Configuration) L I 4-190 C 4-191 map ip dscp (Global Configuration) map ip dscp (Interface Configuration) L I 4-192 C 4-193 show map ip port L I 4-194 show map ip precedence C 4-195 show map ip dscp L I Multicast Filtering Commands Page L I 4-198 ip igmp snooping version F C 4-199 show ip igmp snooping L I 4-200 show mac-address-table multicast F C 4-201 IGMP Query Commands (Layer 2) ip igmp snooping querier L I 4-202 ip igmp snooping query-count Page L I 4-204 ip igmp snooping router-port-expire-time F C IGMP Commands (Layer 3) 4-205 L I 4-206 ip igmp F C 4-207 ip igmp robustval ip igmp query-interval L I 4-208 ip igmp max-resp-interval F C 4-209 ip igmp last-memb-query-interval L I 4-210 ip igmp version Page L I 4-212 clear ip igmp group F C 4-213 show ip igmp groups L I 4-214 Example The following shows the IGMP groups currently active on VLAN 1: C IP Interface Commands Basic IP Configuration L I 4-216 ip address C 4-217 L I 4-218 ip default-gateway C 4-219 show ip interface show ip redirects L I 4-220 ping C 4-221 Example Address Resolution Protocol (ARP) Related Commands interface (4-119) L I 4-222 arp C 4-223 arp-timeout clear arp-cache L I 4-224 show arp ip proxy-arp IP Routing Commands L I 4-226 Global Routing Configuration ip routing C 4-227 ip route L I 4-228 clear ip route show ip route C 4-229 show ip traffic L I 4-230 C 4-231 Routing Information Protocol (RIP) router rip L I 4-232 timers basic C 4-233 network L I 4-234 neighbor C 4-235 version L I 4-236 ip rip receive version C 4-237 ip rip send version L I 4-238 C 4-239 ip split-horizon L I 4-240 ip rip authentication key C 4-241 ip rip authentication mode L I 4-242 show rip globals show ip rip C 4-243 L I Open Shortest Path First (OSPF) 4-244 C 4-245 L I 4-246 router ospf C 4-247 router-id L I 4-248 compatible rfc1583 default-information originate C 4-249 Page C 4-251 area range L I 4-252 area default-cost C 4-253 summary-address L I 4-254 redistribute C 4-255 network area L I 4-256 C 4-257 area stub L I 4-258 area nssa C 4-259 L I 4-260 area virtual-link C 4-261 L I 4-262 C 4-263 ip ospf authentication L I 4-264 ip ospf authentication-key C 4-265 ip ospf message-digest-key Page C 4-267 ip ospf dead-interval L I 4-268 ip ospf hello-interval ip ospf priority C 4-269 ip ospf retransmit-interval L I 4-270 ip ospf transmit-delay C 4-271 show ip ospf Use this command to show basic information about the routing configuration. Command Mode Page C 4-273 show ip ospf database L I 4-274 C 4-275 The following shows output when using the asbr-summary keyword. L I The following shows output when using the external keyword. 4-276 The following shows output when using the database-summary keyword. C 4-277 L I 4-278 The following shows output when using the network keyword. C 4-279 The following shows output when using the router keyword. L I The following shows output when using the summary keyword. 4-280 C 4-281 show ip ospf interface L I 4-282 show ip ospf neighbor C 4-283 show ip ospf summary-address L I 4-284 show ip ospf virtual-links R Multicast Routing Commands L I 4-286 ip igmp snooping vlan mrouter Page L I 4-288 ip multicast-routing show ip mroute R C 4-289 L I DVMRP Multicast Routing Commands 4-290 This example lists all entries in the multicast table in summary form: R C 4-291 router dvmrp Page Page Page R C 4-295 default-gateway L I 4-296 ip dvmrp R C 4-297 ip dvmrp metric L I 4-298 clear ip dvmrp route show router dvmrp R C DMVRP routes are shown in the following example: 4-299 The default settings are shown in the following example: L I Example 4-300 show ip dvmrp neighbor R C PIM-DM Multicast Routing Commands 4-301 show ip dvmrp interface L I 4-302 router pim R C 4-303 ip pim dense-mode L I 4-304 ip pim hello-interval Page L I 4-306 ip pim join-prune-holdtime R C 4-307 ip pim graft-retry-interval Page R C 4-309 show ip pim interface show ip pim neighbor Page A PPENDIX A-1 A T ROUBLESHOOTING Page Page F P S B-2 B-3 Page G Glossary-1 LOSSARY Glossary-2 Glossary-3 Glossary-4 Glossary-5 Glossary-6 Glossary-7 Page NDEX A B C D F G H I L O P Q R S T U V