Https | SMC Networks TigerSwitch 100 guide

SECURITY

CLI Commands

CLI – Specify all the required parameters to enable logon authentication.

Console(config)#authentication login radius	3-51
Console(config)#radius-server host 192.168.1.25	3-52
Console(config)#radius-server port 181	3-53
Console(config)#radius-server key green	3-53
Console(config)#radius-server retransmit 5	3-54
Console(config)#radius-server timeout 10	3-55
Console#show radius-server	3-55
Server IP address: 192.168.1.25
Communication key with radius server: green
Server port number: 181
Retransmit times: 5
Request timeout: 10
Console(config)#authentication login tacacs	3-51
Console(config)#tacacs-server host 10.20.30.40	3-56
Console(config)#tacacs-server port 200	3-56
Console(config)#tacacs-server key green	3-57
Console#show tacacs-server	3-57
Server IP address: 10.20.30.40
Communication key with tacacs server: green
Server port number: 200
Console(config)#

HTTPS

You can configure the switch to enable the Secure Hypertext Transfer Protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an encrypted connection) to the switch’s Web interface.

Both the HTTP and HTTPS service can be enabled independently on the switch. However, you cannot configure the HTTP and HTTPS servers to use the same UDP port. If you change the HTTPS port number, clients attempting to connect to the HTTPS server must specify the port number in the URL, in this format: https://device:port_number.

Note: If you enable HTTPS, you must indicate this in the URL. For example: https://device [:port_number]

2-19

Image 49

SMC Networks TigerSwitch 100 manual Https

Contents

TigerSwitch 10/100/1000 Page TigerSwitch 10/100/1000 Management Guide Trademarks Limited Warranty Limited Warranty Contents Viii Command Line Interface Contents Contents Xii Xiii Xiv Glossary Index Configuration Options Connecting to the Switch Switch Management Required Connections Remote Connections Setting Passwords Basic ConfigurationConsole Connection Setting an IP Address Manual Configuration Dynamic Configuration Enabling Snmp Management Access Community Strings Trap Receivers Saving Configuration Settings Managing System Files Function Parameter Default System Defaults Function Parameter Default Pvid Switch Management Using the Web Interface Configuring the Switch Home Navigating the Web Browser Interface Button Action Panel Display Menu Description Main Menu Menu Description Snmp Displaying System Information Command Attributes CLI Only CLI Specify the hostname, location and contact information Setting the IP Address Basic Configuration Manual Configuration Security Configuring the Logon Password Command Attributes Command Usage Configuring RADIUS/TACACS Logon Authentication Command Attributes Radius Settings Configuring the Switch Https Https SSH Managing Firmware Downloading System Software from a Server Saving or Restoring Configuration Settings Managing Firmware Copying the Running Configuration to a File Displaying Bridge Extension Capabilities Configuring the Switch 137 Main Board Displaying Switch Hardware/Software VersionsManagement Software Displaying Switch HARDWARE/SOFTWARE Versions Displaying Connection Status Port Configuration Port Configuration Configuring Interface Connections Port Configuration Command Attributes Setting Broadcast Storm Thresholds Port Configuration Configuring Port Mirroring Port Configuration Configuring Port Security Port Security Action Setting Static Addresses Address Table Settings Displaying the Address Table 102 Changing the Aging Time Spanning Tree Protocol Configuration Spanning Tree Protocol Configuration STP Information Spanning Tree Protocol Configuration CLI only CLI This example shows the current Spanning Tree settings Command Usage STP Configuration Spanning Tree Protocol Configuration Configuring the Switch 107 STP Port and Trunk Information Spanning Tree Protocol Configuration Configuring the Switch Spanning Tree Protocol Configuration STP Port and Trunk Configuration Spanning Tree Protocol Configuration Configuring the Switch Vlan Configuration Assigning Ports to VLANs Vlan Configuration Forwarding Tagged/Untagged Frames Displaying Basic Vlan Information Displaying Current VLANs Command Attributes for Web Interface Command Attributes for CLI Interface 131 Creating VLANs 122 Adding Interfaces Based on Membership Type Vlan Configuration 129 Adding Interfaces Based on Static Membership Configuring Vlan Behavior for Interfaces Command Usage Vlan Configuration Configuring the Switch Setting the Default Priority for Interfaces Class of Service Configuration Mapping CoS Values to Egress Queues Queue 155 Setting the Service Weight for Traffic Classes Selecting IP Precedence/DSCP Priority Mapping Layer 3/4 Priorities to CoS Values Mapping IP Precedence Flash Override Class of Service Configuration Mapping Dscp Priority 38, 40 Port Trunk Configuration Port Trunk Configuration Dynamically Configuring a Trunk with Lacp Port Trunk Configuration 168 Statically Configuring a Trunk Port Trunk Configuration 167 Configuring Snmp Access Mode Setting Community Access Strings Specifying Trap Managers Snmp IP Filtering Command Attributes Multicast Configuration 100 Configuring Igmp Parameters 101 102 103 Interfaces Attached to a Multicast Router Specifying Interfaces Attached to a Multicast Router 104 105 Displaying Port Members of Multicast Services 106 107 Adding Multicast Addresses to VLANs 108 Showing Device Statistics Statistical Values 109 Parameter Description 110 Rmon Statistics 111 112 113 CLI This example shows statistics for port 114 Accessing the CLI Using the Command Line Interface Telnet Connection Keywords and Arguments Entering Commands Getting Help on Commands Command CompletionMinimum Abbreviation Showing Commands Using Command History Negating the Effect of CommandsUnderstanding Command Modes Partial Keyword Lookup Exec Commands Configuration Commands Keystroke Function Command Line Processing Command Description Group Command Groups 150 Enable General CommandsSyntax Enable level Default Setting Related Commands DisableExample Configure Show history End Reload Quit Exit Copy Flash/File Commands FLASH/FILE Commands Following example shows how to download a configuration file Syntax Delete Dir Syntax Dir boot-rom config opcode filename Following example shows how to display all file information Whichboot Syntax Boot system boot-romconfig opcode filename Boot system Command Function Mode System Management Commands Event Logging Commands Username HostnameSyntax Hostname name no hostname Username Access-level Password Guest Admin Enable password Jumbo frame Syntax Jumbo frame no jumbo frame Default Setting Syntax Ip http server no ip http server Default Setting Default Setting Command ModeIp http port Ip http server Ip http secure-server Syntax Ip http secure-port portnumber no ip http secure-port Ip http secure-port Ip ssh Ip ssh server Syntax Ip ssh server no ip ssh server Default Setting Syntax Disconnect ssh connection-id Disconnect ssh Show ip ssh Show ssh Logging on Syntax Logging on no logging on Default Setting Level Argument Description Syslog Definition Logging history Logging host Syntax Logging facility type no logging facility type Logging facility Syntax Logging trap level no logging trap level Logging trap Show logging Clear loggingSyntax Clear logging flash ram Syntax Show logging flash ram trap Show startup-config Command Mode Show running-config Show system Show users Show version Authentication Commands TACACS+ Client Authentication login Radius-server host Radius-server key Radius-server portSyntax Radius-server port portnumber no radius-server port Syntax Radius-server key keystring no radius-server key Radius-server retransmit Show radius-server Radius-server timeout Tacacs-server port Tacacs-server hostSyntax Tacacs-server port portnumber no tacacs-server port Show tacacs-server Tacacs-server keySyntax Tacacs-server key keystring no tacacs-server key Snmp-server community Snmp Commands Snmp Commands Snmp-server location Snmp-server contactSyntax Snmp-server contact string no snmp-server contact Syntax Snmp-server location text no snmp-server location Snmp-server host Host Address None Snmp Version Snmp-server enable traps Snmp ip filter Show snmp Example Ip address IP Commands Dhcp Obtains IP address from Dhcp Ip dhcp restart Syntax Ip default-gateway gateway no ip default-gateway Ip default-gatewayShow ip interface Show ip redirects Syntax Ping host count countsize size Ping Line Commands Syntax Line console vty Line Syntax Login local no login Login Syntax Password 0 7 password no password Password Syntax Exec-timeout seconds no exec-timeout Exec-timeout Syntax Password-thresh threshold no password-thresh Password-thresh Syntax Silent-time seconds no silent-time Silent-time Syntax Databits 7 8 no databits Databits Syntax Parity none even odd no parity Parity Syntax Speed bps no speed Speed Show line StopbitsSyntax Stopbits 1 Syntax Show line console vty To show all lines, enter this command Interface Commands Ethernet unit/port InterfacePort-channel channel-idRange Speed-duplex DescriptionSyntax Description string no description Negotiation Capabilities Negotiation Syntax Negotiation no negotiation Default Setting Capabilities Default Setting Flowcontrol Syntax Flowcontrol no flowcontrol Default Setting Syntax Shutdown no shutdown Shutdown Switchport broadcast Port security Clear counters Show interfaces status Port-channel channel-idRange Default SettingSyntax Clear counters interface Syntax Show interfaces status interface Port-channel channel-idRange Syntax Show interfaces counters interface Show interfaces counters Syntax Show interfaces switchport interface Show interfaces switchport Shows all interfaces Mac-address-table static Address Table Commands Action Show mac-address-table Mac-address-table aging-time Clear mac-address-table dynamic Show mac-address-table aging-time Command Function Spanning Tree Commands Spanning-tree Syntax Spanning-tree no spanning-tree Default Setting Syntax Spanning-tree mode stp rstp no spanning-tree mode Spanning-tree mode Spanning-tree forward-time Spanning-tree max-age Spanning-tree hello-time Spanning-tree priority Spanning-tree pathcost method Spanning-tree transmission-limit Syntax Spanning-tree cost cost no spanning-tree cost Spanning-tree cost Spanning-tree port-priority 115 Spanning-tree portfast 116 Spanning-tree edge-port Spanning-tree protocol-migration Port-channel channel-idRange Command Mode117 Syntax Spanning-tree protocol-migration interface 118 Spanning-tree link-type 119 Show spanning-treeSyntax Show spanning-tree interface 120 121 Vlan Commands 122 Vlan database 123 Vlan 124 Interface vlanSyntax Interface vlan vlan-id Syntax Switchport mode trunk hybrid no switchport mode Switchport mode125 126 Switchport acceptable-frame-types 127 Switchport ingress-filtering 128 Switchport native vlan 129 Switchport allowed vlan 130 Switchport forbidden vlan 131 Show vlanSyntax Show vlan id vlan-idname vlan-name Switchport gvrp Gvrp and Bridge Extension CommandsSyntax Switchport gvrp no switchport gvrp 132 Syntax Show gvrp configuration interface Show gvrp configuration133 134 Garp timer Syntax Show garp timer interface Show garp timer135 Bridge-ext gvrp Syntax Bridge-ext gvrp no bridge-ext gvrp Default Setting136 137 Show bridge-ext 138 Igmp Snooping Commands Ip igmp snooping Syntax Ip igmp snooping no ip igmp snooping Default Setting139 140 Ip igmp snooping vlan static Show ip igmp snooping Ip igmp snooping version141 142 Show mac-address-table multicast 143 Ip igmp snooping querier 144 Ip igmp snooping query-count Ip igmp snooping query-max-response-time Ip igmp snooping query-interval145 146 147 Ip igmp snooping router-port-expire-time 148 Ip igmp snooping vlan mrouter 149 Show ip igmp snooping mrouterSyntax Show ip igmp snooping mrouter vlan vlan-id 150 Priority Commands 151 Switchport priority default 152 Queue bandwidth 153 Queue cos-map 154 Show queue cos-map Show queue bandwidth155 Syntax Show queue cos-map interface 156 Map ip precedence Global Configuration 157 Map ip precedence Interface Configuration Syntax Map ip dscp no map ip dscp Default Setting Map ip dscp Global Configuration158 159 Map ip dscp Interface Configuration 160 Show map ip precedenceSyntax Show map ip precedence interface 161 Show map ip dscpSyntax Show map ip dscp interface 162 Port monitor Mirror Port Commands163 164 Show port monitorSyntax Show port monitor interface 165 Following shows mirroring configured from port 6 to port 166 Port Trunking CommandsGuidelines for Creating Trunks 167 Channel-groupSyntax Channel-group channel-idno channel-group Lacp Syntax Lacp no lacp Default Setting168 169 170 Troubleshooting Chart Appendix a Troubleshooting Troubleshooting Appendix B Upgrading Firmware VIA Serial Port Upgrading Firmware VIA the Serial Port Page Upgrading Firmware VIA the Serial Port DB-9 Port Pin Assignments Console Port Pin Assignments Console Port to 25-Pin DTE Port on PC Console Port to 9-Pin DTE Port on PC Glossary-1 Glossary-2 Glossary-3 Glossary-4 Glossary-5 Glossary-6 Virtual LAN Vlan Glossary-7XModem Glossary-8 Index-1 Index Index-2 Page For Technical SUPPORT, Call