Manuals / Brands / Computer Equipment / Switch / ZyXEL Communications / Computer Equipment / Switch

ZyXEL Communications ES-2024 Port Security, 17.1 Port Sercurity Overview, 17.2Port Security Setup, Port Security, Advanced Application

1 276

Download 276 pages, 6.37 Mb

ES-2024 Series User’s Guide

CHAPTER 17

Port Security

This chapter shows you how to set up port security.

17.1 Port Sercurity Overview

Port security allows only packets with dynamically learned MAC addresses and/or configured static MAC addresses to pass through a port on the switch.

For maximum port security, enable this feature, disable MAC address learning and configure static MAC address(es) for a port.

Functionally the switch allows for three possible outcomes with port security. You can configure the ports to:

•Forward all packets and learn all MAC addresses.

•Drop all packets from unknown MAC addresses and do not learn MAC addresses.

•Drop all packets from unknown MAC addresses and learn a limited number of MAC addresses.

Note: The switch supports five possible configurations for port security. See Section

17.3on page 120 for supported configurations and an example.

17.2Port Security Setup

Click Advanced Application, Port Security in the navigation panel to display the screen as shown.

Chapter 17 Port Security

118

Contents

User’s Guide Copyright Disclaimer Trademarks Certifications Federal Communications Commission (FCC) Interference Statement FCC Warning CE Mark Warning: Taiwanese BSMI (Bureau of Standards, Metrology and Inspection) A Warning: Certifications Safety Warnings ZyXEL Limited Warranty Note Registration Customer Support Page Page Table of Contents Initial Setup Example System Status and Port Statistics Basic Setting Page Page Page Chapter Diagnostic Syslog MAC Table Page IEEE 802.1Q Tagged VLAN Commands Troubleshooting Page List of Figures Page Page Page List of Tables Page Page Page Preface About This User's Guide Related Documentation Syntax Conventions Graphics Icons Key User Guide Feedback Getting to Know Your Switch 1.1 Introduction 1.2 Software Features DHCP Client VLAN Queuing Port Mirroring Static Route IGMP Snooping Multicast VLAN Registration (MVR) 1.3Hardware Features Ethernet Ports Gigabit Ethernet Ports Mini-GBICSlots Console Port 1.4 Applications 1.4.1 Backbone Application 1.4.2 Bridging Example 1.4.3 High Performance Switched Example 1.4.4 IEEE 802.1Q VLAN Application Examples 1.4.4.1 Tag-basedVLAN Example 1.4.4.2 VLAN Shared Server Example Page Page Hardware Installation and Connection 2.1 Freestanding Installation 2.2 Mounting the Switch on a Rack 2.2.1Rack-mountedInstallation Requirements 2.2.1.1Precautions 2.2.2Attaching the Mounting Brackets to the Switch 2.2.3Mounting the Switch on a Rack Page Page Hardware Overview 3.1 Front Panel Connection 3.1.1 Console Port 3.1.2 Ethernet Ports 3.1.2.1 Default Ethernet Settings 3.1.3Mini-GBICSlots 3.1.3.1 Transceiver Installation 3.1.3.2 Transceiver Removal 3.2 Rear Panel 3.2.1 Power Connector 3.3 LEDs Page The Web Configurator 4.1 Introduction 4.2System Login 4.3 The Status Screen 4.3.1 Menu Overview Page Page 4.3.2 Change Your Password 4.4 Saving Your Configuration 4.5 Switch Lockout 4.6 Resetting the Switch 4.6.1 Reload the Factory-defaultConfiguration File 4.7 Logging Out of the Web Configurator 4.8 Help Initial Setup Example 5.1 Overview 5.1.1Creating a VLAN 5.1.2Setting Port VID 5.1.3Configuring Switch Management IP Address 3Click Basic Setting and IP Setup in the navigation panel VID Static VLAN System Status and Port Statistics 6.1 Port Status Summary 6.1.1 Status: Port Details Page Page Page Page Basic Setting 7.1 Overview 7.2 System Information Page Page 7.3 General Setup 7.4 Introduction to VLANs 7.5 Switch Setup Screen 7.6 IP Setup 7.6.1 Management IP Addresses Figure 30 IP Setup 7.7 Port Setup Figure 31 Port Setup Page Page VLAN 8.1 Introduction to IEEE 802.1Q Tagged VLAN 8.1.1 Forwarding Tagged and Untagged Frames 8.2 Automatic VLAN Registration 8.2.1 GARP 8.2.1.1 GARP Timers 8.2.2 GVRP 8.3 Port VLAN Trunking 8.4 Select the VLAN Type 8.5 Static VLAN 8.5.1 Static VLAN Status 8.5.2 VLAN Detail 8.5.3 Configure a Static VLAN Page 8.5.4 Configure VLAN Port Settings 8.6 Port-basedVLAN Setup 8.6.1 Configure a Port-basedVLAN Page Page Page Static MAC Forwarding 9.1 Static MAC Forwarding Overview 9.2 Configuring Static MAC Forwarding Page Filtering 10.1 Filtering Overview 10.2 Configure a Filtering Rule Page Spanning Tree Protocol 11.1 STP/RSTP Overview 11.1.1 STP Terminology 11.1.2 How STP Works 11.2 STP Port States 11.3 STP Status 11.4 Configuring STP Page Page Page Bandwidth Control 12.1 Bandwidth Control Setup Page Broadcast Storm Control 13.1 Broadcast Storm Control Overview 13.2 Broadcast Storm Control Setup Page Mirroring 14.1 Mirroring Overview 14.2 Port Mirroring Setup Figure 46 Mirroring Page Page Link Aggregation 15.1 Link Aggregation Overview 15.2 Dynamic Link Aggregation 15.2.1 Link Aggregation ID 15.3 Link Aggregation Status 15.4 Link Aggregation Setup Page Port Authentication 16.1 Port Authentication Overview 16.1.1 RADIUS 16.1.1.1 Vendor Specific Attribute 16.1.1.2 Tunnel Protocol Attribute 16.2 Port Authentication Configuration 16.3 Activating IEEE 802.1x Security 16.4 Configuring RADIUS Server Settings Page Page Port Security 17.1 Port Sercurity Overview 17.2Port Security Setup Page 17.3 Port Security Example Page Queuing Method 18.1 Queuing Method Overview 18.1.1 Strict Priority Queuing (SPQ) 18.1.2 Weighted Round Robin Scheduling (WRR) 18.2 Configuring Queuing Method Multicast 19.1 Multicast Overview 19.1.1 IP Multicast Addresses 19.1.2 IGMP Filtering 19.1.3 IGMP Snooping 19.2 Multicast Status 19.3 Multicast Setup Page 19.4 IGMP Filtering Profile 19.5 MVR Overview 19.5.1 Types of MVR Ports 19.5.2 MVR Modes 19.5.3 How MVR Works 19.6 General MVR Configuration Figure 61 MVR Table 43 MVR 19.7 MVR Group Configuration Page 19.7.1 MVR Configuration Example Page Page Page Static Route 20.1 Configuring Static Route Page DiffServ Code Point 21.1 DiffServ Overview 21.2 Activating DiffServ 21.3 DSCP-to-IEEE802.1pPriority Mapping 21.3.1 Configuring DSCP Settings Page Page Maintenance 22.1 The Maintenance Screen 22.2 Load Factory Default 22.3Save Configuration 22.4 Reboot System 22.5Firmware Upgrade 22.6 Restore a Configuration File 22.7 Backing Up a Configuration File 22.8FTP Command Line 22.8.1 Filename Conventions 22.8.1.1 Example FTP Commands 22.8.2 FTP Command Line Procedure 22.8.3GUI-basedFTP Clients 22.8.4 FTP Restrictions Access Control 23.1 Access Control Overview 23.2 The Access Control Main Screen 23.3 About SNMP 23.3.1 Supported MIBs 23.3.2SNMP Traps 23.3.3 Configuring SNMP 23.4 Setting Up Login Accounts 23.5 SSH Overview 23.6 How SSH works 23.7SSH Implementation on the Switch 23.7.1 Requirements for Using SSH 23.7.2 SSH Login Example 23.8 Introduction to HTTPS 23.9 HTTPS Example 23.9.1 Internet Explorer Warning Messages 23.9.2 Netscape Navigator Warning Messages 23.9.3 The Main Screen 23.10 Service Port Access Control 23.11 Remote Management Page Page Diagnostic 24.1 Diagnostic Page Syslog 25.1 Syslog Overview 25.2 Syslog Setup 25.3 Syslog Server Setup Page Page Cluster Management 26.1 Cluster Management Overview 26.2 Cluster Management Status 26.2.1 Cluster Member Switch Management 26.2.1.1 Uploading Firmware to a Cluster Member Switch 26.3 Configuring Cluster Management Page Page MAC Table 27.1 MAC Table Overview 27.2 Viewing the MAC Table ARP Table 28.1 ARP Table Overview 28.1.1 How ARP Works 28.2 Viewing the ARP Table Figure 99 ARP Table Table 67 ARP Table Configure Clone 29.1 Clone a Port Page Introducing the Commands 30.1 Overview 30.2 Accessing the CLI 30.2.1 Multiple Login 30.2.2The Console Port 30.2.3 Telnet 30.2.4SSH 30.3 The Login Screen 30.4 Command Syntax Conventions 30.5Changing the Password 30.6 Account Privilege Levels 30.7 Command Modes 30.8 Getting Help 30.8.1List of Available Commands 30.8.2 Detailed Command Information 30.9 Using Command History 30.10 Saving Your Configuration 30.10.1 Switch Configuration File 30.10.2 Logging Out 30.11 Command Summary 30.11.1 User Mode 30.11.2 Enable Mode Page Page Page Page 30.11.3 General Configuration Mode Page Page Page Page Page Page Page Page 30.11.4 interface port-channelCommands Page Page 30.11.5 mvr Commands 30.11.6 config-vlanCommands Page Page Command Examples 31.1 Overview 31.2 show Commands 31.2.1 show interface 31.2.2 show ip 31.2.3 show logging 31.2.4 show mac address-tableall 31.2.5 show pwr 31.2.6 show system-information 31.3 ping 31.4 traceroute 31.5 Enabling RSTP 31.6 Copy Port Attributes 31.7 Configuration File Maintenance 31.7.1 Resetting to the Factory Default Page Configuration Mode Commands 32.1 Setting Login Accounts 32.2 Enabling IGMP Snooping 32.3 Configuring an IGMP Filter 32.4 Enabling STP Page 32.5 no Command Examples 32.5.1 Disable Commands 32.5.2 Resetting Commands 32.5.3 Re-enablingCommands 32.5.4 Other Examples of no Commands 32.5.4.1no trunk 32.5.4.2 no port-access-authenticator 32.5.4.3no ssh 32.6 pwr Commands 32.7 Queuing Method Commands 32.8 Static Route Commands 32.9 Enabling MAC Filtering 32.10 Enabling Trunking 32.11 Enabling Port Authentication 32.11.1 RADIUS Server Settings 32.11.2 Port Authentication Settings Page Interface Commands 33.1 Overview 33.2 Interface Command Examples 33.2.1 interface port-channel 33.2.2 bandwidth-limit 33.2.3 mirror 33.2.4 gvrp 33.2.5 frame-type 33.2.6 egress set 33.2.7 qos priority 33.2.8 name 33.2.9 speed-duplex 33.2.10 test 33.3 Interface no Command Examples 33.3.1 no bandwidth-limit IEEE 802.1Q Tagged VLAN Commands 34.1 Configuring Tagged VLAN 34.2 Global VLAN1Q Tagged VLAN Configuration Commands 34.2.1 GARP Status 34.2.2 GARP Timer 34.2.3 GVRP Timer 34.2.4 Enable GVRP 34.3 Port VLAN Commands 34.3.1 Set Port VID 34.3.2 Set Acceptable Frame Type 34.3.3 Enable or Disable Port GVRP 34.3.4 Modify Static VLAN 34.3.4.1Modify a Static VLAN Table Example 34.3.4.2 Forwarding Process Example 34.3.5 Delete VLAN ID 34.4 Enable VLAN 34.5 Disable VLAN 34.6 Show VLAN Setting Page Troubleshooting 35.1 Problems Starting Up the Switch 35.2 Problems Accessing the Switch 35.2.1 Pop-upWindows, JavaScripts and Java Permissions 35.2.1.1 Internet Explorer Pop-upBlockers 2Select Settings…to open the Pop-upBlocker Settings screen Allowed sites 35.2.1.2JavaScripts Custom Level Scripting Active scripting Scripting of Java applets 35.2.1.3 Java Permissions Advanced 2make sure that Use Java 2 for <applet> under Java (Sun) is selected 35.3 Problems with the Password Page Product Specifications Page Page Page Introduction to IP Addresses IP Address Classes and Hosts IP Address Classes and Network ID Subnet Masks Subnetting Example: Two Subnets Example: Four Subnets Example Eight Subnets Subnetting With Class A and Class B Networks Page Index