Manuals / Brands / Computer Equipment / Network Router / ZyXEL Communications / Computer Equipment / Network Router

ZyXEL Communications ES3500 Series 39.7 SSH Implementation on the Switch, 39.8 Introduction to HTTPS

1 360

Download 360 pages, 8.58 Mb

Chapter 39 Access Control

39.7 SSH Implementation on the Switch

Your Switch supports SSH version 2 using RSA authentication and three encryption methods (DES, 3DES and Blowfish). The SSH server is implemented on the Switch for remote management and file transfer on port 22. Only one SSH connection is allowed at a time.

39.7.1 Requirements for Using SSH

You must install an SSH client program on a client computer (Windows or Linux operating system) that is used to connect to the Switch over SSH.

39.8 Introduction to HTTPS

HTTPS (HyperText Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a web protocol that encrypts and decrypts web pages. Secure Socket Layer (SSL) is an application-level protocol that enables secure transactions of data by ensuring confidentiality (an unauthorized party cannot read the transferred data), authentication (one party can identify the other party) and data integrity (you know if data has been changed).

It relies upon certificates, public keys, and private keys.

HTTPS on the Switch is used so that you may securely access the Switch using the web configurator. The SSL protocol specifies that the SSL server (the Switch) must always authenticate itself to the SSL client (the computer which requests the HTTPS connection with the Switch), whereas the SSL client only should authenticate itself when the SSL server requires it to do so. Authenticating client certificates is optional and if selected means the SSL-client must send the Switch a certificate. You must apply for a certificate for the browser from a CA that is a trusted CA on the Switch.

Please refer to the following figure.

1HTTPS connection requests from an SSL-aware web browser go to port 443 (by default) on the Switch’s WS (web server).

2HTTP connection requests from a web browser go to port 80 (by default) on the Switch’s WS (web server).

Figure 186 HTTPS Implementation

308
308	ES3500 Series User’s Guide

Contents

ES3500 Series Quick Start Guide User’s Guide Note: It is recommended you use the Web Configurator to configure the Switch Contents Overview Page Table of Contents Part I: User’s Guide Chapter Page Basic Setting 10.2 Configuring Static MAC Forwarding Configure Multiple Rapid Spanning Tree Protocol Multiple Rapid Spanning Tree Protocol Status 13.8.1 Multiple Spanning Tree Protocol Port Configuration Multiple Spanning Tree Protocol Status Link Aggregation Port Authentication Port Security Classifier Policy Rule 22.1.1 Strictly Priority Queuing 22.1.2 Weighted Fair Queuing 22.1.3 Weighted Round Robin Scheduling (WRR) 23.1.1 VLAN Stacking Example 23.3.1 Frame Format 25.2.2 TACACS+ Server Setup 25.2.3 AAA Setup 25.2.4 Vendor Specific Attribute 25.2.5 Tunnel Protocol Attribute 25.3.1 Attributes Used for Authentication 30.1 sFlow Overview 30.2 sFlow Port Configuration 30.2.1 sFlow Collector Configuration PPPoE Intermediate Agent Overview 31.1.1 PPPoE Intermediate Agent Tag Format 36.1.1 DSCP and Per-HopBehavior 36.1.2 DiffServ Network Example 36.2.1 TRTCM-Color-blindMode 36.2.2 TRTCM-Color-awareMode 36.3.1 Configuring 2-Rate3 Color Marker Settings 39.3.5 Configuring SNMP Trap Group ARP Table Appendix A Common Services Page Page Page Getting to Know Your Switch 1.1 Introduction Sales Figure 3 High Performance Switched Workgroup Application For more information on VLANs, refer to Chapter 9 on page 1.2 Ways to Manage the Switch 1.3Good Habits for Managing the Switch Page Hardware Installation and Connection 2.1 Installation Scenarios 2.2Desktop Installation Procedure 2.3Mounting the Switch on a Rack Page Page Hardware Overview 3.1 Front and Rear Panels Chapter 3 Hardware Overview Figure 12 ES3500-24HPRear Panel Figure 13 ES3500-8PDFront Panel Ethernet Ports PoE In Figure 14 ES3500-8PDRear Panel Page •Type: SFP connection interface •Connection speed: 1 Gigabit per second (Gbps) Use the following steps to install a mini-GBICtransceiver (SFP module) 2Press the transceiver firmly until it clicks into place 4Close the transceiver’s latch (latch styles vary) Figure 16 Connecting the Fiber Optic Cables Use the following steps to remove a mini-GBICtransceiver (SFP module) 1Remove the fiber optic cables from the transceiver 2Open the transceiver’s latch (latch styles vary) 3Pull the transceiver out of the slot 3.2 LEDs Table 4 ES3500-24LED Descriptions (continued) Table 5 ES3500-24HPLED Descriptions Table 5 ES3500-24HPLED Descriptions (continued) Table 6 ES3500-8PDLED Descriptions Page The Web Configurator 4.1 Introduction 4.2System Login 4.3The Web Configurator Layout Page In the navigation panel, click a main link to reveal a list of submenu links Table 7 Navigation Panel Sub-linksOverview BASIC SETTING ADVANCED IP APPLICATION Chapter 4 The Web Configurator Table 8 Navigation Panel Links (continued) This link takes you to a screen where you can configure the Switch to supply power over Ethernet Advanced Application sFlow This link takes you to screens where you can configure sFlow settings on the PPPoE use to identify and authenticate a PPPoE client Errdisable 4.4 Saving Your Configuration 4.5 Switch Lockout 4.6Resetting the Switch 4.7 Logging Out of the Web Configurator 4.8 Help Page Initial Setup Example 5.1 Overview VLAN Group ID VID Figure 26 Initial Setup Network Example: Port VID link Advanced Applications VLAN Port Setting PVID 5.2 Configuring Switch Management IP Address Page Tutorials 6.1How to Use DHCP Snooping on the Switch Control Tx Tagging , activate and specify VLAN 100 as the DHCP VLAN as shown. Click 5 Click the Port link at the top right corner 6The DHCP Snooping Port Configure screen appears The screen appears 6.2 How to Use DHCP Relay on the Switch DHCP Server Port PVID=102 3Click Advanced Application > VLAN > Static VLAN VLAN Status PVID IP Application > DHCP Global DHCP Relay Remote DHCP Server 6.3How to Use PPPoE IA on the Switch Port 12 - Trusted Port 11 - Trusted Port 12 - Trusted Port 5 - Untrusted Note: For related information about PPPoE IA, see Section 31.3 on page SWITCH PORT CONNECTED Intermediate Agent Page Trusted Page 6.4 How to Use Error Disable and Recovery on the Switch Page 6.5 How to Set Up a Guest VLAN Basic Setting > Switch Setup Page Page Guest Vlan 6.6How to Do Port Isolation in a VLAN Page Page Follow the steps below to configure private VLAN for VLAN 1Click Advanced Application > Private VLAN Private VLAN VLAN ID Page Page System Status and Port Statistics 7.1 Overview 7.2 Port Status Summary Chapter 7 System Status and Port Statistics The following table describes the labels in this screen Table 11 Status screen (refer to Figure 29 on page 81) Name Figure 29 Status > Port Details Table 12 Status: Port Details Table 12 Status: Port Details (continued) duplex (F for full duplex or H for half) settings half) and media type (Copper) settings type (Copper or Fiber) settings Status Chapter 7 System Status and Port Statistics RX CRC Length Runt including the ones with CRC errors Basic Setting 8.1 Overview 8.2 System Information Table 13 Basic Setting > System Info System Name Product Model This field displays the model number of the Switch ZyNOS F/W 8.3 General Setup 8.4 Introduction to VLANs Note: VLAN is unidirectional; it only governs outgoing traffic Isolated ports: 2~6 Root port: Designated port: Before Smart Isolation: 8.5 Switch Setup Table 15 Basic Setting > Switch Setup (continued) Aging Time Join Leave Leave All 8.6 IP Setup Table 16 Basic Setting > IP Setup Domain Name Server use a domain name instead of an IP address Default Management IP Address 8.7 Port Setup 8.8 PoE Figure 35 Powered Device Examples PSE PDPD PoE Figure 36 Basic Setting > PoE Status Consuming Power (W) the connected PoE-enableddevices Allocated Power (W) negotiating with the connected PoE device(s) Consuming Power (W) can be less than or equal but not more than the PoE Setup PoE Status Table 19 Basic Setting > PoE Setup Select the power management mode you want the Switch to use with lower priority do not get power to function Page VLAN 9.1 Introduction to IEEE 802.1Q Tagged VLANs 9.2 Automatic VLAN Registration 9.3 Port VLAN Trunking 9.4 Select the VLAN Type 9.5 Static VLAN Section 9.1 on page Figure 40 Advanced Application > VLAN: VLAN Status Table 21 Advanced Application > VLAN: VLAN Status VLAN Search by VID Figure 41 Advanced Application > VLAN > VLAN Detail Table 22 Advanced Application > VLAN > VLAN Detail VLAN Status Click this to go to the VLAN Status screen Port Number Figure 42 Advanced Application > VLAN > Static VLAN The following table describes the related labels in this screen Table 23 Advanced Application > VLAN > Static VLAN ACTIVE Select this check box to activate the VLAN settings Advanced Application > VLAN > Static VLAN (continued) Tagging VLAN Group ID Clear Click Clear to start configuring the screen again 9.6 Subnet Based VLANs 9.7 Configuring Subnet Based VLAN Figure 45 Advanced Application > VLAN > VLAN Port Setting > Subnet Based VLAN Check this to activate this subnet based VLANs on the Switch DHCP-Vlan Override VLAN or via another DHCP server on the subnet based VLAN 9.8 Protocol Based VLANs 9.9 Configuring Protocol Based VLAN 9.10 Create an IP-basedVLAN Example 9.11Port-basedVLAN Setup Filtering Page Page Table 27 Advanced Application > VLAN: Port Based VLAN Setup Setting Choose All connected or Port isolation Choose Wizard Static MAC Forward Setup 10.1 Overview 10.2 Configuring Static MAC Forwarding Chapter 10 Static MAC Forward Setup Table 28 Advanced Application > Static MAC Forwarding clearing this rule Note: Static MAC addresses do not age out Static Multicast Forward Setup 11.1 Static Multicast Forwarding Overview 11.2 Configuring Static Multicast Forwarding to display the configuration screen as shown Figure 55 Advanced Application > Static Multicast Forwarding Table 29 Advanced Application > Static Multicast Forwarding deleting it by clearing this check box address forwarding rule. This is for identification only Table 29 Advanced Application > Static Multicast Forwarding (continued) specified multicast MAC address will be forwarded Filtering 12.1 Configure a Filtering Rule Chapter 12 Filtering Advanced Application > FIltering (continued) MAC Click Clear to clear the fields to the factory defaults which the MAC address belongs Spanning Tree Protocol 13.1 STP/RSTP Overview Table 32 STP Port States PORT STATE Note: The listening state does not exist in RSTP MRSTP MRSTP2 Note: Each port can belong to one STP tree only Figure 58 STP/RSTP Network Example Figure 59 MSTP Network Example Page 13.2 Spanning Tree Protocol Status Screen 13.3 Spanning Tree Configuration 13.4 Configure Rapid Spanning Tree Protocol Chapter 13 Spanning Tree Protocol Table 34 Advanced Application > Spanning Tree Protocol > RSTP (continued) Bridge Priority the root switch. Select a value from the drop-downlist box and Forwarding Delay 13.5 Rapid Spanning Tree Protocol Status 13.6 Configure Multiple Rapid Spanning Tree Protocol 13.7 Multiple Rapid Spanning Tree Protocol Status Note: This screen is only available after you activate MRSTP on the Switch Figure 67 Advanced Application > Spanning Tree Protocol > Status: MRSTP Table 37 Advanced Application > Spanning Tree Protocol > Status: MRSTP edit MRSTP settings on the Switch Select which STP tree configuration you want to view 13.8 Configure Multiple Spanning Tree Protocol Table 38 Advanced Application > Spanning Tree Protocol > MSTP Click Status to display the MSTP Status screen (see Figure 70 on page 140) on the Switch Spanning Tree Protocol > Configuration screen to enable MSTP on the Switch screen to enable MSTP on the Switch Table 38 Advanced Application > Spanning Tree Protocol > MSTP (continued) VLAN Range remove from the VLAN range edit area in the End field Next click: • Add - to add this range of VLAN(s) to be mapped to the MST instance To configure MSTP ports, click screen Figure 69 Advanced Application > Spanning Tree Protocol > MSTP > Port Table 39 Advanced Application > Spanning Tree Protocol > MSTP > Port the common settings and then make adjustments on a port-by-portbasis 13.9 Multiple Spanning Tree Protocol Status This field displays the configuration name for this MST region This field displays the revision number for this MST region A configuration digest is generated from the VLAN-MSTImapping information Digest displays the digest when MSTP is activated on the system Bandwidth Control 14.1 Bandwidth Control Overview 14.2 Bandwidth Control Setup Table 41 Advanced Application > Bandwidth Control (continued) Broadcast Storm Control 15.1 Broadcast Storm Control Setup Chapter 15 Broadcast Storm Control Table 42 Advanced Application > Broadcast Storm Control (continued) Broadcast (pkt Multicast (pkt/s) DLF (pkt/s) Mirroring 16.1 Port Mirroring Setup Chapter 16 Mirroring Advanced Application > Mirroring (continued) set the common settings and then make adjustments on a port-by-portbasis Mirrored Select this option to mirror the traffic on a port Link Aggregation 17.1 Link Aggregation Overview 17.2 Dynamic Link Aggregation 17.3 Link Aggregation Status Chapter 17 Link Aggregation Table 46 Advanced Application > Link Aggregation Status (continued) Aggregator ID enabled for this group Criteria 17.4 Link Aggregation Setting Advanced Application > Link Aggregation > Link Aggregation Setting (continued) address to make sure port trunking can work properly Select src-mac to distribute traffic based on the packet’s source MAC address destination MAC addresses Select src-ip to distribute traffic based on the packet’s source IP address 17.5 Link Aggregation Control Protocol 17.6 Static Trunking Example Configure static trunking Port Authentication 18.1 Port Authentication Overview Chapter 18 Port Authentication Figure 79 IEEE 802.1x Authentication Process New Connection Identity Request Login Credentials 18.2 Port Authentication Configuration Figure 82 Advanced Application > Port Authentication Table 49 Advanced Application > Port Authentication Select this check box to permit 802.1x authentication on the Switch 802.1x authentication on the Switch before configuring it on each port Max-Req Table 49 Advanced Application > Port Authentication > 802.1x (continued) Reauth stay connected to the port Reauth-period username and password to stay connected to the port Port Authentication Figure 84 Advanced Application > Port Authentication > 802.1x > Guest VLAN Table 50 Advanced Application > Port Authentication > 802.1x > Guest VLAN Select this checkbox to enable the guest VLAN feature on this port services Chapter 18 Port Authentication Host-mode (using a hub) Select Multi-Secure to authenticate each user that connects to this port Multi-Secure Table 51 Advanced Application > Port Authentication > MAC Authentication Select this check box to permit MAC authentication on the Switch Name Prefix authentication. You can enter up to 32 printable ASCII characters RADIUS server Port Security 19.1 About Port Security 19.2 Port Security Setup Chapter 19 Port Security Table 52 Advanced Application > Port Security Port List MAC freeze display in the Static MAC Forwarding screen Classifier 20.1 About the Classifier and QoS 20.2Configuring the Classifier Chapter 20 Classifier Advanced Application > Classifier Figure 87 Advanced Application > Classifier Table 53 Advanced Application > Classifier Select this option to enable this rule 20.3 Viewing and Editing Classifier Configuration Figure 88 Advanced Application > Classifier: Summary Table Table 54 Classifier: Summary Table Table 55 Common Ethernet Types and Protocol Number ETHERNET TYPE PROTOCOL NUMBER 20.4 Classifier Example Policy Rule 21.1 Policy Rules Overview 21.2 Configuring Policy Rules Chapter 21 Policy Rule Advanced Applications > Policy Rule Figure 90 Advanced Application > Policy Rule Table 57 Advanced Application > Policy Rule Select this option to enable the policy Table 57 Advanced Application > Policy Rule (continued) General Egress Port Type the number of an outgoing port Specify a priority level 21.3 Viewing and Editing Policy Configuration 21.4 Policy Example Queuing Method 22.1 Queuing Method Overview 22.2 Configuring Queuing Table 59 Advanced Application > Queuing Method This label shows the port you are configuring Robin) get more guaranteed bandwidth than queues with smaller weights more service than queues with smaller weights VLAN Stacking 23.1 VLAN Stacking Overview 23.2 VLAN Stacking Port Roles Port 23.3 VLAN Tag Format 23.4 Configuring VLAN Stacking Table 63 Advanced Application > VLAN Stacking (continued) screen to display the screen as shown Figure 96 Advanced Application > VLAN Stacking > Port-basedQinQ Table 64 Advanced Application > VLAN Stacking > Port-basedQinQ information on VLAN ID tunnel port or cannot match any selective Figure 97 Advanced Application > VLAN Stacking > Selective QinQ Table 65 Advanced Application > VLAN Stacking > Selective QinQ Check this box to activate this rule CVID Table 65 Advanced Application > VLAN Stacking > Selective QinQ (continued) This shows whether this rule is activated or not This is the descriptive name for this rule This is the port number to which this rule is applied This is the customer VLAN ID in the incoming packets Multicast 24.1 Multicast Overview 24.2 Multicast Status 24.3 Multicast Setting Table 67 Advanced Application > Multicast > Multicast Setting (continued) Unknown Multicast Frame Reserved The layer-2multicast MAC addresses used by Cisco layer-2protocols Chapter 24 Multicast Throttling number of the IGMP groups a port can join is reached Deny multicast forwarding table entry is aged out 24.4 IGMP Snooping VLAN 24.5 IGMP Filtering Profile 24.6 MVR Overview Figure 102 MVR Network Example Multicast VLAN S You can set your Switch to operate in either dynamic or compatible mode 24.7 General MVR Configuration Figure 104 Advanced Application > Multicast > Multicast Setting > MVR Table 70 Advanced Application > Multicast > Multicast Setting > MVR among different subscriber VLANs on the network Multicast VLAN Enter the VLAN ID (1 to 4094) of the multicast VLAN 24.8 MVR Group Configuration box Section 24.1.1 on page address for a multicast group MVLAN This field displays the starting IP address of the multicast group News Movie Multicast VID Page AAA 25.1 Authentication, Authorization and Accounting (AAA) 25.2 AAA Screens RADIUS Server Setup Figure 112 Advanced Application > AAA > RADIUS Server Setup Table 73 Advanced Application > AAA > RADIUS Server Setup Use this section to configure your RADIUS authentication settings This field only applies if you configure multiple RADIUS servers Table 73 Advanced Application > AAA > RADIUS Server Setup (continued) Shared Secret be the same on the external RADIUS server and the Switch entry is deleted when you click Apply Accounting TACACS+ Server Setup Authentication and Accounting Figure 113 Advanced Application > AAA > TACACS+ Server Setup Table 74 Advanced Application > AAA > TACACS+ Server Setup Use this section to configure your TACACS+ authentication settings Table 74 Advanced Application > AAA > TACACS+ Server Setup (continued) TCP Port must be the same on the external TACACS+ server and the Switch Use this section to configure your TACACS+ accounting settings This is a read-onlynumber representing a TACACS+ accounting server entry AAA Setup Figure 114 Advanced Application > AAA > AAA Setup Table 75 Advanced Application > AAA > AAA Setup Privilege Enable management) Table 75 Advanced Application > AAA > AAA Setup (continued) Login authenticate administrator accounts (users for Switch management) up the corresponding database correctly first Method 2 and Method 3 fields Advanced Application > AAA > AAA Setup (continued) The Switch supports two modes of recording login events. Select: a user ends a session user ends a session TACACS+ is the only method for recording Commands type of event 25.3 Supported RADIUS Attributes the format of the $enab NAS-Identifier NAS-IP-Address User-Password NAS-Port Acct-Status-Type Acct-Session-ID date+time+8-digit sequential number Acct-Delay-Time Table 80 RADIUS Attributes - Exec Events via Console IP Source Guard 26.1 IP Source Guard Overview Page Page •It pretends to be computer A and responds to computer B •It pretends to be computer B and sends a message to computer A Chapter 12 on page •They are stored only in volatile memory •They do not use the same space in memory that regular MAC address filters use 26.2 IP Source Guard 26.3 IP Source Guard Static Binding Advanced Application > IP Source Guard > Static Binding Figure 118 IP Source Guard Static Binding Table 82 IP Source Guard Static Binding Enter the source MAC address in the binding Enter the IP address assigned to the MAC address in the binding 26.4 DHCP Snooping Table 83 DHCP Snooping (continued) Write delay timer update in the DHCP snooping database before it gives up Abort timer This field displays how long (in seconds) the Switch waits to update the DHCP 26.5 DHCP Snooping Configure Advanced Application > IP Source Guard > DHCP Snooping > Configure Figure 120 DHCP Snooping Configure Table 84 DHCP Snooping Configure snooping on specific VLAN and specify trusted ports no trusted ports Table 84 DHCP Snooping Configure (continued) Renew DHCP Enter the location of a DHCP snooping database, and click Renew if you want the Snooping URL snooping database than the one specified in Agent URL Table 85 DHCP Snooping Port Configure of the ports Server Trusted state untrusted ports in the following situations: 26.6 ARP Inspection Status Table 87 ARP Inspection Status (continued) Expiry (sec) can also delete the record manually (Delete) Reason This field displays the reason the ARP packet was discarded Reply Switch last restarted Forwarded Dropped Advanced Application > IP Source Guard > ARP Inspection > Log Status 26.7 ARP Inspection Configure Table 90 ARP Inspection Configure inspection on specific VLAN and specify trusted ports Filter Aging Time Filter aging time This setting has no effect on existing MAC address filters open this screen, click Figure 127 ARP Inspection Port Configure Table 91 ARP Inspection Port Configure Trusted State The Switch does not discard ARP packets on trusted ports for any reason Advanced Application > IP Source Guard > ARP Inspection > Configure > VLAN Figure 128 ARP Inspection VLAN Configure Table 92 ARP Inspection VLAN Configure VLAN, the settings are applied to all VLANs Log Loop Guard 27.1 Loop Guard Overview Page 27.2 Loop Guard Setup Chapter 27 Loop Guard Advanced Application > Loop Guard (continued) VLAN Mapping 28.1 VLAN Mapping Overview 28.2 Enabling VLAN Mapping 28.3 Configuring VLAN Mapping Page Layer 2 Protocol Tunneling 29.1 Layer 2 Protocol Tunneling Overview Access Tunnel 29.2 Configuring Layer 2 Protocol Tunneling Chapter 29 Layer 2 Protocol Tunneling Table 96 Advanced Application > Layer 2 Protocol Tunneling (continued) STP based on bridge information from all (local and remote) networks VTP sFlow 30.1 sFlow Overview 30.2 sFlow Port Configuration Advanced Application > sFlow (continued) Collector Enter the IP address of the sFlow collector sFlow > Collector be accessible from the Switch Advanced Application > sFlow > Collector (continued) PPPoE 31.1 PPPoE Intermediate Agent Overview Chapter 31 PPPoE Table 101 PPPoE IA Remote ID Sub-optionFormat PPPoE > Intermediate Agent Table 103 PPPoE IA Circuit ID Sub-optionFormat: Defined in WT-101 31.2The PPPoE Screen 31.3 PPPoE Intermediate Agent Figure 144 Advanced Application > PPPoE > Intermediate Agent Table 104 Advanced Application > PPPoE > Intermediate Agent access-node identifier spaces are also allowed. The default is the Switch’s host name Table 104 Advanced Application > PPPoE > Intermediate Agent (continued) Table 105 Advanced Application > PPPoE > Intermediate Agent > Port Chapter 31 PPPoE Table 105 Advanced Application > PPPoE > Intermediate Agent > Port (continued) Trusted ports are uplink ports connected to PPPoE servers Switch forwards it to other trusted port(s) Untrusted ports are downlink ports connected to subscribers Intermediate Agent > Port Table 106 Advanced Application > PPPoE > Intermediate Agent > Port > VLAN Show Port VLAN(s) on the port Enter the lowest VLAN ID you want to configure in the section below Figure 147 Advanced Application > PPPoE > Intermediate Agent > VLAN Table 107 Advanced Application > PPPoE > Intermediate Agent > VLAN Select this option to turn on the PPPoE Intermediate Agent on a VLAN Error Disable 32.1 CPU Protection Overview 32.2 Error-DisableRecovery Overview 32.3 The Error Disable Screen 32.4 CPU Protection Configuration 32.5 Error-DisableDetect Configuration 32.6 Error-DisableRecovery Configuration Table 110 Advanced Application > Errdisable > Errdisable Recovery (continued) Interval Enter the number of seconds (from 30 to 2592000) for the time interval Private VLAN 33.1 Private VLAN Overview 33.2 Configuring Private VLAN Green Ethernet 34.1 Green Ethernet Overview 34.2 Configuring Green Ethernet Static Route 35.1 Static Routing Overview 35.2 Configuring Static Routing Chapter 35 Static Route Table 113 IP Application > Static Routing (continued) Subnet Mask This field displays the subnet mask for this destination Gateway Differentiated Services 36.1 DiffServ Overview P - Platinum G - Gold S - Silver 36.2 Two Rate Three Color Marker Traffic Policing 36.3 Activating DiffServ IP Application DiffServ Table 114 IP Application > DiffServ Select this option to enable DiffServ on the Switch This field displays the index number of a port on the Switch Note: You cannot enable both TRTCM and Bandwidth Control at the same time Figure 162 IP Application > DiffServ > 2-rate3 Color Marker Table 115 IP Application > DiffServ > 2-rate3 Color Marker and marks the packets based on the TRTCM settings DiffServ Chapter 36 Differentiated Services IP Application > DiffServ > 2-rate3 Color Marker (continued) Specify the Commit Information Rate (CIR) for this port Peak Specify the Peak Information Rate (PIR) for this port 36.4 DSCP-to-IEEE802.1p Priority Settings Table 118 IP Application > DiffServ > DSCP Setting 0 … This is the DSCP classification identification number DHCP 37.1 DHCP Overview 37.2DHCP Status 37.3DHCP Relay Figure 166 IP Application > DHCP > Global Table 121 IP Application > DHCP > Global Select this check box to enable DHCP relay Remote DHCP Enter the IP address of a DHCP server in dotted decimal notation VLAN1 Figure 167 Global DHCP Relay Network Example DHCP Server: VLAN1VLAN2 DHCP Relay 37.4 Configuring DHCP VLAN Settings IP Application > DHCP > VLAN (continued) Figure 170 DHCP Relay for Two VLANs DHCP: For the example network, configure the VLAN Setting screen as shown Figure 171 DHCP Relay for Two VLANs Configuration Example Page Maintenance 38.1 The Maintenance Screen 38.2 Load Factory Default 38.3Save Configuration 38.4 Reboot System 38.5Firmware Upgrade 38.6 Restore a Configuration File 38.7 Backup a Configuration File 38.8 FTP Command Line 1Launch the FTP client on your computer 2Enter open, followed by a space and the IP address of your Switch 3Press [ENTER] when prompted for a username 4Enter your password as requested (the default is “1234”) 5Enter bin to set transfer mode to binary Remote Management Access Control 39.1 Access Control Overview 39.2 The Access Control Main Screen 39.3 About SNMP Figure 179 SNMP Management Model An SNMP managed network consists of two main components: agents and a manager Table 126 SNMP Commands Get Allows the manager to retrieve an object variable from the agent 1.3.6.1.4.1.890.1.5.8.61” 1.3.6.1.4.1.890.1.5.8.72” 1.3.6.1.4.1.890.1.5.8.73” OPTION OBJECT LABEL Table 127 SNMP System Traps (continued) Page SNMP System Traps (continued) Table 128 SNMP Interface Traps SNMP Interface Traps (continued) AAA Traps AAA Traps (continued) Table 130 SNMP IP Traps Table 131 SNMP Switch Traps SNMP Switch Traps (continued) rmon RmonRisingAlarm This trap is sent when a variable goes over the RMON "rising" threshold Table 132 Management > Access Control > SNMP (continued) Set Community management station Trap Community Trap Community Table 133 Management > Access Control > SNMP > Trap Group SNMP Setting screen Options Section 39.3.3 on page 294 for individual trap descriptions categories) Table 134 Management > Access Control > SNMP > User User create accounts on the SNMP v3 manager Specify the username of a login account on the Switch Security Level 39.4 Setting Up Login Accounts 39.5 SSH Overview 39.6 How SSH works 39.7 SSH Implementation on the Switch 39.8 Introduction to HTTPS HTTP Service Access Control 39.9 HTTPS Example Continue to this website (not recommended) Certificate Error View certificates Install Certificate This Connection is Untrusted I Understand the Risks Add Exception button Figure 191 Security Alert (Mozilla Firefox) Confirm Security Exception Figure 192 Security Alert (Mozilla Firefox) 39.10 Service Port Access Control 39.11 Remote Management Access Control Figure 195 Management > Access Control > Remote Management Table 137 Management > Access Control > Remote Management Entry wish to temporarily disable the set without deleting it Diagnostic 40.1 Diagnostic Syslog 41.1 Syslog Overview 41.2 Syslog Setup 41.3 Syslog Server Setup Cluster Management 42.1 Cluster Management Status Overview 42.2 Cluster Management Status Clustering Management Status The following table explains some of the FTP parameters Table 144 FTP Upload to Cluster Member Example FTP PARAMETER User Enter “admin” 42.3 Clustering Management Configuration Table 145 Management > Cluster Management > Configuration (continued) 802.1Q Clustering The following fields relate to the switches that are potential cluster members Candidate MAC Table 43.1 MAC Table Overview 43.2 Viewing the MAC Table Table 146 Management > MAC Table (continued) Select Dynamic to MAC forwarding and click the Transfer button to change all They also display in the Static MAC Forwarding screen Filtering Discard source ARP Table 44.1 ARP Table Overview 44.2 The ARP Table Screen Configure Clone 45.1 Configure Clone Page Table 148 Management > Configure Clone Source Source separated by a comma or a range of ports by using a dash Example: Troubleshooting 46.1Power, Hardware Connections, and LEDs Chapter 46 Troubleshooting One of the LEDs does not behave as expected Make sure you understand the normal behavior of the LED. See Section 3.2 on page 2Check the hardware connections. See Section 3.1 on page 46.2 Switch Access and Login I can see the Login screen, but I cannot log in to the Switch 3Disconnect and re-connectthe cord to the Switch Pop-upWindows, JavaScripts and Java Permissions •Web browser pop-upwindows from your device •JavaScripts (enabled by default) 46.3 Switch Configuration Page Common Services Appendix A Common Services Table 149 Commonly Used Services (continued) Page Page Legal Information Page Page Safety Warnings ENGLISH DEUTSCH ESPAÑOL FRANÇAIS ITALIANO Page 107 330, 332 152 215 321 44 90 GVRP 100, 105 149 Page setup 165, 236 supported 294, 295, 298 STP 132, 134 VID 99, 102, 103 102