Manuals / Brands / Computer Equipment / Switch / ZyXEL Communications / Computer Equipment / Switch

ZyXEL Communications GS-3012 Series, GS-3012F Series 25.6 SSH Implementation, 25.7 Introduction to HTTPS, 25.6.1 Requirements for Using SSH, HTTP, Service Access Control

1 300

Download 300 pages, 7.55 Mb

Chapter 25 Access Control

25.6 SSH Implementation

Your switch supports SSH versions 1 and 2 using RSA and DSA authentication and five encryption methods (AES, 3DES, RC4, Blowfish and CAST). The SSH server is implemented on the switch for remote management and file transfer on port 22 (by default). Up to four SSH connections are allowed at a time.

25.6.1 Requirements for Using SSH

You must install an SSH client program on a client computer (Windows or Linux operating system) that is used to connect to the switch over SSH.

25.7 Introduction to HTTPS

HTTPS (HyperText Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a web protocol that encrypts and decrypts web pages. Secure Socket Layer (SSL) is an application- level protocol that enables secure transactions of data by ensuring confidentiality (an unauthorized party cannot read the transferred data), authentication (one party can identify the other party) and data integrity (you know if data has been changed).

It relies upon certificates, public keys, and private keys.

HTTPS on the switch is used so that you may securely access the switch using the web configurator. The SSL protocol specifies that the SSL server (the switch) must always authenticate itself to the SSL client (the computer which requests the HTTPS connection with the switch), whereas the SSL client only should authenticate itself when the SSL server requires it to do so.

Please refer to the following figure.

1HTTPS connection requests from an SSL-aware web browser go to port 443 (by default) on the switch’s WS (web server).

2HTTP connection requests from a web browser go to port 80 (by default) on the switch’s WS (web server).

Figure 100 HTTPS Implementation

"If you disable HTTP in the Service Access Control screen, then the switch blocks all HTTP connection attempts.

	181
GS-3012/GS-3012F User’s Guide	181

Contents

www.zyxel.com Page About This User's Guide Document Conventions Icons Used in Figures Safety Warnings Page Page Contents Overview Commands and Troubleshooting Appendices and Index Table of Contents Part II: Basic Settings Part III: Advanced Settings Broadcast Storm Control Mirroring Link Aggregation Page Part IV: Static Routing and Management Routing Protocol Maintenance Part V: Commands and Troubleshooting Page Page Part VI: Appendices and Index List of Figures Page Page Page Page Page List of Tables Page Page Page PART Introduction and Hardware Overview Page Getting to Know Your Switch 1.1 Introduction 1.1.1 Backbone Application 1.1.2 Bridging Example 1.1.3 High Performance Switched Workgroup Example 1.1.4 IEEE 802.1Q VLAN Application Examples 1.2 Ways to Manage the Switch 1.3Good Habits for Managing the switch Page Hardware Installation and Connection 2.1 Installation Scenarios 2.2Desktop Installation Procedure 2.3Mounting the Switch on a Rack 2.3.1Rack-mountedInstallation Requirements 2.3.2Attaching the Mounting Brackets to the Switch 2.3.3Mounting the Switch on a Rack Page Hardware Overview 3.1 Front Panel 3.1.1 Console Port 3.1.2 Gigabit Ports 3.1.3 Mini-GBICSlots 3.1.3.1 Transceiver Installation 3.1.3.2 Transceiver Removal 3.1.4 Management Port 3.2 Rear Panel 3.2.1Power Connector 3.3 LEDs 3.4 Configuring the Switch Page Basic Settings Page Introducing the Web Configurator 4.1 Introduction 4.2System Login 4.3 Status Screen Page Page 4.3.1 Change Your Password 4.4 Switch Lockout 4.5Resetting the Switch 4.5.1 Reload the Configuration File 4.5.2 Logging Out of the Web Configurator 4.5.3 Help Page Initial Setup Example 5.1 Overview 5.1.1Creating a VLAN 5.1.2Setting Port VID 5.2Configuring Switch Management IP Address 3Click Basic Setting and IP Setup in the navigation panel System Status and Port Details 6.1 About System Statistics and Information 6.2 Port Status Summary 6.2.1 Port Details Page Page Page Page Basic Setting 7.1 Introducing the Basic Setting Screens 7.2 System Information Page 7.3 General Setup Page 7.4 Introduction to VLANs 7.5 Switch Setup Screen Page 7.6 IP Setup 7.6.1 Management IP Addresses Figure 33 IP Setup Table 11 IP Setup Page 7.7 Port Setup Switch Setup screen first Page ART Advanced Settings Page VLAN 8.1 Introduction to IEEE 802.1Q Tagged VLAN 8.1.1 Forwarding Tagged and Untagged Frames 8.1.2 Automatic VLAN Registration 8.1.3 Port VLAN Trunking 8.2 Select the VLAN Type 8.3 802.1Q VLAN 8.3.1 802.1Q VLAN Detail 8.3.2 802.1Q VLAN Port Settings 8.3.3 802.1Q Static VLAN Page 8.3.4 Viewing and Editing VLAN Settings 8.4 Introduction to Port-basedVLANs IP Setup Filtering 8.4.1 Configuring a Port-basedVLAN Page Page Static MAC Forward Setup 9.1 Introduction to Static MAC Forward Setup 9.2 Configuring Static MAC Forwarding 9.3 Viewing and Editing Static MAC Forwarding Rules Page Page Filtering 10.1 Introduction to Filtering 10.2 Configuring a Filtering Rule 10.3 Viewing and Editing Filter Rules Spanning Tree Protocol 11.1 STP/RSTP Overview 11.1.1 STP Terminology 11.1.2 How STP Works 11.1.3 STP Port States 11.1.4 Multiple RSTP 11.2 Spanning Tree Protocol Main Screen 11.3 Configure Rapid Spanning Tree Protocol Page 11.4 Rapid Spanning Tree Protocol Status 11.5 Configure Multiple Rapid Spanning Tree Protocol Page 11.6 Multiple Rapid Spanning Tree Protocol Status Page Bandwidth Control 12.1 Introduction to Bandwidth Control 12.1.1 CIR and PIR 12.1.2Bandwidth Control Setup Page Broadcast Storm Control 13.1 Introducing Broadcast Storm Control 13.2 Configuring Broadcast Storm Control Page Mirroring 14.1 Introduction to Port Mirroring 14.2 Port Mirroring Configuration Page Link Aggregation 15.1 Introduction to Link Aggregation 15.1.1 Dynamic Link Aggregation 15.1.2 Link Aggregation ID 15.2 Link Aggregation Protocol Status 15.3 Link Aggregation Setup Page Port Authentication 16.1 Introduction to Authentication 16.1.1 RADIUS 16.1.1.2 Tunnel Protocol Attribute 16.2 Configuring Port Authentication 16.2.1 Configuring RADIUS Server Settings 16.2.2 Configuring IEEE802.1x Page Page Port Security 17.1 About Port Security 17.2 Port Security Setup Page Page Page Classifier 18.1 About the Classifier and QoS 18.2Configuring the Classifier Figure 65 Classifier You select either field before you configure the socket numbers 18.3 Viewing and Editing Classifier Configuration 18.4 Classifier Example Page Policy Rule 19.1 About Policy Rules 19.1.1 DiffServ 19.1.2 DSCP and Per-HopBehavior 19.2Configuring Policy Rules Classifier Table 47 Policy 19.3 Viewing and Editing Policy Configuration 19.4 Policy Example Page Queuing Method 20.1 Introduction to Queuing 20.1.1 Strict Priority Queuing (SPQ) 20.1.2 Weighted Round Robin Scheduling (WRR) 20.2 Configuring Queuing Page Page Multicast 21.1 Multicast Overview 21.1.1 IP Multicast Addresses 21.1.2 IGMP Filtering 21.1.3 IGMP Snooping 21.2 Multicast Status 21.3 Multicast Setup Page Page 21.4 IGMP Filtering Profile 21.5 MVR Overview 21.5.1 Types of MVR Ports 21.5.2 MVR Modes 21.5.3 How MVR Works 21.6 General MVR Configuration Figure 77 MVR Table 54 MVR 21.7 MVR Group Configuration Page 21.7.1 MVR Configuration Example Page DHCP Relay 22.1 DHCP Relay Overview 22.1.1 DHCP “Relay Agent Information Option” 22.1.2 DHCP Relay Agent Circuit ID Sub-optionFormat 22.2DHCP Relay Configuration Figure 83 DHCP Relay Static Routing and Management Page Routing Protocol 23.1 Static Route Overview Page Maintenance 24.1 Maintenance 24.2 Load Factory Defaults 24.3 Save Configuration Apply Add 24.4Reboot System 24.5 Firmware Upgrade 24.6Restore a Configuration File 24.7 Backing Up a Configuration File 24.8Command Line FTP 24.8.1 Filename Conventions 24.8.2 FTP Command Line Procedure 24.8.3 GUI-basedFTP Clients 24.8.4 FTP Restrictions Page Access Control 25.1 About Access Control 25.2 Access Control Overview 25.3 About SNMP 25.3.1 Supported MIBs 25.3.2SNMP Traps 25.3.3 Configuring SNMP 25.3.4 Setting Up Login Accounts Page 25.4 SSH Overview 25.5 How SSH works 25.6 SSH Implementation 25.6.1 Requirements for Using SSH 25.7 Introduction to HTTPS HTTP Service Access Control 25.7.1 HTTPS Example 25.7.2 Internet Explorer Warning Messages 25.7.3 Netscape Navigator Warning Messages 25.7.4 Login Screen 25.8 Service Access Control 25.9 Remote Management Page Diagnostic 26.1 Diagnostic Page Syslog 27.1 Syslog 27.2 Syslog Setup 27.3 Syslog Server Setup Page Page Cluster Management 28.1 Introduction to Cluster Management 28.2 Cluster Management Status 28.2.1 Cluster Member Switch Management 28.2.1.1 Uploading Firmware to a Cluster Member Switch 28.3 Clustering Management Configuration Page Page MAC Table 29.1 Introduction to MAC Table 29.2 Viewing MAC Table ARP Table 30.1 Introduction to ARP Table 30.1.1 How ARP Works 30.2 Viewing ARP Table Figure 117 ARP Table Table 78 ARP Table Configure Clone 31.1 Configure Clone Page Commands and Troubleshooting Page Introducing the Commands 32.1 Overview 32.1.1 Switch Configuration File 32.2 Accessing the CLI 32.2.1Access Priority 32.2.2The Console Port 32.2.3 Telnet 32.3The Login Screen 32.4 Command Syntax Conventions 32.5 Getting Help 32.5.1List of Available Commands 32.5.2 Detailed Command Information 32.6 Privilege Levels 32.7Command Modes Page 32.8 Using Command History 32.9 Saving Your Configuration 32.9.1 Logging Out 32.10 Command Summary 32.10.1 User Mode 32.10.2 Enable Mode Page Page Page Page 32.10.3 Configure Mode Page Example: <config># Page Page Page Page Page Page Page Page Page 32.10.4 config-vlanCommands 32.10.5 interface port-channelCommands Page Page 32.10.6 mvr Commands Page Page Command Examples 33.1 Overview 33.2 show Commands 33.2.1 show system-information 33.2.2 show hardware-monitor 33.2.3 show ip 33.2.4show logging 33.2.5show interface 33.2.6 show mac address-table 33.3 ping 33.4 traceroute 33.5 Enabling RSTP 33.6 Configuration File Maintenance 33.6.1 Backing up Configuration 33.6.2 Restoring Configuration 33.6.3 Using a Different Configuration File 33.6.4Resetting to the Factory Default 33.7 Example no Commands 33.7.1 no mirror-port 33.7.2 no trunk 33.7.3 no port-access-authenticator 33.7.4 no ssh 33.8 interface Commands 33.8.1 interface port-channel 33.8.2 bpdu-control 33.8.3 broadcast-limit 33.8.4 bandwidth-limit 33.8.5 mirror 33.8.6 gvrp 33.8.7 ingress-check 33.8.8 vlan-trunking 33.8.9 weight 33.8.10 egress set 33.8.11 qos priority 33.8.12 name 33.8.13 speed-duplex Page Page IEEE 802.1Q Tagged VLAN Commands 34.1 IEEE 802.1Q Tagged VLAN Overview 34.2 VLAN Databases 34.2.1 Static Entries (SVLAN Table) 34.2.2 Dynamic Entries (DVLAN Table) 34.3 Configuring Tagged VLAN 34.4 Global VLAN1Q Tagged VLAN Configuration Commands 34.4.1 GARP Status 34.4.2 GARP Timer 34.4.3 Show GVRP 34.4.4 Enable GVRP 34.4.5 Disable GVRP 34.5 Port VLAN Commands 34.5.1 Set Port VID 34.5.2 Set Acceptable Frame Type 34.5.3 Enable or Disable Port GVRP 34.5.4 Modify Static VLAN 34.5.4.1Modify a Static VLAN Table Example 34.5.4.2 Forwarding Process Example Tagged Frames 34.5.5Delete VLAN ID 34.6 Enable VLAN 34.7 Disable VLAN 34.8 Show VLAN Setting Page Troubleshooting Page Appendices and Index Page Product Specifications Page Page Page Browser Setup Pop-upWindows, JavaScripts and Java Permissions Internet Explorer Pop-upBlockers Disable pop-upBlockers Enable pop-upBlockers with Exceptions Allowed sites JavaScripts Java Permissions JAVA (Sun) IP Addresses and Subnetting Introduction to IP Addresses Structure Subnet Masks Network Size Notation Subnetting Example: Four Subnets Example: Eight Subnets Subnet Planning Configuring IP Addresses Private IP Addresses Legal Information Copyright Certifications ZyXEL Limited Warranty Note Registration Page Customer Support Denmark Finland France Germany Hungary North America Norway Poland Russia Spain Sweden Ukraine United Kingdom Numerics Index