Home
/
Asante
/
IntraCore IC36240 Series
/
User Manual

Asante IntraCore IC36240 Series, User Manual

Share

Page: 44 / 108

Asante IntraCore IC36240 Series User Manual Download Page 44

5.3.3 Security Levels

SNMPv3 has three levels of security. The lowest level does not provide authentication or privacy (noAuthNoPriv).
This level is comparable to SNMPv1. The second level provides authentication, but no privacy (AuthNoPriv). The
highest level provides authentication and security (AuthPriv). Based on protection needs you should use some
combination of these security levels.

Authentication, privacy, and access control combined address the security threats faced by SNMP, including
Modification of Information, Masquerade, Disclosure, and Message Stream Modification attacks. SNMPv3 provides
these security features.

SNMPv3 does not protect the network from Denial of Service and Traffic Analysis attacks.

5.3.4 Support

The IntraCore IC36240 switch supports Simple Network Management Protocol (SNMP) v1, v2 and v3. SNMP v3
provides additional security for your network. The SNMP system consists of three parts: an SNMP manager, an
SNMP agent, and a Management Information Base (MIB). SNMP is an application-layer protocol that allows SNMP
manager and agent stations to communicate. SNMP provides a message format for sending information between an
SNMP manager and an SNMP agent. The agent and MIB reside on the switch. In configuring SNMP on the switch,
the relationship between the manager and the agent must be defined.

The

SNMP agent

gathers data from the

MIB

, which holds the information about device parameters and network data.

The agent also responds to the manager’s requests to get or set data. An agent can also send unsolicited traps to the
manager. Traps are messages alerting the SNMP manager to a specific event on the network. Such events include
improper user authentication, restarts, link status (up or down), closing of a TCP connection, or loss of connection to
a neighboring switch. An

SNMP manager

can request a value from an agent, or store or change a value in that agent.

To configure support for SNMP on the switch, perform the following tasks:

•

Create or Modify Access Control for SNMP Community

•

Establish the Contact and Location of SNMP Agent

•

Define SNMP Trap Operations

•

Disable the SNMP Agent

Create or Modify Access Control for SNMP Community

You can configure a community string, which acts like a password, to permit access to the agent on the switch.

•

Read Only (ro): The string that defines access rights for reading SNMP data objects. The default is public.

•

Read-Write (rw): The string that defines access rights for writing SNMP data objects. The default is private.

Important!

Be sure to change the SNMP default community strings in order to prevent unauthorized access to

management information.

44

Asante IntraCore IC36240

User’s Manual

«
...
42
43
44
45
46
...
»

Summary of Contents for IntraCore IC36240 Series

Page 1: ...IntraCore IC36240 Series Layer 2 Gigabit Ethernet Switch User s Manual...

Page 2: ...c All rights reserved No part of this document or any associated artwork product design or design concept may be copied or reproduced in whole or in part by any means without the express written conse...

Page 3: ...nstallation Tools 13 2 1 3 Power Requirements 13 2 1 4 Environmental Requirements 13 2 1 5 Cooling and Airflow 13 2 2 Installing into an Equipment Rack 13 2 2 1 Equipment Rack Guidelines 14 2 3 SFP Mi...

Page 4: ...rface CLI 24 4 1 User Top User EXEC Mode 24 4 2 Privileged Top Privileged EXEC Mode 25 4 3 Global Configuration Mode 26 4 3 1 Interface Configuration Mode 28 4 3 2 Spanning Tree Configuration Mode 28...

Page 5: ...onfiguration Files to a Network Server 40 5 2 3 Copying Configuration Files from a Network Server to the Switch 42 5 3 Configuring SNMP 43 5 3 1 Authentication 43 5 3 2 Access Control 43 5 3 3 Securit...

Page 6: ...ted Fair Queuing Lists 70 8 2 Priority Queuing 70 8 2 1 Defining the Priority List 71 8 2 2 Monitoring Priority Queuing Lists 71 8 2 3 Priority Queuing Example 71 8 4 Traffic Shaping 71 8 4 1 Configur...

Page 7: ...reen 95 9 10 System Clock Menu 96 9 11 Save 97 Appendix A Basic Troubleshooting 98 Appendix B Specifications 99 B 1 Standards Compliance 100 B 2 Technical Support and Warranty 100 Appendix C FCC Compl...

Page 8: ...nto separate broadcast domains with IEEE 802 1Q compliant VLANs and provide multimedia applications with multicast switching and CoS services The system can operate as a stand alone network or be used...

Page 9: ...e front and back panels of the IntraCore IC36240 Series switches The front panel of the IntraCore IC36240 contains the following power and port LEDs 24 10 100 1000BaseT ports 4 dual function Gigabit p...

Page 10: ...led and ready to provide power Internal power supply has failed and the external power supply is on External power supply is not installed or is not working properly Fan Green Amber Fans are working p...

Page 11: ...2 or USB interface You can access the switch by connecting a PC or terminal to the console port of the switch via a serial cable The default password set on the console line is Asante it is case sensi...

Page 12: ...ay not include every possible hazard Use caution when installing this switch Only trained and qualified personnel should be allowed to install or replace this equipment Always use caution when lifting...

Page 13: ...Humidity 5 to 95 non condensing Avoid direct sunlight heat sources or areas with high levels of electromagnetic interference Failure to observe these limits may cause damage to the switch and void the...

Page 14: ...industry standard for Gigabit Ethernet Interfaces The Gigabit SFP module inserts into the Mini GBIC port to create a new Gigabit port The hot swapping feature on the IntraCore IC36240 lets you install...

Page 15: ...ew the power requirements Chapter 2 1 3 before connecting power to the switch Use the following procedure to connect power to the switch 1 Plug one end of the supplied power cord into the power connec...

Page 16: ...though 10 100BaseT requires only pins 1 2 3 and 6 you should use cables with all eight wires connected as shown in Table 2 2 below 1000BaseT requires that all four pairs 8 wires be connected correctly...

Page 17: ...ors 10 single mode fiber media up to 120 km 393 701 1000BaseT Category 5 or better Unshielded Twisted Pair UTP cable up to 100 m 328 1 When attaching a workstation to the switch a standard straight th...

Page 18: ...2 Attach a straight through serial cable between the RS232 console port and a COM port on the PC 3 Set up a HyperTerminal or equivalent terminal program in the following manner a Open the HyperTermina...

Page 19: ...le the following appears User Access Verification Password The initial default password for access using either the console or telnet is Asante case sensitive Refer to the following section for settin...

Page 20: ...the virtual terminal lines telnet The default password Asante is assigned only to the virtual terminal line Vty0 Up to three other virtual terminal lines may be created and they each will require a s...

Page 21: ...te Switch config line end Switch write file Write to configuration file memory Write configuration to the file same as write file terminal Write to terminal Switch write file Writing current config to...

Page 22: ...rrently defined encryption types are 0 which means that the text immediately following is not encrypted and 7 which means that the text is encrypted using an encryption algorithm 3 4 2 The password an...

Page 23: ...ation on assigning IP addresses to interfaces 3 5 1 Setting a Default IP Gateway Address To define the default IP gateway for the switch insert a static route Switch config ip default gateway 192 168...

Page 24: ...ternative mutually exclusive elements Square brackets indicate optional elements Braces indicate a required choice Braces within square brackets indicate a required choice within an optional element B...

Page 25: ...e privileged commands set the system configuration parameters privileged access can be password protected to prevent unauthorized use The privileged command set includes those commands contained in us...

Page 26: ...art show Show running system information snmp server SNMP related functions write Write running configuration to memory network or terminal cls Clear screen Important To retain configuration changes a...

Page 27: ...em s network name interface Select an interface to configure ip Global IP configuration subcommands lacp Configure LACP line Configure a terminal line logging Message Logging global configuration comm...

Page 28: ...group Assign a priority queue list to an interface quit Exit current mode and down to previous mode rate limit To configure committed access rate CAR policies show Show running system information shu...

Page 29: ...To access and list the VLAN configuration commands use the command in global configuration mode In the following example a VLAN named myvlan is configured Enter a question mark to list vlan configurat...

Page 30: ...vailable in any command mode for a brief description of the help system Switch help CLI VTY provides advanced help feature When you need help anytime at the command line please press If nothing matche...

Page 31: ...le two further options are listed after the question mark You may enter an optional source wildcard The return symbol cr indicates a return key is needed to enter the command Switch config access list...

Page 32: ...ing the No and Default Forms of Commands Almost every Switch configuration command has an opposite no form that negates or reverses a command In general the no form is used to disable a function that...

Page 33: ...system to complete a partial entry Keystrokes Purpose Enter the first few letters and press Tab Complete a command name If your keyboard does not have a Tab key press Ctrl I instead In the following...

Page 34: ...rn directly to the beginning of the line Return to the beginning of a command line to verify that you have correctly entered a lengthy command Note The arrow keys function only on ANSI compatible term...

Page 35: ...end of the command line Press Ctrl U or Ctrl X Delete all characters from the cursor to the beginning of the command line Press Ctrl W Delete the word to the left of the cursor Press Esc D Delete fro...

Page 36: ...he character to the left of the cursor with the character located at the cursor 4 8 8 Controlling Capitalization You can toggle between uppercase and lowercase letters with simple keystroke sequences...

Page 37: ...commands in privileged mode Use a space and a question mark to display the clock set options Restart the system after configuring the clock by typing reload at the Switch prompt and pressing Enter Swi...

Page 38: ...o test connectivity to remote hosts via their IP addresses Ping sends an echo request packet to an address and listens for a reply The ping request will receive one of the following responses Normal r...

Page 39: ...ly change the configuration by typing commands in a configuration mode Startup configuration files are used during system startup to configure the software Running configuration files contain the curr...

Page 40: ...running config startup config When the startup configuration is in NVRAM it stores the current configuration information in text format as configuration commands recording only non default settings T...

Page 41: ...f copying the startup config for use on the switch Switch copy startup config running config Update merge with current system configuration tftp A B C D filename Copy to tftp file system 41 Asante Int...

Page 42: ...network so that they all have the same configurations The copy tftp running config command loads the configuration files into the switch as if you were typing the commands in at the command line The...

Page 43: ...etwork management operations can reveal network information about any device configured for remote SNMP management Because SNMPv3 requires that both the SNMP manager and agent share a secret authentic...

Page 44: ...ring SNMP on the switch the relationship between the manager and the agent must be defined The SNMP agent gathers data from the MIB which holds the information about device parameters and network data...

Page 45: ...an SNMP agent to an SNMP manager indicating that some event has occurred The SNMP trap operations let you configure the switch to send information to a network management application when a particula...

Page 46: ...ip snmp station move Enable SNMP traps Supported trap types are authentication duplicate ip and station move snmp server trap timeout seconds Define how often to resend trap messages The range is 1 1...

Page 47: ...recalculation of the spanning tree the Forward Time parameter regulates the delay before each port begins transmitting traffic If a port begins forwarding traffic too soon before a new root bridge ha...

Page 48: ...assigned port path cost is the more likely that port will be accessed The default port path cost for a 10 Mbps or 100 Mbps port is the result of the equation Path cost 1000 LAN speed in Mbps Therefor...

Page 49: ...he RSTP selects a new root port it blocks the old root port and immediately transitions the new root port to the forwarding state Point to point links If you connect a port to another port through a p...

Page 50: ...ation command Configuring Port Path Cost Use the following interface mode command to configure port path cost Switch config interface eth1 Switch config if eth1 spanning tree path cost path cost The d...

Page 51: ...he MST region The MST region appears as a single bridge to adjacent single spanning tree SST and MST regions A bridge running MST provides interoperability with single spanning tree bridges as follows...

Page 52: ...to restrict access from one segment to another to increase network security or to reduce traffic To set up VLANs you should specify the ports belonging to the VLAN the set the IP configuration individ...

Page 53: ...D2 53 79 Dynamic eth9 00 00 94 D2 56 EA Self 1 00 0A 27 AE 50 66 Dynamic eth9 1 00 50 FC 94 00 0D Dynamic eth9 The switch uses the information in this table to decide whether a frame should be forwar...

Page 54: ...6 bits to the network field and set the two highest order bits to 1 0 The remaining 16 bits formed the host field The Class C Internet address allocated the highest 24 bits to the network field and se...

Page 55: ...dia address association is stored in an ARP cache for rapid retrieval Then the IP datagram is encapsulated in a link layer frame and sent over the network 6 2 1 Define a Static ARP Cache ARP provides...

Page 56: ...irectly connected multicast switches Switches executing a multicast protocol maintain forwarding tables to forward multicast datagrams Switches use the IGMP to learn whether members of a group are pre...

Page 57: ...the one with the highest IP address The switch is responsible for sending IGMP host query messages to all hosts on the LAN By default the designated switch sends IGMP host query messages every 60 seco...

Page 58: ...cly accessible web server or TCP Use the following sources to identify required traffic The number of instances of applied access lists usually will not exceed 128 due to hardware limitations Review l...

Page 59: ...nnections Explicitly permitted externally sourced traffic destined to protected internal addresses VPN Traffic HTTP to web servers Secure Socket Layer SSL to web servers FTP to FTP servers Inbound FTP...

Page 60: ...rmit Specify packets to forward remark Access list entry comment Switch config access list 1 permit A B C D Source address to match e g 10 0 0 0 any Any source address to match Switch config access li...

Page 61: ...r information such as TCP and UDP protocols In addition to the standard access list parameters listed above an extended access list also uses the following information Access list number 1300 1999 Ide...

Page 62: ...address to match any Any source address to match Switch config access list 101 deny tcp 192 168 123 0 0 0 0 255 A B C D Destination address to match e g 10 0 0 0 host Host address to match any Any des...

Page 63: ...omment show Show running system information write Write running configuration to memory network or terminal Switch config std nacl At the Switch config std nacl prompt you configure the access list pe...

Page 64: ...ing legitimate business traffic Switch config access list 110 permit tcp any any Internet routable established Switch config access list 110 permit udp any range 1 1023 Internet routable subnet gt 102...

Page 65: ...ver eq 80 Switch config access list 110 permit tcp any host public web server eq 443 Switch config access list 110 permit tcp any host public FTP server eq 21 The following example shows explicitly pe...

Page 66: ...vlan mode Enter a new VLAN ID to create a VLAN or enter an existing VLAN ID to modify a VLAN name vlan name Enter a name for the VLAN optional End Return to Enable mode no vlan vid Enter a VLAN ID 2...

Page 67: ...s a member port Repeat the previous step to add additional switchports to VLAN 2 You can also add ports by using the port number command The following example shows adding a port member Switch Switch...

Page 68: ...d This command assigns the interface to the VLAN VID Use the no form of this command to reset the static access VLAN to default VID 1 End Return to Enable mode 7 2 2 Trunk IEEE 802 1q By default a tru...

Page 69: ...vlan list The VLAN list can be a single VLAN or a range of VLANs from 1 4094 Separate the VID numbers by a comma or by a hyphen when listing a range e g 120 158 4090 4094 Use the no form of this comm...

Page 70: ...w The bandwidth allocation is determined by the precedence field in the IP header To enable this feature use the fair queue command in interface configuration mode When you enable flow based WFQ the f...

Page 71: ...out on interface 15 to have a medium priority Defining the access list Switch config access list 1 permit 192 203 54 56 Defining the priority list Switch config priority list 2 protocol ip medium lis...

Page 72: ...shape interface name Displays the current traffic shaping configuration 8 4 4 Generic Traffic Shaping Example This example configures that the DNS traffic to eth13 have maximum bandwidth of 50M Defini...

Page 73: ...list and limiting the rate of the access list on the interface to 200M Switch config inter eth1 Switch config if eth1 rate limit input 100000000 Switch config if eth1 access list 1 permit 192 203 56 1...

Page 74: ...nfig ip http server At your web browser enter the IP address for the switch to launch the GUI The following example shows the main screen for the IntraCore IC36240 9 1 Main Configuration Menu Use the...

Page 75: ...Front Panel and the General Information screens 9 2 1 Front Panel Information Screen Use this section to access general information about the switch the state of each port the link status the type of...

Page 76: ...outed This section describes how to configure the Internet Protocol IP A number of tasks are associated with configuring IP A basic and required task for configuring IP is to assign IP addresses to ne...

Page 77: ...ual way of assigning IP addresses uses the prefixes of 8 16 or 24 bits Using prefixes of 13 to 27 bits an address includes the standard 32 bit IP address and adds information on how many bits are used...

Page 78: ...ck on the port number on the left side of the screen The following example shows the Port Configuration screen Click on the port ID hyperlink to configure a specific port 9 3 1 Individual Port Configu...

Page 79: ...rt to use for diagnostic and management activities b Auto Negotiation enable or disable enabling this feature makes it possible for the switch to automatically negotiate the fastest speed for transfer...

Page 80: ...f the screen and press Go Select port number Press go You can set how the system updates the statistics about the selected port you selecting Auto or Manual and press Refresh Use the scroll bar on the...

Page 81: ...acket passing cycle This in turn causes a great amount of extra network traffic leading to network downtime The STP reduces a network traffic with multiple redundant connections to one in which all po...

Page 82: ...delay information Use the right side of the screen to enable or disable Global STP Status change the bridge priority bridge hello time bridge maximum age and bridge forward delay The following exampl...

Page 83: ...nfigure spanning tree click on the STP Port Configuration hyperlink Use the scroll bar on the right side of the screen to view additional ports The following example shows setting port 7 priority to 9...

Page 84: ...lay 15 seconds Using multiple spanning trees allow VLAN groups to maintain a stable path between all VLAN members This reduces the overall amount of protocol traffic crossing the network and provides...

Page 85: ...onfiguration screen click on the SNMP button on the left side of the screen The following example shows assigning an IP address to a specific community 1 Type public in the SMNP Read Community text bo...

Page 86: ...results either IP or MAC The display is sorted by IP address The switch uses the information in this table to decide whether a frame should be forwarded to a particular destination port or flooded to...

Page 87: ...The following example shows the Address Table screen Click on the port number to filter the display and show the address table for a specific port 87 Asante IntraCore IC36240 User s Manual...

Page 88: ...le by IP address click the Sort by IP button The table is now sorted numerically by IP address The MAC Address Table is a table of node addresses that the switch automatically builds by learning It pe...

Page 89: ...as a physical LAN but allow you to group end stations even if they are not located physically on the same LAN segment VLANs are usually associated with IP subnetworks For example all the end stations...

Page 90: ...ic the port carries and the number of VLANs allowed on that port There are two membership modes Static A static access port can belong to one VLAN and is manually assigned to that VLAN Trunk By defaul...

Page 91: ...ecurity or to reduce traffic To set up VLANs you should specify the ports belonging to the VLAN the set the IP configuration individual access map associated with a set of VLANs and enable tagging Onc...

Page 92: ...on their directly attached sub nets Hosts join multicast groups by sending IGMP report messages IGMP uses group addresses which are Class D IP addresses The high order four bits of a Class D address a...

Page 93: ...rmation To enable or disable IGMP on a specific VLAN by entering the VLAN ID number selecting the desired state and clicking apply Click on the VLAN ID number access the advanced IGMP configuration sc...

Page 94: ...itches continue to periodically send host query messages to refresh their knowledge of memberships present on their networks If after some number of queries the switch software discovers that no local...

Page 95: ...an http server This feature provides the flexibility of the CLI with the usability of the GUI You can set the clock ping the system and show the running configuration To access the Web CLI Screen clic...

Page 96: ...witch using the time you specify This operation takes a few minutes to complete View the changes using the General Information menu or the show system clock command in the Web CLI menu From this menu...

Page 97: ...After you set the desired date and time click apply 9 11 Save Click on Save to automatically retain any configuration changes you made 97 Asante IntraCore IC36240 User s Manual...

Page 98: ...the cable connections Make sure the connectors are seated correctly in each port and that the correct type of cable is used in each port See Chapter 2 6 Connecting to the Network for more information...

Page 99: ...1 RU height Mounting Install into a standard 19 rack or place on a desktop rackmount kit included Environmental Range Operating Temperature 32 to 104 F 0 to 40 C Relative Humidity 5 to 95 non condensi...

Page 100: ...TP 4 pairs max 328 100 m IEEE 802 3u 100BaseTX over Category 5 UTP 2 pairs max 328 100 m IEEE 802 3 10BaseT over Category 3 UTP 2 pairs max 328 100 m IETF RFC 1155 SMI RFC 1157 SNMP RFC 1212 1213 1215...

Page 101: ...t should never be placed near or over a radiator or heat register This product should not be placed in a built in installation unless proper ventilation is provided 8 This product should be operated f...

Page 102: ...ing parts or supplies not received from Asante c unauthorized modification or misuse d operation outside of the published environmental specifications for the product or e improper site preparation or...

Page 103: ...x D Online Warranty Registration Please register this product online at http www asante com support supRegistration asp or by filling out and mailing the card below 103 Asante IntraCore IC36240 User s...

Page 104: ...a partial command 33 deleting entries 35 global configuration mode 26 GUI 95 history 32 interface configuration mode 28 lines that wrap 34 moving around 33 privileged top mode 25 redisplaying current...

Page 105: ...NMP Configuration GUI 84 spanning tree 28 46 81 spanning tree GUI 82 83 terminal 39 traffic shaping access list 72 traffic shaping interface 72 VLAN 29 52 89 weighted fair queuing 70 Connecting consol...

Page 106: ...ency power supply 14 hardware 12 into rack 13 mini GBIC 14 IP address tables 86 assign addresses 54 76 configuration 54 76 GUI 86 http server command 74 multicast configuration 56 range 54 76 LED acti...

Page 107: ...port 50 enabling 49 link type 50 port path cost 50 port priority 50 Rate Limit configuring 72 examples 72 Requirements airflow 13 environment 13 power 13 tools 13 Safety guidelines 12 Security levels...

Page 108: ...8 priority 47 Syslog 38 Traffic Shaping example 72 monitoring 72 overview 71 Troubleshooting 98 VLAN configuration 52 configuration GUI 89 create 66 delete 67 group information screen 90 port membersh...

Reviews:

No comments

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands