Black Box LE2425A Software User'S Manual Download Page 118 | Manualshive

Page: 118 / 143

background image

MNS-BB

Software User Guide

-107-

21.3 Protocol

Operation

Communication between a supplicant and authenticator is via EAPOL (EAP over LAN).
Authenticator and authentication server communicate using EAP over RADIUS. The ff. illustrations
show the protocol involved between 802.1x entities.

Figure 2. 802.1x Protocol

EAP, short for Extensible Authentication Protocol, is an authentication framework which supports
multiple authentication methods. EAP typically runs directly over data link layers such as PPP or
IEEE 802, without requiring IP.
EAP over LAN or EAPOL encapsulates EAP packets onto 802 frames with a few extensions to
handle 802 characteristics. EAP over RADIUS encapsulates EAP packets onto RADIUS packets for
relaying to RADIUS authentication servers.
Figure 3 below shows the protocol conversation and flow between a supplicant, an authenticator and
an authentication server.

Figure 3. Protocol Conversation

The illustration above is described on the following steps:

1.

The supplicant (laptop/host) is initially blocked from accessing network services. For
example, the laptop user can access the switch management services as well as access other
hosts and their services in the network. The supplicant wanting to access these services starts
with an EAPOL-Start frame.

«
...
116
117
118
119
120
...
»

Summary of Contents for LE2425A

Page 1: ...hours 7 A M Monday to midnight Friday 877 877 BBOX FREE technical support 24 hours a day 7 days a week Call 724 746 5500 or fax 724 746 0746 Mail order Black Box Corporation 1000 Park Drive Lawrence...

Page 2: ...LE2425A LEV2525A Switch Software User Guide MNS BB...

Page 3: ...and Web Interface for LE2425A and LEV2525A Switches If you need information on a specific command in the CLI type the command name after you type the word help help command or just type command Enter...

Page 4: ...in a commercial environment Operation of this equipment in a residential area is likely to cause interference in which case the user at his own expense will be required to take whatever measures may b...

Page 5: ...a su uso La colocaci n del aparato el ctrico sobre una cama sof alfombra o superficie similar puede bloquea la ventilaci n no se debe colocar en libreros o gabinetes que impidan el flujo de aire por l...

Page 6: ...cable de poder o el contacto ha sido da ado u B Objectos han ca do o l quido ha sido derramado dentro del aparato o C El aparato ha sido expuesto a la lluvia o D El aparato parece no operar normalment...

Page 7: ...WEB INTERFACE 10 4 1 Overview 10 4 2 General Features 10 4 3 Session with the Switch 11 4 4 User Management 12 4 4 1 To set the passwords 12 4 5 Status Reporting Features 13 4 5 1 The Device View 13...

Page 8: ...AGERS TO PROTECT AGAINST UNAUTHORIZED ACCESS 32 7 1 Authorized IP Manager Features 32 7 2 Access Levels 32 7 2 1 Authorizing Single Stations 32 7 2 2 Authorizing Multiple Stations 32 7 3 Overview of I...

Page 9: ...iffServ 55 11 5 PQ Priority Queuing 56 11 6 QoS Management 56 11 7 QoS on Ethernet 57 11 8 CLI 57 11 8 1 To set the QoS type on the switch 57 11 8 2 Functions of QoS settings 57 11 9 To tag untagged p...

Page 10: ...15 4 2 Displaying the Configuration for a Particular VLAN 84 15 5 Creating a New Static VLAN 84 15 5 1 Changing the VLAN Context Level 84 15 6 Effect of VLANs on Other Switch Features 85 15 6 1 VLAN...

Page 11: ...20 22 7 Web View and Configure 802 1x 121 23 0 TROUBLESHOOTING 122 23 1 Overview 122 23 2 Troubleshooting Approaches 122 23 3 Console Access Problems 122 23 4 Unusual Network Activity 122 23 5 General...

Page 12: ...atible with your network Also you should change the Manager password to control access privileges from the console The default password is manager for the Manager user and operator for the Operator us...

Page 13: ...tion Y or N The switch is now configured with a Manager Password IP address and subnet mask and can be accessed through the Console Telnet Web or an SNMP based network management tools Here is some in...

Page 14: ...interface a switch interface offering status information and a subset of switch commands through a standard web browser such as Netscape Navigator or Microsoft Internet Explorer This manual describes...

Page 15: ...termining available options and variables 2 4 CLI Usage To perform specific procedures such as configuring IP addressing or VLAN or any other module To monitor and analyze switch operations 2 5 Advant...

Page 16: ...e following privilege levels to prevent unauthorized access to the switch Operator Manager When you use the CLI mode to make a configuration change the switch writes the changes to the Running Configu...

Page 17: ...or prompt LE2425A _ The Manager prompt Global Configuration level Provides all Operator and Manager level privileges and enables you to make configuration changes to any of the switch s software featu...

Page 18: ...ailable at both the Operator and Manager levels Privilege Level Example of Prompt and Permitted Operations 3 5 1 Operator Privilege View status and configuration information Perform connectivity tests...

Page 19: ...mand usage of specific commands 3 5 5 Displaying Help for an Individual Command You can display Help for any command that is available at the current context level by typing help then entering enough...

Page 20: ...Syntax TAB Or Command string TAB Or First character of the command TAB For example TAB will list the available commands in the particular privilege level LE2425A TAB clear enable exit help logout pin...

Page 21: ...tarting a web browser interface session Tasks for your first web browser interface session Creating usernames and passwords in the web browser interface Getting access to online help for the web brows...

Page 22: ...Session with the Switch 1 You can start a web browser session using a standalone web browser on a network connection from a PC or UNIX workstation Directly connected to your network Connected through...

Page 23: ...d write access to the web browser interface To Set the Device Passwords Window 4 4 1 To set the passwords 1 Go to Administration User Management 2 Click in the appropriate box in the Passwords window...

Page 24: ...Help is available for the web browser interface You can use it by clicking on the Help button in the navigation bar of the web browser interface screens Context sensitive help is provided with in the...

Page 25: ...k activity on each port The following figure shows a sample reading of the Port Utilization and Port Status 4 5 3 Port Utilization The Port Utilization bar graphs show the network traffic on the port...

Page 26: ...other end may be powered off or inoperable or the cable or connected device could be faulty Port Disabled the port has been configured as disabled through the web browser interface the switch console...

Page 27: ...hort narrative statement that describes the event For example Vlan with this Vlan name already exists Sorting the Alert Log Entries The alerts are sorted by default by the Date Time field with the mos...

Page 28: ...will auto configure the IP Refer to DHCP Bootp Operation for information on setting up automatic configuration from a server For information on how IP addressing affects switch performance refer to Ho...

Page 29: ...rily leased from the DHCP Periodically the switch may be required to renew its lease of the IP configuration Thus the IP addressing provided by the server may be different each time the switch reboots...

Page 30: ...into an appropriate Bootp server The necessary network connections are in place The Bootp server is accessible from the switch 5 3 7 Globally Assigned IP Network Addresses If you intend to connect yo...

Page 31: ...eeds are handled by a telnet server program running on the remote computer It should be emphasized that the telnet server can pass on the data it has received from the client to many other types of pr...

Page 32: ...le s set successfully For more details see chapter SNMP 5 7 Configure the Date and Time The switch uses the date command to configure the date Note that the CLI uses either a 12 or 24 hour clock schem...

Page 33: ...time when daylight saving time shifts occur Syntax set timezone GMT or hour 0 14 min 0 59 set timeformat format 12 24 set daylight country country name Note For more details please read Appendix A 5...

Page 34: ...aveconf 2 Erase current configuration Command kill config 3 Hard boot the switch to get the factory default configuration 5 9 Web Configuring IP Addressing You can use the web browser interface to acc...

Page 35: ...the level of access to the console interface will be determined by which password is entered in response to the prompt The manager and operator passwords control access to the CLI Note Passwords are...

Page 36: ...of a detected attempted security violation to a network management station and disables the port Note There is a limitation of 200 MAC addresses per port and 500 MAC addresses per Switch for Port Sec...

Page 37: ...enable disable LE2425A port security ps enable This command enables the port security and switch is now ready to learn the MAC addresses To See the Authorized Devices Syntax show port security LE2425...

Page 38: ...list range type none disable drop User can set the action type none disable or drop for un authorized devices for secured ports LE2425A port security action port 11 drop Port security Action type set...

Page 39: ...44 AM PS INTRUDER 00 02 b3 64 d8 cf port17 packet dropped A 01 01 2001 12 05 44 AM PS INTRUDER 00 e0 29 09 5d be port17 packet dropped A 01 01 2001 12 05 48 AM PS INTRUDER 00 02 b3 08 d2 22 port17 pac...

Page 40: ...server s identity SSL enabled client software can use standard techniques of public key cryptography to check that a server s certificate and public ID are valid and have been issued by a certificate...

Page 41: ...eloped for RSA Data Security RSA A public key algorithm for both encryption and authentication RSA key exchange A key exchange algorithm for SSL based on the RSA algorithm SHA 1 Secure Hash Algorithm...

Page 42: ...access ssl enable SSL is enabled To see the status of SSL and Web Syntax show ssl LE2425A show ssl SSL TLS is enabled Syntax show web LE2425A show web HTTP is enabled Current HTTP type is secure If S...

Page 43: ...the Authorized Managers feature 7 2 2 Authorizing Multiple Stations The table entry uses the IP Mask to authorize access to the switch from a defined group of stations This is useful if you want to e...

Page 44: ...mask also as shown below Syntax deny ip ipaddress mask netmask service name list LE2425A access deny ip 10 28 227 101 mask 255 255 255 0 service telnet To Edit an Existing Access Entry To change the m...

Page 45: ...55 If a bit in an octet of the mask is on set to 1 then the corresponding bit in the IP address of a potentially authorized station must match the same bit in the IP address you entered in the Authori...

Page 46: ...o eliminate a web proxy server from the path between a station and the switch Even if you need proxy server access enabled in order to use other applications you can still eliminate proxy service for...

Page 47: ...raffic monitoring and network activity analysis tools 8 2 SNMP v1 v2 and v3 LE2425A and LEV2525A switches support all three versions of SNMP viz SNMP v1 v2 and v3 User can switch between version 1 and...

Page 48: ...details Blackbox Proprietary MIB 8 5 Configuring for SNMP Access to the Switch SNMP access requires an IP address and subnet mask configured on the switch In other words Network stacks should be confi...

Page 49: ...ot specify restricted or unrestricted for the read write MIB access the switch automatically restricts the community to read access for the MIB 8 7 1 Adding SNMP Communities in the Switch The followin...

Page 50: ...he network The security features provided in SNMPv3 are Message integrity Ensuring that a packet has not been tampered with in transit Authentication Determining the message is from a valid source Enc...

Page 51: ...enticating and encrypting SNMPv3 packets are generated as a function of the authoritative SNMP engine s engine ID and user passwords When an SNMP message expects a response for example get exact get n...

Page 52: ...NMP users that belong to a common SNMP list that defines an access policy in which object identification numbers OIDs are both read accessible and write accessible Users belonging to a particular SNMP...

Page 53: ...port SNMPv1 access If all the agent supports v1 v2c and v3 SNMP accesses Note By default SNMPv1 is enabled LE2425A set snmp type v1 LE2425A show snmp SNMP CONFIGURATION INFORMATION SNMP Get Community...

Page 54: ...on done default VACM enabled Syntax engineid string string The agent has to have an engineID to be able to respond to SNMPv3 messages The default engine ID value is 6K_v3Engine This command allows the...

Page 55: ...ap add id 1 type v1 host 10 21 1 100 Entry is added successfully Syntax show trap id id This commands shows the configured trap stations in tabular format id optional the trap entry number in the tabl...

Page 56: ...d this shows a specific entry LE2425A snmpv3 show group ID Group Name Sec Model Com2Sec ID 1 v1 v1 1 2 3 4 5 6 7 8 9 10 LE2425A snmpv3 show group id 1 Group ID 1 Group Name v1 Model v1 Com2Sec ID 1 Sy...

Page 57: ...om group security model security level to a view A user can add up to 10 access entries LE2425A snmpv3 access add id 1 accessname v1 model v1 level noauth read 1 write none notify none Entry is added...

Page 58: ...d Ethernet Statistics Group maintains utilization and error statistics for the switch port being monitored History Group gathers and stores periodic statistical samples from previous Statistics Group...

Page 59: ...lyzer can be attached 9 2 1 CLI Configuring Port Monitoring You must use the following configuration sequence to configure port monitoring in the CLI 1 Assign a monitoring mirroring or sniffer port 2...

Page 60: ...assigns the monitor and sniffer ports 9 3 Limitation One port can monitor at a time Source port and sniffer port must be the members of the same VLAN 9 4 Web Viewing Port Monitor status In the web br...

Page 61: ...data transfer operation setting 10 100Base T ports Auto default Senses speed and negotiates with the port at the other end of the link for data transfer operation half duplex or full duplex Note Ensu...

Page 62: ...packets and drops received flow control packets Enabled The port uses 802 3x Link Layer Flow Control generates flow control packets and processes received flow control packets With the port mode set...

Page 63: ...is Auto negotiation Enabled Before changing the port setting of a copper port you have to Disable the Auto negotiation LE2425A device setport port 1 4 7 speed 100 duplex full Similarly to configure a...

Page 64: ...storms on each interface Port A network administrator can set the maximum number of broadcast frames Threshold value that are permitted from a particular interface every second If that maximum number...

Page 65: ...the packet storm you need to set up the threshold value Threshold value should be less than the current rate LE2425A Device rate threshold port 20 rate 3500 LE2425A Device show broadcast protect PORT...

Page 66: ...ighest The LE2425A and LEV2525A switches have two priority queues 1 low and 0 high When a tagged packet enters a switch port the switch responds by placing the packet into one of the two queues 11 3 I...

Page 67: ...xample IP IPX or AppleTalk incoming interface packet size source destination address and so on In PQ each packet is placed in one of two queues high or low based on an assigned priority Packets that a...

Page 68: ...Port QOS b Tag QOS c Tos QOS Layer 3 d None Note Not all packets received on a port have high priority IGMP and BPDU packets have high priority by default 11 8 2 Functions of QoS settings Port QOS If...

Page 69: ...traffic with an IP Precedence field value of 7 gets a lower weight than traffic with an IP Precedence field value of 3 and thus has priority in the transmit order Syntax set weight weight 0 7 Once you...

Page 70: ...ority queue All tagged frames will be directed to either the low or high priority queue as specified 11 9 To tag untagged packets When a packet is received untagged and has to be transmitted with an a...

Page 71: ...nfiguration 2 Click on QoS 3 Click on Modify 4 After you make the desired changes click on OK button 5 Click Save to save the configuration 12 0 IGMP 12 1 Overview In a network where IP multicast traf...

Page 72: ...also function as the querier If you need to disable the querier feature you can do so through the IGMP configuration MIB Refer to Changing the Querier Configuration Setting 12 3 IGMP Operating Feature...

Page 73: ...by a host to the querier to indicate that the host has ceased to be a member of a specific multicast group Thus IGMP identifies members of a multicast group within a subnet and allows IGMP configured...

Page 74: ...tches 3 and 4 Either of these switches can operate as querier because a multicast router is not present on the network If an IGMP switch does not detect a querier it automatically assumes this role as...

Page 75: ...f 224 0 0 0 to 224 0 0 255 will always be flooded because addresses in this range are well known or reserved addresses Thus if IP Multicast is enabled and there is an IP multicast group within the res...

Page 76: ...the command show group in IGMP command context will show the multicast groups being snooped For example LE2425A igmp show group The GroupIp column shows the multicast groups PortNo shows the port wher...

Page 77: ...mp show igmp IGMP State Enabled ImmediateLeave Disabled Querier Enabled Querier Interval 125 Querier Response Interval 10 LE2425A igmp set querier disable IGMP querier status is disabled LE2425A igmp...

Page 78: ...te Enabled ImmediateLeave Disabled Querier Disabled Querier Interval 125 Querier Response Interval 11 Every port can be individually set to three different IGMP modes please see section Showing IGMP P...

Page 79: ...e The default mode is Auto 12 15 Web Configure and View In the web browser interface 1 Click on the Configuration 2 Click on IGMP 3 Click on Information 4 Click on Modify button 5 After you make the d...

Page 80: ...ty 32768 max age 20 s hello time 2 s fwd delay 15 s reconfiguring per port STP path cost var priority 128 mode norm monitoring STP n a In the factory default configuration STP is off If a redundant li...

Page 81: ...st This field indicates the root ports path cost A path cost is assigned to individual ports for the switch to determine which ports are the forwarding points A higher cost means more loops a lower co...

Page 82: ...tion against redundant loops that can significantly slow or halt a network Go to STP configuration mode to configure STP Syntax stp enter LE2425A stp enter LE2425A stp To enable disable STP Syntax stp...

Page 83: ...between the learning state to the forwarding state Syntax to set the above mentioned parameters priority port number list range value 0 255 0 65535 cost port number list range value 0 65535 time forwa...

Page 84: ...ation Spanning Tree Enabled Global YES Spanning Tree Enabled Ports NO Bridge Priority 32768 Bridge Forward Delay 15 Bridge Hello Time 2 Bridge Max Age 20 Root Port 0 Root Path Cost 0 Designated Root 8...

Page 85: ...1 Root Path Cost 100 Designated Root 80 00 00 01 96 ed a7 80 Designated Root Priority 32768 Root Bridge Forward Delay 15 Root Bridge Hello Time 2 Root Bridge Max Age 20 LE2425A stp priority value 6553...

Page 86: ...1 96 ed a7 80 80 20 02 TP 10 100 128 100 Disabled ff ff 00 20 06 25 00 62 80 02 03 TP 10 100 128 100 Disabled ff ff 00 20 06 25 00 62 80 03 04 TP 10 100 128 100 Disabled ff ff 00 20 06 25 00 62 80 04...

Page 87: ...s effective it requires that frame transfer must halt after a link outage until all bridges in the network are sure to be aware of the new topology Using the Spanning Tree Protocol IEEE 802 1d recomme...

Page 88: ...the switch ports are connected to switches or bridges on your network that do not support RSTP RSTP can still be used on this switch RSTP automatically detects when the switch ports are connected to n...

Page 89: ...14 7 1 Main Context Commands Switch between STP and RSTP Syntax set stp type stp rstp LE2425A set stp type rstp This command sets the current STP to either STP or RSTP To see the active STP STP or RST...

Page 90: ...stp This command sets the stp or RSTP compatibility mode Syntax show forceversion User can see the current forced version using this command LE2425A rstp show forceversion Force Version Normal RSTP To...

Page 91: ...e connected to end nodes During spanning tree establishment these ports transition immediately to the Forwarding state Disable this feature on all switch ports that are connected to another switch or...

Page 92: ...ts are not running at full duplex All connections to hubs are not full duplex You can also set this parameter to ON such as to another switch or bridge or to an end node force true This parameter shou...

Page 93: ...n external router is required to enable separate VLANs on a switch to communicate with each other 15 2 VLAN Support and the Default VLAN In the factory default configuration VLAN support is enabled an...

Page 94: ...one type of VLAN at a time The user has to set the VLAN type before configuration Steps To set the type of Vlan that you are going to use Syntax set vlan type port tag none LE2425A set vlan type port...

Page 95: ...the VID to identify and display the data for a specific static VLAN Syntax show vlan type port id vlanid LE2425A show vlan type port id 2 VLAN ID 2 Name Engg Status Active PORT STATUS 9 UP 10 DOWN 11...

Page 96: ...the default VLAN DEFAULT VLAN VID 1 Before you can delete a VLAN you can optionally re assign all ports in the VLAN to another VLAN Ports that are members of other VLANs will retain these memberships...

Page 97: ...red changes click on OK button 6 Click Save to save the configuration For web based Help on how to use the web browser interface screen click on the Help button provided on the web browser screen 16 0...

Page 98: ...assignment where the port is connected to a non 802 1Q compliant device or is assigned to only one VLAN Use the Tagged designation on at least one of the VLAN s when the port is assigned to more than...

Page 99: ...ng and port membership the system determines the details of VLAN operation by observing two main types of rules Ingress rules Assign an incoming frame to a specific VLAN Egress rules Use standard brid...

Page 100: ...lan type tag Than go to Vlan configuration mode by typing LE2425A vlan type tag To add a TAG based VLAN we use the following command LE2425A tag vlan add id vlan Id name vlan name port number list ran...

Page 101: ...ee the list of VLAN s use the following command LE2425A tag vlan show vlan type port tag mac id vlanid where type is the type of VLAN here it has to be tag Id is optional and is used to see informatio...

Page 102: ...ng id number status tagged untagged will define the outgoing packets from a port will be tagged or untagged This definition is on a per VLAN basis For example the command set port port 1 tagging id 10...

Page 103: ...own list 6 After you make the desired changes click on OK button 7 Click Save to save the configuration This menu also gives the facility to configure Ingress and Egress rules by clicking Ingress or E...

Page 104: ...tatic VLANs on the same ports as either Tagged Forbid Forbid option described under Per Port Options for Dynamic VLAN Advertising and Joining 17 2 General Operation A GVRP enabled port with a Tagged o...

Page 105: ...port then dynamically create a VLAN with the same VID as in the advertisement and begin moving that VLAN s traffic If the switch already has a static VLAN assignment with the same VID as in the adver...

Page 106: ...rt Options for Dynamic VLAN Advertising and Joining Initiating Advertisements As described in the preceding section to enable dynamic joins GVRP must be enabled and a port must be configured to Learn...

Page 107: ...eceive them from other devices that is the port cannot dynamically join a VLAN but other devices can dynamically join the VLANs it advertises Prevent a port from sending dynamic VLAN advertisements fo...

Page 108: ...gure the static VLANs on the switch es where they are needed along with the per VLAN parameters Tagged Untagged and Forbid see table on the appropriate ports 7 Dynamic VLANs will then appear automatic...

Page 109: ...n IP address Converting a dynamic VLAN to a static VLAN and then executing the save command saves the VLAN in the startup config file and makes it a permanent part of the switch s VLAN configuration W...

Page 110: ...nfigure GVRP Parameters In the web browser interface 1 Click on the Configuration 2 Click on Vlan 3 Click on GVRP 4 Click on toggle button to enable or disable GVRP 5 After you make the desired change...

Page 111: ...ftware CLI command The factory default setting is off disabled The ports on which this capability is to be enabled are entered through a CLI command 18 1 CLI Link Loss Learn LLL commands are available...

Page 112: ...Alarm MOMENTARY 9 Intruder Alarm MOMENTARY 10 Link Loss Learn Triggered MOMENTARY 11 Broadcast Storm Detected MOMENTARY 12 STP RSTP Reconfigured MOMENTARY Note For System event Log please read the ch...

Page 113: ...8 Intruder Alarm NOT ENABLED 9 Link Loss Learn Triggered NOT ENABLED 10 Broadcast Storm Detected NOT ENABLED 11 STP RSTP Reconfigured NOT ENABLED If you enable the Alarm system and add event Ids then...

Page 114: ...egory happens Send email alert according to the configuration rules when a specific trap SNMP trap category happens Provide configuration and customization commands for users to specify SMTP server to...

Page 115: ...ient none no event will be sent to recipient or a combination of I informational A activity C critical F fatal and D debug event ACF means that events of severity types activity critical and fatal wil...

Page 116: ...s SMTP alert enable disable mandatory Enables or disables SMTP alert Here is an example of email alert THIS IS A GENERATED E MAIL ALERT COMING FROM AN LE2425A and LEV2525A SWITCH PLEASE DO NOT REPLY A...

Page 117: ...e following the protocol between devices desiring access to the bridged LAN and devices providing access to the bridged LAN the requirements for a protocol between the authenticator and an authenticat...

Page 118: ...P over LAN or EAPOL encapsulates EAP packets onto 802 frames with a few extensions to handle 802 characteristics EAP over RADIUS encapsulates EAP packets onto RADIUS packets for relaying to RADIUS aut...

Page 119: ...have the necessary credentials a RADIUS Access Deny packet is sent back and relayed to the supplicant as an EAP Failure frame The MNS BB Software implements the 802 1x authenticator It fully conforms...

Page 120: ...horized 12 Enabled Auto Deasserted Unauthorized 13 Enabled Auto Deasserted Unauthorized 14 Enabled Auto Deasserted Unauthorized 15 Enabled Auto Deasserted Unauthorized 16 Enabled Auto Deasserted Unaut...

Page 121: ...zed 17 Enabled Auto Deasserted Unauthorized 18 19 20 21 22 23 24 25 Enabled Auto Deasserted Unauthorized Port not available LE2425A auth auth disable 802 1X Authenticator is disabled Authserver This c...

Page 122: ...from 1 to 10 LE2425A auth backend port 2 supptimeout 45 servertimeout 60 maxreq 5 Successfully set backend server authentication parameter s LE2425A auth show port backend Port Supp Timeout Server Ti...

Page 123: ...60 2 30 8 60 2 30 9 60 2 30 10 60 2 30 11 60 2 30 12 60 2 30 13 60 2 30 14 60 2 30 15 60 2 30 16 60 2 30 17 60 2 30 18 19 20 21 22 23 24 25 60 2 30 Port not available reauth This command configures ho...

Page 124: ...force authorized or force unauthorized When auto is used the authenticator and supplication goes through the normal authentication cycle When force authorized the supplicant connected to this port is...

Page 125: ...ed 18 19 20 21 22 23 24 25 Enabled Auto Deasserted Unauthorized Port not available show port This command shows port related configuration information Syntax show port access backend reauth port num l...

Page 126: ...2 30 30 2 13 30 30 2 14 30 30 2 15 30 30 2 16 30 30 2 17 30 30 2 18 19 20 21 22 23 24 25 30 30 2 Port not available LE2425A auth show port reauth Port Reauth Status Reauth Period sec 1 Enabled 3600 2...

Page 127: ...EapLogoffWhileAuthenticated 0 backendResponses 5 backendAccessChallenges 2 backendOtherRequestsToSupplicant 0 backendNonNakResponsesFromSupplicant 2 backendAuthSuccesses 2 backendAuthFails 0 trigger r...

Page 128: ...ontrol protocol TCP offers a connection oriented transport while UDP offers best effort delivery 22 3 Overview TACACS improves on TACACS and XTACACS by separating the functions of authentication autho...

Page 129: ...nfigured to connect to two TACACS servers in the network Note Each LE2425A or LEV2525A switches can be configured to connect to up to five TACACS servers Whether through serial console or telnet a use...

Page 130: ...e is authorization where it is determined whether the user has operator or manager access Logout State User inputs name and password Is User in Local User List YES Is User Manager YES Login State as M...

Page 131: ...ication TAC_PLUS_AUTHOR 0x02 Authorization TAC_PLUS_ACCT 0x03 Accounting Sequence number The sequence number of the current packet for the current session Flags This field contains various flags in th...

Page 132: ...le or disable packet encryption key optional for add when encryption is enabled the secret shared key string must be supplied LE2425A user tacserver add id 2 ip 10 21 1 123 encrypt enable key secret T...

Page 133: ...f the LED behavior and information on using the LEDs for trouble shooting Check the network topology installation See the Hardware User Guide shipped with the Switch for topology information Check cab...

Page 134: ...as a tool for isolating problems Each Event Log entry is composed of four fields Severity Date Time Description Severity is one of the following levels I Information indicates routine events A Activi...

Page 135: ...ne I VLAN Pvlan port based vlan started I VLAN Pvlan default vlan is modified I VLAN Tvlan Tag based vlan started I TCP IP Failed to initialize the interface x F BRIDGE Bridge init failed for ethx F B...

Page 136: ...o valid I RMON Event entry X is set to invalid I RMON Alarm entry X is set to valid I RMON Alarm entry X is set to invalid I RMON Alarm internal error unable to get memory F RMON Alarm internal error...

Page 137: ...y Color Scheme Severity is one of the following levels with different color I Information White A Activity Blue D Debug Black C Critical Orange F Fatal Red Logged Events View 23 8 Diagnostic Tools 23...

Page 138: ...15ms 192 168 1 10 is alive time 15ms You can do any combination of the above IP address count and timeout commands To halt a ping test before it concludes press Ctrl C 23 9 CLI Administrative and Trou...

Page 139: ...the first Sunday on or after October 25th End DST at 2am the first Sunday on or after March 1st Western Europe Begin DST at 2am the first Sunday on or after March 23rd End DST at 2am the first Sunday...

Page 140: ...r of the unit as shown in Fig 1 0 to a serial port of a Desktop PC operating as a console terminal Note The DB 9 Null Modem connecting cable is required for the connection It is not supplied along wit...

Page 141: ...m will abort back to the boot prompt NOTE Please do not interrupt the LE2425A or LEV2525A unit or the Desktop PC during the download process If for any reason the download is not complete please follo...

Page 142: ...file Name user username pass password Boot Code Upgrade Boot code upgrade is a part of software upgrade Once the software upgrade done it checks for the boot code If there is an old boot code softwar...

Page 143: ...BB Software User Guide 132 Corporate Headquarters Black Box Corporation 1000 Park Drive Lawrence PA 15055 USA Phone 724 746 5500 Fax 724 746 0746 Web http www blackbox com Email techsupport blackbox...

Reviews:

No comments

Related manuals for LE2425A

Brand: 3Com Pages: 128

Brand: 3Com Pages: 2

Brand: 3Com Pages: 422

3CR16708-91 - OfficeConnect Managed Switch 9

Brand: 3Com Pages: 4

Brand: 3Com Pages: 5

Brand: 3Com Pages: 30

Brand: 3Com Pages: 36

Brand: 3Com Pages: 4

Baseline 2226-PWR Plus

Brand: 3Com Pages: 77

Brand: 3Com Pages: 570

OfficeConnect WX1200

Brand: 3Com Pages: 28

Baseline 2226-PWR Plus

Brand: 3Com Pages: 4

CoreBuilder 6000

Brand: 3Com Pages: 31

Baseline 2226 Plus

Brand: 3Com Pages: 4

Brand: OEZ Pages: 5

Brand: SMC Networks Pages: 102

Brand: Adler Pages: 8

PowerSwitch Z9332F-ON

Brand: Dell EMC Pages: 16

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands