manualshive.com logo in svg

Enterasys Matrix E6 5G102-06-G, User Manual

The Enterasys Matrix E6 5G102-06-G is a high-performance switching device designed for fast and secure networking. Make the most out of your investment by downloading the free User Manual from manualshive.com, providing you with all the necessary information to optimize your network infrastructure.

Share
Download
background image

Overview of Security Methods

9-6

Security Menu Screens

To support multiple access levels per user name, it involves sending back a different “FilterID” 
attribute using some server feature to differentiate between the same user name with different 
prefixes/suffixes. For example, “username@engineering” and “username@home” could each 
return different access levels. 

Only one password is allowed per access level. This enables the Radius Server to track the users 
accessing the switch host and how long they used the host application. 

All radius values, except the server IPs and shared secrets, are assigned reasonable default values 
when radius is installed on a new switch. The defaults are as follows:

Client, disabled

Timeout, 5 seconds

Retry,  4

Primary and secondary Authentication ports: 1812 (per RFC 2865)

Last-resort for local and remote is challenge

If only one server is configured, it must be the primary server. It is not necessary to reboot after the 
client is reconfigured.

The client cannot be enabled unless the primary server is configured with at least the minimum 
configuration information.

When the Radius Client is active on the switch, you are prompted by an authorization screen for a 
user login name and password when attempting to access the host IP address via the local console 
LM, Telnet to LM, or WebView application. The embedded Radius Client encrypts the 
information entered by the user and sends it to the Radius Server for validation. Then the server 
returns a yes or no response back to the client, allowing or denying the user to access the host 
application with the proper access level.

NOTE:

This is a server-dependent feature.

NOTE:

The minimum additional information that must be configured to use a server is 

its IP and Shared Secret.

Summary of Contents for Matrix E6 5G102-06-G

Page 1: ...MATRIX E5 Series Modules 5H1xx and 5G1xx Local Management User s Guide 9033583 02...

Page 2: ......

Page 3: ...THE INFORMATION CONTAINED IN THEM EVEN IF ENTERASYS NETWORKS HAS BEEN ADVISED OF KNEW OF OR SHOULD HAVE KNOWN OF THE POSSIBILITY OF SUCH DAMAGES Enterasys Networks Inc 500 Spaulding Turnpike Portsmout...

Page 4: ...erce which prohibit export or diversion of certain technical products to certain countries unless a license to export the product is obtained from the U S Government or an exception from obtaining suc...

Page 5: ...mentation and media ENTERASYS DISCLAIMS ALL WARRANTIES OTHER THAN THOSE SUPPLIED TO YOU BY ENTERASYS IN WRITING EITHER EXPRESS OR IMPLIED INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABI...

Page 6: ......

Page 7: ...Band vs Out of Band 1 2 1 2 Navigating Local Management Screens 1 3 1 3 Local Management Requirements 1 3 2 LOCAL MANAGEMENT REQUIREMENTS 2 1 Management Terminal Setup 2 1 2 1 1 Console Cable Connecti...

Page 8: ...ontrol Menu Screen 7 2 7 2 Port Configuration Screen 7 4 7 3 Port Information Screen 7 6 7 4 Spanning Tree Configuration Menu Screen 7 8 7 4 1 STA Bridge Configuration Screen 7 10 7 4 2 STA Port Confi...

Page 9: ...y Menu Screen 9 3 9 3 Overview of Security Methods 9 5 9 3 1 Host Access Control Authentication HACA 9 5 9 4 Security Configuration Screen 9 8 9 4 1 More About EAPOL 9 12 9 5 Port Authentication Confi...

Page 10: ...9 2 Enabling Disabling Threshold Function on All Ports 11 17 12 SNMP MANAGEMENT 12 1 The SNMP Protocol 12 1 12 2 MIB Objects 12 2 12 2 1 RFC 1213 MIB II 12 2 12 2 2 RFC 1493 BRIDGE MIB 12 3 12 2 3 RFC...

Page 11: ...s VLANs B 1 VLANs and Frame Tagging B 1 B 2 VLAN Configuration B 2 B 3 Forwarding Tagged Untagged Frames B 3 B 4 Forwarding Traffic with Unknown VLAN Tags B 3 C CLASS OF SERVICE C 1 Overview C 1 D IP...

Page 12: ......

Page 13: ...es Screen 6 15 6 9 IP Trap Managers Screen 6 16 6 10 Console Login Configuration Screen 6 18 6 11 Startup Configuration Screen 6 20 6 12 TFTP Download Screen 6 22 7 1 Device Control Menu Screen 7 2 7...

Page 14: ...adcast Storm Control Configuration Screen 7 47 8 1 Network Monitor Menu Screen 8 2 8 2 Port Statistics Screen 8 4 8 3 RMON Statistics Screen 8 7 8 4 Unicast Address Table Screen 8 11 8 5 IP Multicast...

Page 15: ...Field Description 6 20 6 12 TFTP Download Screen Field Descriptions 6 22 7 1 Device Control Menu Screen Menu Item Descriptions 7 3 7 2 Port Configuration Screen Field Descriptions 7 5 7 3 Port Inform...

Page 16: ...Item Descriptions 8 3 8 2 Port Statistics Screen Field Descriptions 8 5 8 3 RMON Statistics Screen Field Descriptions 8 8 8 4 Unicast Address Table Screen Field Descriptions 8 11 8 5 IP Multicast Regi...

Page 17: ...nt application Identify and operate the types of fields used by Local Management Navigate through Local Management fields and menus Use Local Management screens to perform management operations Establ...

Page 18: ...ser passwords and set the community string which controls access to the on board SNMP agent via in band management software Chapter 7 Device Control Menu Screens describes how to access and use the sc...

Page 19: ...y traffic through the switch is serviced first before lower priority traffic Appendix D IP Multicast Filtering introduces you to the Internet Group Management Protocol IGMP This protocol runs between...

Page 20: ...od in numerals signals the decimal point indicator e g 1 75 equals one and three fourths Or periods used in numerals signal the decimal point in Dotted Decimal Notation DDN e g 000 000 000 000 in an I...

Page 21: ...ys Networks products in the network A description of your network environment layout cable type etc Network load and frame size at the time of trouble if known The device history i e have you returned...

Page 22: ......

Page 23: ...nt Protocol This SNMP agent permits a switch to be managed from any PC in the network using in band management software The module also includes an embedded HTTP Web agent This Web agent can be access...

Page 24: ...monitor and configure the module 1 1 2 In Band vs Out of Band Network management systems are often classified as either in band or out of band In band network management passes data along the same med...

Page 25: ...at the edge of a screen when moved in the direction of that edge wraps around to the outermost selectable item on the opposite side of the screen which is on the same line or column 1 3 LOCAL MANAGEM...

Page 26: ......

Page 27: ...ENT TERMINAL SETUP The module provides one communication port labeled COM which supports a management terminal connection To access Local Management connect one of the following systems to the COM por...

Page 28: ...Connection 2 1 2 Management Terminal Setup Parameters Table 2 1 lists the setup parameters for the local management terminal NOTE If using a modem between the VT compatible device and the COM port of...

Page 29: ...7 Bit Controls VT100ID Normal Cursor Keys UPSS DEC Supplemental Communications Setup Menu Transmit Receive XOFF Bits Parity Stop Bit Local Echo Port Transmit Auto Answerback 2400 4800 9600 19200 Reco...

Page 30: ...ocol Once the module is configured you can establish a Telnet session from any TCP IP based node on the network Telnet connections to the module require the community name passwords assigned in the SN...

Page 31: ...ccessing the Password screen to enter a Local Management session Section 3 3 The default settings for each switch configuration parameter These are the parameters that can be changed via a terminal co...

Page 32: ...System Information Switch Information Network Configuration Menu SNMP Communities Console Login Configuration 802 1Q VLAN Base Information Port Information 802 1Q VLAN Current Table Information IP Tr...

Page 33: ...to the sample Main Menu shown in Figure 3 2 The information is divided into the following parts Menu Name includes access privileges Selectable Items Screen Prompt for menu selections and entry of fi...

Page 34: ...ure 3 3 for the on board Local Management configuration program displays Figure 3 3 Password Screen You may need to press ENTER a few times to display the screen The default user name is public with n...

Page 35: ...nged via the console menus or Telnet NOTE A user is allowed three attempts to enter the correct password on the third failed attempt the current connection is terminated Table 3 1 Factory Default Sett...

Page 36: ...LAN Group Assignment VLAN Ingress Filtering VLAN Learning Auto Backplane VLAN Configuration All Yes 1 False SVL Yes Module Security Timeout Sets the period between retries Retries Sets the maximum num...

Page 37: ...screen is the first screen to display This chapter describes the Main Menu screen introduces the screens that you can use to obtain system operating information change operating parameters obtain mod...

Page 38: ...op level menu screens and the EXIT command How to Access Enter a valid password User Name and Password in the Password screen as described in Section 3 3 The Main Menu screen Figure 4 1 displays Scree...

Page 39: ...ter 6 Network Configuration Menu Serial Port Configuration SNMP Configuration Menu Console Login Configuration Startup Configuration TFTP Download Includes IP setup Ping facility HTTP Web Agent setup...

Page 40: ...lticast filtering Extended Bridge Configuration 802 1P Configuration 802 1Q VLAN Base Information 802 1Q VLAN Current Table Information 802 1Q VLAN Static Table Configuration 802 1Q VLAN Port Configur...

Page 41: ...thentication Policy Override Configuration Configures the Radius client in the module to restrict access to management functions of the Local Management screens by way of the COM port or network TELNE...

Page 42: ......

Page 43: ...ION MENU SCREEN Screen Navigation Path Password Main Menu System Information Menu When to Use To access the System Information and Switch Information screens to display a basic description of the swit...

Page 44: ...enu item Table 5 1 System Information Menu Screen Menu Item Descriptions Menu Item Screen Function System Information Provides basic system description including system object ID up time name contact...

Page 45: ...system How to Access Use the arrow keys to highlight the System Information menu item on the System Information Menu screen and press ENTER The System Information screen Figure 5 2 displays Figure 5...

Page 46: ...ENTER The Switch Information screen Figure 5 3 displays Table 5 2 System Information Screen Field Descriptions Use this field To System Description See the system hardware description System Object I...

Page 47: ...Switch Information Screen Field Descriptions Use this field To Hardware Version See the hardware version of the main board Firmware Version See what system firmware version is in ROM Serial Number See...

Page 48: ......

Page 49: ...2 3 Serial Port Configuration screen Section 6 3 SNMP Configuration Menu screen Section 6 4 SNMP Communities screen Section 6 4 1 IP Trap Managers screen Section 6 4 2 Console Login Configuration scr...

Page 50: ...load a configuration file from the module to a TFTP server How to Access Use the arrow keys to highlight the Management Setup Menu item on the Main Menu screen and press ENTER The Management Setup Men...

Page 51: ...arameters for the serial port including management mode baud rate console time out and screen data refresh interval For details refer to Section 6 3 SNMP Configuration Menu Activates traps and configu...

Page 52: ...otocol IP parameters Enable the on board Web Agent Set the number of concurrent Telnet sessions allowed How to Access Use the arrow keys to highlight the Network Configuration Menu item on the Managem...

Page 53: ...ion Menu Screen Menu Item Descriptions Menu Item Screen Function IP Configuration Sets the bootup option or configures the module s IP parameters For details refer to Section 6 2 1 IP Connectivity Tes...

Page 54: ...functional description of each screen field Table 6 3 IP Configuration Screen Field Descriptions Use this field To Interface Type See which IP transport protocol is being used over Ethernet The defaul...

Page 55: ...bnets The default is 255 255 0 0 Gateway IP Enter the IP address of the gateway used to pass trap messages from the module s agent to the management station NOTE The gateway must be defined if the man...

Page 56: ...st Ping When to Use To see if another site on the Internet can be reached How to Access Use the arrow keys to highlight the IP Connectivity Test Ping menu item on the Network Configuration Menu screen...

Page 57: ...e HTTP Configuration menu item on the Network Configuration Menu screen and press ENTER The HTTP Configuration screen Figure 6 5 displays Table 6 4 IP Connectivity Test Ping Screen Field Descriptions...

Page 58: ...each screen field Table 6 5 HTTP Configuration Screen Field Descriptions Use this field To HTTP Server Enable or disable access to the on board web agent for WebView The default setting is ENABLED HT...

Page 59: ...e module s COM port For more information on connecting to this port refer to Chapter 2 How to Access Use the arrow keys to highlight the Serial Port Configuration menu item on the Management Setup Men...

Page 60: ...bits of the RS232 port The default is 8 bits Options 7 8 Stop bits Set the stop bits of the RS232 port The default is 1 bit Options 1 2 Parity Set the parity of the RS232 port The default is NONE Opt...

Page 61: ...Station NMS can be used to access this information Access rights to the on board agent are controlled by community strings To communicate with the module the NMS must first submit a valid community st...

Page 62: ...n and press ENTER The SNMP Communities screen Figure 6 8 displays Table 6 7 SNMP Configuration Menu Screen Menu Item Descriptions Menu Item Screen Function Send Authentication Fail Traps Enables or di...

Page 63: ...ld To Community Name Enter a community entry authorized for management access Maximum string length 20 characters Access Set the level of Local Management access to a Read Only or Read Write restricti...

Page 64: ...s or other trap messages from the module Up to 5 trap managers may be entered How to Access Use the arrow keys to highlight the IP Trap Managers menu item on the SNMP Configuration Menu screen and pre...

Page 65: ...er name and password to the Administrator as soon as possible and store it in a safe place How to Access Use the arrow keys to highlight the Console Login Configuration menu item on the Management Set...

Page 66: ...hreshold Set the password intrusion threshold which limits the number of failed logon attempts The default is 3 Range 0 65535 Lock out Time in minutes Set the time the management console will be disab...

Page 67: ...tartup parameter to ENABLED and forces the diagnostics to run when the module is rebooted For information on the location of the dip switch and how to set it refer to the installation guide shipped wi...

Page 68: ...een Field Description Refer to Table 6 11 for a functional description of the screen field Table 6 11 Startup Configuration Screen Field Description Use this field To Startup Diagnostics Enable or dis...

Page 69: ...nection After downloading the new image the agent will automatically restart itself The download and upload configuration capability enables user configured settings to be copied from one module to an...

Page 70: ...rver IP Enter the IP address of a TFTP server Agent Software Upgrade See the community specified for trap management access Download Filename Enter the binary file to download to the agent module Down...

Page 71: ...y DOWNLOAD IMAGE Enables the download of an image from a TFTP server UPLOAD CONFIG Used to upload a configuration file from the module to a TFTP server DOWNLOAD CONFIG Used to download a configuration...

Page 72: ......

Page 73: ...tion 7 5 1 STA Port Information Section 7 5 2 Mirror Port Configuration Section 7 6 SmartTrunking Configuration Section 7 7 IGMP Configuration Section 7 8 Extended Bridge Configuration Section 7 9 802...

Page 74: ...em on the Main Menu screen and press ENTER The Device Control Menu screen Figure 7 1 displays Screen Sample Figure 7 1 Device Control Menu Screen Port Configuration Extended Bridge Configuration Port...

Page 75: ...uration Sets the source and target ports for mirroring For details refer to Section 7 6 SmartTrunking Configuration Specifies ports to group into aggregate trunks For details refer to Section 7 7 IGMP...

Page 76: ...Configuration Configures VLAN groups via static assignments including setting port members For details refer to Section 7 14 802 1Q VLAN Port Configuration Displays configures port specific VLAN sett...

Page 77: ...behavior e g excessive collisions and then re enable it after the problem has been resolved You may also disable a port for security reasons The default is ENABLED Port Configuration Port 1 12 Flow C...

Page 78: ...highlight the Port Information menu item on the Device Control Menu screen and press ENTER The Port Information screen Figure 7 3 displays Flow Control Enable or disable flow control Flow control can...

Page 79: ...000Base SX 1000LX 1000Base LX Operational See if the port is or is not functioning Link See if the port has a valid connection to an external device Port Information Port 1 12 Port Type Operational Li...

Page 80: ...onfiguration screens to configure the STA functions To view the current STA bridge and port information refer to Section 7 5 For a more detailed description of how to use this algorithm refer to Appen...

Page 81: ...nal description of each menu item Table 7 4 Spanning Tree Configuration Menu Screen Menu Item Descriptions Menu Item Screen Function STA Bridge Configuration Sets the STA Bridge parameters For details...

Page 82: ...To set the STA Bridge parameters How to Access Use the arrow keys to highlight the STA Bridge Configuration menu item on the Spanning Tree Configuration Menu screen and press ENTER The STA Bridge Con...

Page 83: ...35 Remember that the lower the numeric value the higher the priority Hello Time in seconds Set the time interval at which the root device transmits a configuration message The default is 2 The minimum...

Page 84: ...screen Figure 7 6 displays Forward Delay in seconds Set the maximum time the root device will wait before changing states i e listening to learning to forwarding This delay is required because every...

Page 85: ...ame the port with the highest priority i e lowest value will be configured as an active link in the spanning tree Where more than one port is assigned the highest priority the port with lowest numeric...

Page 86: ...nformation Menu screen Figure 7 7 displays Cost Determine the best path between devices The lower values should be assigned to ports attached to faster media and higher values assigned to ports with s...

Page 87: ...ion of each menu item Table 7 7 Spanning Tree Information Menu Screen Menu Item Descriptions Menu Item Screen Function STA Bridge Information Displays the current information about the STA Bridge For...

Page 88: ...s Use the arrow keys to highlight the STA Bridge Information menu item on the Spanning Tree Information Menu screen and press ENTER The STA Bridge Information screen Figure 7 8 displays Screen Example...

Page 89: ...ore attempting to reconfigure Forward Delay in seconds See the maximum time the root device will wait before changing states i e from listening to learning to forwarding Hold Time See the minimum inte...

Page 90: ...display current information about the STA Port The parameters shown in Figure 7 9 and Table 7 9 are for port STA Information Ports 1 12 Ports 13 24 Ports 25 36 or Ports 37 48 How to Access Use the ar...

Page 91: ...28 22 2 FORWARDING 1 101 32768 0000E8000500 128 2 3 FORWARDING 1 101 32768 0000E8000500 128 3 4 FORWARDING 1 101 32768 0000E8000500 128 4 5 FORWARDING 1 101 32768 0000E8000500 128 5 6 FORWARDING 1 101...

Page 92: ...EARNING Has transmitted configuration messages for an interval set by the Forward Delay parameter without receiving contradictory information Port address table is cleared and the port begins learning...

Page 93: ...the same VLAN and be operating at the same speed as the source port Refer to Section 7 11 for information on configuring virtual VLANs If the target port is operating at a lower speed the source port...

Page 94: ...rt Configuration Screen Field Descriptions Refer to Table 7 10 for a functional description of each screen field Table 7 10 Mirror Port Configuration Screen Field Descriptions Use this field To Mirror...

Page 95: ...s can only be assigned to one trunk The ports in a trunk must belong to the same switch chip refer to Table 7 12 The ports at both ends of a connection must be configured as trunk ports The ports at b...

Page 96: ...SmartTrunking Configuration screen Figure 7 11 displays Screen Example Figure 7 11 SmartTrunking Configuration Screen Field Descriptions Refer to Table 7 11 for a functional description of each screen...

Page 97: ...is the group ID of the SmartTrunk group Identifies the chip set to be used Refer to Table 7 12 for the ports associated with each group ID Port Enter the number of the port that you want to add or rem...

Page 98: ...a host to inform its local switch that it wants to receive transmissions addressed to a specific multicast group How to Access Use the arrow keys to highlight the IGMP Configuration menu item on the D...

Page 99: ...a specific multicast service The switch looks up the IP Multicast Group used for this service and adds any port that received a similar request to that group It then propagates the service request on...

Page 100: ...port Traffic Classes Multicast Filtering and VLANs How to Access Use the arrow keys to highlight the Extended Bridge Configuration menu item on the Device Control screen and press ENTER The Extended B...

Page 101: ...on is active For configuration information refer to Section 7 16 Configurable PVID Tagging Override the default PVID setting Port VLAN ID used in frame tags and its egress status VLAN Tagged or Untagg...

Page 102: ...802 1p defines up to 8 separate traffic classes This switch supports Quality of Service QoS by using two priority queues with weighted fair queuing for each port For information on Class of Service re...

Page 103: ...e low priority output queue Default priority is only used to determine the output queue for the current port no priority tag is actually added to the frame How to Access Use the arrow keys to highligh...

Page 104: ...e from 0 7 where 0 3 specifies the low priority queue and 4 7 specifies the high priority queue Current Priority See the current priority setting that may be due to an authentication or a policy overr...

Page 105: ...ude both physical and virtual ports This switch provides two priority levels with weighted fair queuing for port egress This means that any frames with a default or user priority from 0 3 are sent to...

Page 106: ...ld To Port See the numeric identifier for a switch port User Priority See that user priorities 0 3 specify the low priority queue and 4 7 specify the high priority queue 802 1P Port Traffic Class Info...

Page 107: ...es into separate broadcast domains confining broadcast traffic to the originating group This also provides a more secure and cleaner network environment For more information on how to use VLANs refer...

Page 108: ...is field To VLAN Version Number See the VLAN version used by this module as specified in the IEEE 802 1Q standard MAX VLAN ID See the maximum VLAN ID recognized by this module MAX Supported VLANs See...

Page 109: ...reate a small port based VLAN for one or two switches you can assign ports to the same untagged VLAN refer to Section 7 15 The current configuration is shown in Figure 7 18 How to Access Use the arrow...

Page 110: ...this field To Deleted VLAN Entry Counts See the number of times a VLAN entry has been deleted from this table VID See the ID of the VLAN currently displayed Status See how this VLAN was added to the s...

Page 111: ...st port in a group For example for port group 1 through 24 the left most character is the current egress for port 1 and the right most character is for port 24 Current Untagged Ports See if a port has...

Page 112: ...uration screen Figure 7 19 displays Screen Example Figure 7 19 802 1Q VLAN Static Table Configuration Screen Field Descriptions Refer to Table 7 20 for a functional description of each screen field VI...

Page 113: ...most character represents the first port in a group and the right most character the last port in the group For example for group 1 24 the left most character in the Egress Ports field is for port 1 a...

Page 114: ...figuration menu item on the Device Control Menu screen and press ENTER The 802 1Q VLAN Port Configuration screen Figure 7 20 displays Screen Example Figure 7 20 802 1Q VLAN Port Configuration Screen 8...

Page 115: ...02 1Q VLAN Port Configuration Screen Field Descriptions Use this field To Static PVID Select the Static Port VLAN ID PVID to which the incoming untagged frames on this port are assigned Current PVID S...

Page 116: ...re 7 21 Static Unicast Address Table Configuration Screen Field Descriptions Refer to Table 7 22 for a functional description of each screen field Table 7 22 Static Unicast Address Table Screen Field...

Page 117: ...d Corresponding entry removed from table DeleteOnTimeOut Currently in use and will remain so until it is aged out Other Currently in use but the conditions under which it will remain differ from the p...

Page 118: ...r details refer to Section 11 15 2 Invalid Removes the corresponding entry DeleteOnTimeOut This entry is currently in use and will remain so until it is aged out Refer to Aging Time in Section 8 4 Oth...

Page 119: ...e Control Menu screen and press ENTER The Broadcast Storm Control Configuration screen Figure 7 22 displays Screen Example Figure 7 22 Broadcast Storm Control Configuration Screen NOTE Broadcast frame...

Page 120: ...disable broadcast control on all ports Use the tab key to highlight the Enable or Disable field and press ENTER to enable or disable all ports Refer to Section 11 19 for details Port See the port num...

Page 121: ...om its menu Port Statistics Section 8 2 RMON Statistics screen Section 8 3 Unicast Address Table Section 8 4 IP Multicast Registration Table Section 8 5 8 1 NETWORK MONITOR MENU SCREEN Screen Navigati...

Page 122: ...eys to highlight the Network Monitor Menu item on the Main Menu screen and press ENTER The Network Monitor Menu screen Figure 8 1 displays Screen Example Figure 8 1 Network Monitor Menu Screen Port St...

Page 123: ...Port Statistics Displays statistics on network traffic passing through the selected port RMON Statistics Displays detailed statistical information for the selected port such as packet type and frame s...

Page 124: ...or unusually heavy loading The values displayed are those accumulated since the last system reboot How to Access Use the arrow keys to highlight the Port Statistics menu item on the Network Monitor Me...

Page 125: ...scards See the total number of inbound frames that were discarded even though the frames contained no errors This field may increment because the switch module was receiving frames during initializati...

Page 126: ...ement because the switch was being overutilized OutErrors Display the total number of outbound frames discarded because they contained errors This field represents the total number of errored frames r...

Page 127: ...rame types and sizes passing through each port Values displayed have been accumulated since the last system reboot How to Access Use the arrow keys to highlight the RMON Statistics menu item on the Ne...

Page 128: ...Frames See the total number of good frames that were directed to the broadcast address The value of this field does not include multicast frames Multicast Frames See the total number of good frames r...

Page 129: ...ing bits but including FCS bytes 65 127 Octets See the total number of frames including bad frames received that were between 65 and 127 bytes in length excluding framing bits but including FCS bytes...

Page 130: ...h a specific address or set the aging time for deleting inactive entries This screen contains the MAC addresses and VLAN identifier associated with each port that is the source port associated with th...

Page 131: ...e number of static addresses in the table MAC See the MAC address of a node VID See the VLAN s associated with this address or port Aging Time 300 Dynamic Counts 239 Static Counts 0 MAC VID Port Statu...

Page 132: ...on the Network Monitor Menu screen and press ENTER The IP Multicast Registration Table screen Figure 8 5 displays Port See the port that includes the MAC address in its address table Status See the a...

Page 133: ...se this field To VID See the VLAN ID assigned to this multicast group Multicast IP See the IP address for specific multicast services Multicast Group Port Lists See switch ports registered for the ind...

Page 134: ...Enter the IP of the multicast group to display its associated multicast information Show Display the address table sorted on VID and then Multicast IP More Scroll through the entries in the address ta...

Page 135: ...guration Section 9 4 Port Authentication Section 9 5 Port Override Configuration Section 9 6 9 1 802 1X PORT BASED NETWORK ACCESS CONTROL When using the physical access characteristics of IEEE 802 LAN...

Page 136: ...simulate user level access controls Table 9 1 Authentication Terms and Abbreviations Term Definition EAP Extensible Authentication Protocol e g Microsoft IAS Server and Funk Steel Belted Radius PAE Po...

Page 137: ...an encapsulation of EAP the Extensible Authentication Protocol defined in RFC 2284 which includes extra data fields within a LAN frame Note that EAPOL does not allow routing Use EAP to communicate bet...

Page 138: ...le primary server and secondary server to restrict access to Local Management functions For an overview of the security methods refer to Section 9 3 For details refer to Section 9 4 Port Authenticatio...

Page 139: ...n 11 18 9 3 1 Host Access Control Authentication HACA To use HACA the embedded Radius Client on the switch must be configured to communicate with the Radius Server and the Radius Server must be config...

Page 140: ...rts 1812 per RFC 2865 Last resort for local and remote is challenge If only one server is configured it must be the primary server It is not necessary to reboot after the client is reconfigured The cl...

Page 141: ...see the policy profile MIB The secondary server is always consulted if it is configured Note that the minimum additional information that must be configured to use a server is its IP and shared secre...

Page 142: ...orization and Accounting of the network resources For information about Radius Client and how it functions refer back to Section 9 1 1 and Section 9 1 2 How to Access Use the arrow keys to highlight t...

Page 143: ...timing out The default is 5 seconds NOTE If both a primary and secondary server are configured requests are switched between the primary and secondary after each timeout Retries Enter a maximum numbe...

Page 144: ...to a timeout condition To set local and remote servers refer to Section 11 18 Last Resort Action Remote Select Accept Challenge and Reject which do the following ACCEPT Allows remote access via Telne...

Page 145: ...er the IP address in decimal dot format of the primary and secondary servers being configured for the RADIUS function Secret Enter a secret string of characters for the primary and secondary server 16...

Page 146: ...lly to each port when configuring each VLAN 9 5 PORT AUTHENTICATION CONFIGURATION SCREEN Screen Navigation Path Password Main Menu Security Port Authentication When to Use To enable or disable an auth...

Page 147: ...orts currently displayed The Radius authentication configuration for up to 12 ports can be displayed on a screen RETURN Radius Authentication Configuration Port 1 12 Authentication Access mode of all...

Page 148: ...ssing to the switch The default is No Change To select the option use the Tab key to highlight the Authentication Access mode of all ports field step to one of the options described above using the SP...

Page 149: ...he connecting state via disconnected disconnected The port passes through this state on its way to connected whenever the port is reinitialized via link state change reauthentication failure or manage...

Page 150: ...Management has set this in Port Control Absolutely no packets are forwarded to or from this port Authentication Access Select one of the following Authentication Access modes per individual port AUTO...

Page 151: ...cause the override function to go through and disable all policies and in effect set the switch back to a state where only the PVID Port Priority settings would be in use Policies can be in place wit...

Page 152: ...5 Policy Override Configuration Screen Field Description Use this field To Disable all Dynamic Policies Select YES or NO When YES is selected any inappropriate policy setting is undone and the switch...

Page 153: ...xit a current Local Management session 10 1 SYSTEM RESTART MENU Screen Navigation Path Password Main Menu System Restart Menu When to Use To reset the module Local Management agent How to Access Use t...

Page 154: ...this field To POST Enable YES or disable NO the running of the Power On Self Test Reload Factory Defaults Enable YES or disable NO the reloading of the factory default settings Keep IP Setting Enable...

Page 155: ...ent session Refer to Section 4 1 for information about the Main Menu screen Keep User Authentication Enable YES or disable NO the retention of the user names and passwords defined in the Console Login...

Page 156: ......

Page 157: ...authorized access to console menus Section 11 2 Assigning an IP address for the switch if you plan to manage the switch using SNMP or if you use Telnet to access the switch Section 11 3 Checking netwo...

Page 158: ...ification you should enable password protection to the console menus To enter a password proceed as follows 1 Select Management Setup Menu from the Main Menu and press ENTER 2 Select Console Login Con...

Page 159: ...llows 1 Select Device Control Menu from the Main Menu 2 Select Port Information and press ENTER 3 If a network cable is properly connected to a port the Link for the port reads UP If no cable is conne...

Page 160: ...follows 1 Select Management Setup Menu from the Main Menu 2 Select SNMP Configuration Menu 3 Select SNMP Communities from the menu Enter the desired community names you are permitted to enter from 1 t...

Page 161: ...to ENABLED 6 Connect a traffic analyzer or RMON probe to the mirroring port 11 9 DOWNLOADING A SOFTWARE UPGRADE You can upgrade the operational software in the switch without physically opening the s...

Page 162: ...1 Runtime 2 POST 3 Mainboard 1 4 Select 1 to download the agent software The following messages display Your Selection Runtime Code Download code to FlashROM address 0x02880000 Change Baud Rate to 576...

Page 163: ...wnloaded from the TFTP server 4 If necessary configure the address of an IP gateway to reach the server from the switch using the Gateway IP field in the Network Configuration IP Configuration menu 5...

Page 164: ...ion on or off by setting the Spanning Tree Protocol field to ENABLED 4 From the Spanning Tree Configuration Menu select STA Port Configuration The Spanning Tree Port Configuration Menu displays Change...

Page 165: ...n Menu 2 Select 802 1P Configuration then 802 1P Port Priority Configuration 3 Set the individual port priorities by entering 0 3 for the low priority queue or 4 7 for the high priority queue 11 13 CO...

Page 166: ...ameters along with auto negotiation are not configurable on fiber ports To configure port operation proceed as follows 1 Select Device Control Menu from the Main Menu 2 Select Port Configuration and p...

Page 167: ...re entered manually stored in nonvolatile memory and automatically placed in the address table There are seven types of status that can be configured for each address in the table Permanent which mean...

Page 168: ...in and is the only source address recognized on that port If a MAC address was entered then that MAC address becomes the locked port address Locked Port MAC addresses are displayed with a Status of L...

Page 169: ...alancing the load across each port in the trunk the additional ports provide redundancy by taking over the load if another port in the trunk should fail To configure the port trunks do the following 1...

Page 170: ...If the primary server does not respond within the specified number of retries during a specified time out period the client will attempt to authenticate using the secondary server If the secondary ser...

Page 171: ...l and Remote Servers Before setting the parameters refer to Section 9 1 1 and Section 9 1 2 for a better understanding of Radius Servers and Last Resort Authentication To set the local and remote serv...

Page 172: ...r the IP address in decimal dot format of the primary and secondary servers being configured for the RADIUS function 6 Highlight the Secret field and enter a secret string of characters for the primar...

Page 173: ...d value from 100 to N 3 Press ENTER 4 Use the Tab key to highlight the associated ENABLED DISABLED field in the Broadcast Control column 5 Press the SPACE bar to either enable or disable the Threshold...

Page 174: ......

Page 175: ...re used to access the information maintained by the SNMP agents across a network is referred to as the SNMP Manager and typically runs on a workstation The SNMP manager software uses a MIB specificati...

Page 176: ...of TCP IP based Internets MIB II RFC 1493 Definitions of Managed Objects for Bridges RFC 1573 Evolution of the Interfaces Group of MIB II RFC 1643 Definitions of Managed Objects for the Ethernet like...

Page 177: ...IB II This MIB deals with the operation of the system as an 802 1D compliant bridge Areas of functionality supported by this group include Spanning Tree and forwarding table information and configurat...

Page 178: ...Enterasys private MIB This MIB definition is specified separately from MIB II Areas covered in this MIB include various system switch and port level information 12 4 COMPILING MIB EXTENSIONS ENTERASYS...

Page 179: ...e a single Spanning Tree from any arrangement of switching or bridging elements Compensate automatically for the failure removal or addition of any device in an active data path Achieve port changes i...

Page 180: ...Switches A B and C are connected together in a redundant topology more than one path between two points If the connection between A and B goes down the link between A and C becomes active thereby est...

Page 181: ...None Bridge Identifier Identifier for each bridge This parameter consists of two parts a 16 bit bridge priority and a 48 bit network adapter address Ports are numbered in absolute numbers starting fro...

Page 182: ...plication software and other LAN segments ignore the packet Bridges communicate between each other in order to determine the Root Bridge A 3 3 Selecting a Root Bridge and Designated Bridges During com...

Page 183: ...using Spanning Tree Blocking A port in this state does not participate in the transmission of frames thus preventing duplication arising through multiple paths existing in the active topology of the b...

Page 184: ......

Page 185: ...tself or by a network device such as a switch In addition to VLAN information the relative priority of the frame in the network can be specified by the tag For more information refer to Appendix D VLA...

Page 186: ...other end of the link also supports VLANs Then assign the port at the other end of the link to the same VLANs However if you want a port on this switch to participate in one or more VLANs but the dev...

Page 187: ...VLAN tag reflecting this port s default VID The default PVID is VLAN 1 but this can be changed as described in Section 7 15 Figure B 1 Example of Multi Switch VLAN Configuration B 4 FORWARDING TRAFFI...

Page 188: ......

Page 189: ...mes on the high priority queue are transmitted first when that queue empties traffic on the normal priority queue is transmitted When priority queuing is being used each frame that passes through the...

Page 190: ...ority Figure C 1 shows priority queuing operating within a switch Frames entering the switch through ports 1 and 4 are tagged as normal traffic and placed in a normal priority queue on the outbound po...

Page 191: ...warding multicast traffic from the local switch to group members on a directly attached subnetwork or LAN segment This switch supports IP Multicast Filtering by passively snooping on the IGMP Query an...

Page 192: ......

Page 193: ...Class of Service 11 9 configuring VLANs 11 8 downloading of software upgrades 11 5 making a Telnet connection 11 3 setting SNMP management access 11 4 setting the Gateway IP 11 13 setting the password...

Page 194: ...12 4 MIB objects 12 2 MIBs introduction to Compiling MIB extensions Enterasys web site 12 4 Enterasys Proprietary MIB Extensions 12 4 RFC 1213 MIB II 12 2 RFC 1757 RMON MIB 12 3 Mirror port configurat...

Page 195: ...d packets 8 8 S Screens Console Login Configuration 6 17 Device Control Menu purpose of 7 1 hierarchy of 3 1 IP Configuration 6 5 IP Connectivity Test Ping 6 8 IP Trap Managers 6 16 Main Menu 4 2 Main...

Page 196: ...rameters default settings of 3 5 Switch statistics viewing of 11 4 T Tags VLAN B 1 Telnet connecting to switch using 11 3 Telnet connections 2 4 TFTP download process 11 7 downloading software 11 5 Tr...

Reviews:

No comments

Related manuals for Matrix E6 5G102-06-G

Wattle Pegasus Quick Installation Manual preview
Pegasus
Brand: Wattle Pages: 6
Baicells Nova430i Quick Manual preview
Nova430i
Brand: Baicells Pages: 8
Palo Alto Network M-200 Reference Manual preview
M-200
Brand: Palo Alto Network Pages: 56
Radwin Transportation FiberinMotion Deployment Manual preview
Transportation FiberinMotion
Brand: Radwin Pages: 122
Watchguard Firebox SOHO 6 Wireless Instructions Manual preview
Firebox SOHO 6 Wireless
Brand: Watchguard Pages: 8
Zhone 6211 Product Manual preview
6211
Brand: Zhone Pages: 7
Zhone 6211 Quick Installation Instructions preview
6211
Brand: Zhone Pages: 1
Furuno 001-558-430 Replacement Instructions Manual preview
001-558-430
Brand: Furuno Pages: 24
Freescale Semiconductor MCF54455 Reference Manual preview
MCF54455
Brand: Freescale Semiconductor Pages: 921
Nvidia nForce 680I LT SLI Hardware User Manual preview
nForce 680I LT SLI
Brand: Nvidia Pages: 80
East Coast Datacom PDS-1/10G User Manual preview
PDS-1/10G
Brand: East Coast Datacom Pages: 19
Teletronics International TT 900 User Manual preview
TT 900
Brand: Teletronics International Pages: 57
ZoneVu ZSI-450-IP Installation Manual & User Manual preview
ZSI-450-IP
Brand: ZoneVu Pages: 15
FUNcube Dongle Pro User Manual preview
Dongle Pro
Brand: FUNcube Pages: 23
Planet GSW-2416SF User Manual preview
GSW-2416SF
Brand: Planet Pages: 54
Radica Games DAVID-II 716 Operating And Maintenance Instruction Manual preview
DAVID-II 716
Brand: Radica Games Pages: 40
Airvana ipBTS C30 Installation And Commissioning Manual preview
ipBTS C30
Brand: Airvana Pages: 90
Renesas HD74HCT1G04 Datasheet preview
HD74HCT1G04
Brand: Renesas Pages: 8

Brands by name

Popular brands

Load more brands