manualshive.com logo in svg

LEGRAND Area box distribution switch, Installation And Configuration Manual, Page: 60 / 87

Share
Download
LEGRAND Area box distribution switch Installation And Configuration Manual Download Page 60

Manageable Mosaic switch Installation and User Guide 

 

 

 

 Page 60 of 87

 

5.1.5 

Management Access (Secure NMS) Path  

The in-band management path can be secured by limiting the remote access through either user ports, 

backbone ports or all ports.  

By default, the NMS path is not secured, allowing access from all ports.  

To change the Secure NMS Path: 

 

1.  From the 

Embedded web interface

 main screen, click 

Management

 and expand the 

Secure NMS Path

 tab 

2.  Select the required option from the 

Path

 list. The following options are available 

 

User Ports Only

 – access is allowed only through the user ports (ports 1-4). 

 

Backbone Port(s) Only

 – access is allowed only through the backbone ports (uplink 

ports 1-2). 

 

All  Ports

  –  Secure  NMS  Path  option  is  disabled  and  access  is  allowed  through  all 

ports. 

NOTE:

 

MGMT VLAN

 filtering overrules NMS access path.  

 

Figure 5-3 Changing the Secured NMS Path 

3.  Click 

Apply

5.1.6 

Securing Management Access via VLAN 

Securing  management  access  via  VLAN  is  used  to  isolate  and  secure  management  traffic  and  avoid 
management flooding by irrelevant traffic. 

The manageable Mosaic switch enables assigning a dedicated VLAN to the internal management port. 
Only  frames  belonging  to  that  specific  VLAN,  received  from  ports  belonging  to  the  same  VLAN 
membership group, can communicate with the management agent.  

This type of VLAN configuration provides an additional level of security to the management access.  

Assuming  the  switch  operates  in  802.1Q  VLAN  (i.e.  the  "802.1Q  VLAN  filtering  enable"  is  checked 
(selected), and the "VLAN filtering" is checked (selected) on all the ports) management access will only 
be available for the following frames: 

  VLAN frames, with VID=4095, arriving from the uplink port. 

  Non-VLAN frames arriving from the uplink port (only if the default VID of the uplink port 

is also configured to 4095). 

If  the  frame  arrives  without  a  VLAN,  and  the  VLAN  filtering  of  this  port  is  selected,  the  filtering  is 
according to the configured default VID of the port (4095 in our example)  

Any other frame, whether VLAN (with other VID number) or non-VLAN arriving on ports other than the 
uplink port, will be filtered, and will not be forwarded to the management agent. 

Response frames, transmitted from the internal management agent to the remote manager, are VLAN 
frames with VID=4095. 

SUMMARY

Summary of Contents for Area box distribution switch

Page 1: ...Manageable Mosaic switch Installation and User Guide GIGABIT PoE Manageable Mosaic switch INSTALLATION AND CONFIGURATION GUIDE ...

Page 2: ...itch includes 1310 1550nm Class 1 laser components certified according to IEC 60825 1 transmitting invisible laser radiation DO NOT stare into the beam or view directly with optical instruments Avoid direct exposure to beam Do not remove the protective covers on the fiber optic connectors until you are ready to connect the fiber optic cables When dealing with fiber optic cables please ensure that ...

Page 3: ...uring the Port Name 18 3 3 3 Factory Default Port Settings 18 3 3 4 Changing Port Settings 19 3 3 5 Power over Ethernet PoE 22 3 3 6 MAC Security 24 3 3 7 QoS 26 3 4 Embedded web interface Menu system 28 3 4 1 Port Indications 30 3 5 Device Configuration Menus 32 3 5 1 System Device Information 33 3 5 2 Inventory 34 3 5 3 Power Supply 34 3 5 4 Environment 34 3 5 5 Factory Defaults 35 3 5 6 RADIUS ...

Page 4: ...ser s Authentication 61 5 2 Securing Network Access 61 5 2 1 MAC Access Security Securing User Access to the Network 61 5 2 2 802 1X Port Based Network Access Security 63 5 2 3 Secure HTTP Protocol HTTPS 66 6 Monitoring and Analysis 68 6 1 Configuring SNMP Trap Destinations 68 6 2 Device Level Event Log 69 6 2 1 Viewing Recorded Events 69 6 2 2 Event Filter 70 6 3 Port Level Statistics and RMON Co...

Page 5: ...ory tab 34 Figure 3 14 System View menu Power Supply tab 34 Figure 3 15 System View menu Environment tab 34 Figure 3 16 Thresholds window 35 Figure 3 17 System View menu Factory Defaults tab 35 Figure 3 18 System View menu RADIUS Server tab 36 Figure 3 19 System menu Commands tab 36 Figure 3 20 Features menu Global Configuration tab 37 Figure 3 21 Features menu VLAN Mode tab 37 Figure 3 22 Feature...

Page 6: ...w Window 802 1X Tab 65 Figure 5 7 802 1X Access Authentication Enabled icon 66 Figure 5 8 HTTPS Enabled icon 67 Figure 6 1 Management menu SNMP Traps tab 68 Figure 6 2 Event Log window 69 Figure 6 3 Event log with the Event Filter window 70 Figure 6 4 Port Statistics and Counters 72 Figure 6 5 Port View window Monitor tab 73 Figure 7 1 LCS 2 FTTO Init screen Firmware Update commands 75 Figure 7 2 ...

Page 7: ...nd s enhanced Embedded web interface application Web browser and Telnet Highly secured in band access via IP access list secure NMS path passwords and optional HTTPS Low voltage 52VDC operation via compact external power supply The uplink ports of the manageable Mosaic switch are used for the network backbone connections and support star ring and daisy chain topologies The manageable Mosaic switch...

Page 8: ...e over TP cables Cat5e and higher QoS and VLANs QoS CoS configuration with four traffic classes and prioritized packet streams per port QoS based on IEEE802 3ac or IP TOS supporting IPv4 IPv6 802 1Q VLAN support 64 VLANs tag insertion and removal Double tag support Transparent VID Access Security per port Port based MAC access security 802 1Q VLAN port based VLAN 802 1X Port based network access c...

Page 9: ...erature measurement thresholds and events Control of switch learning and aging parameters User s name assignment on device and port levels Reset configure and restore factory defaults via SNMP Telnet and Web Software download Remote firmware updating capabilities Upload download device configuration Special features key activation Set up and testing Secured remote initial set up via LCS 2 FTTO Ini...

Page 10: ...on the front panel Figure 1 2 manageable Mosaic switch Front view 1 To press the Reset button user needs to remove first the user identification marking slide Use narrow tool such as needle to press the button Keeping the button pressed for a long period few seconds will force to unit to switch to the default factory settings Power LED Port 1 L A PoE LEDs Port 2 L A PoE LEDs Port 3 L A PoE LEDs Po...

Page 11: ...nt System NMS OFF ON Management startup inoperable Management up and active Uplink 1 2 L A Link Activity OFF ON BLINKING no link link established on uplink port s activity detected TX and or RX on the port s PoE Ports 1 4 OFF BLINKING ON PoE PSE disabled on the port PoE PSE enabled but PoE power not provided to the port PD device not detected on the port PD detected PoE PSE power 52VDC provided to...

Page 12: ... the following two management interfaces The Embedded web interface Web Management application from any Web browser as an applet Telnet connection Factory defaults configure all three management interfaces to be active This configuration can be changed so that the device can only be managed by one or a combination of two management interfaces SUMMARY ...

Page 13: ...he DC connector of the PS to the manageable Mosaic switch the manageable Mosaic switch should start booting Performing initial IP configuration of the specific device a Connecting a PC laptop via LAN cable to any manageable Mosaic switch port and setting the IP parameters via the LCS 2 FTTO Init application b Connecting a PC laptop via the manageable Mosaic switch special RS232 serial cable option...

Page 14: ...ing access levels and its respective password Factory default passwords are available for each user name User Name Access Level Default Password Guest guest Admin admin Technician tech Service Center Not Available CLI password mypass Table 3 1 User name access level and password The four user names access levels are as follows Guest Allows only monitoring and viewing the configuration and status i...

Page 15: ... Radius server is not found authentication automatically proceeds to the next Radius Server in the list If a Radius Server is found but does not authenticate the user the authentication process is ended and no further search takes place The Telnet connection and the CLI access use the same password mypass is the factory default This password can only be changed via the CLI connection see section 8...

Page 16: ...hentication from a central Radius server such as from a Freeradius Winradius or Radiator server while logging in from a Web browser The advantage of storing user level passwords in the Radius server is that if the Web management passwords are changed they need to be changed only in the Radius server and not in each individual device Telnet is used to direct a Legrand manageable device to seek pass...

Page 17: ...e Table 3 2 Port Configuration Options Parameter Description Properties Displays port description and connection type Assigns a name to a specific port Status Provides visual indications of port status and activity The indicators include Link Activity and Collision Administration Contains the port status speed duplex negotiation and flow control settings Part of the parameters use scroll bars for ...

Page 18: ...OTE On SFP ports the connector type and other physical descriptions of the port are found in the SFP tab only and not in the Properties tab 3 3 2 Configuring the Port Name Each port can be named in order to identify the user or device connected to that port In the specific Port View window click the Name field to enter the new value and then click Apply 3 3 3 Factory Default Port Settings The devi...

Page 19: ...ends on A N results Flow Control Enabled 3 3 4 Changing Port Settings Figure 3 3 Administration tab Copper Port Configuration To change the port settings 1 From Port View expand the Administration tab 2 Change the appropriate parameters with new values and click Apply The left side of the field consists of the parameter set by the user Admin The parameters on the left side reflect the configuratio...

Page 20: ...hen link parameters must be forced Auto Neg Type Select the type of Auto Negotiation Preferred Forced Master Slave Speed Applicable if auto negotiation is set to Manual Options 10M 100M 1000M Duplex Applicable if auto negotiation is set to Manual Options Full duplex Half duplex MDI MDIX Auto Negotiate Three advertise possibilities 1 MDI and MDIX 2 MDI 3 MDIX Manual Two possibilities MDI or MDIX Fl...

Page 21: ... in Auto Oper field displays the actual speed value once it is established with the F O link partner Duplex When the system detects 100Mbit SFP it enables Full Half Duplex setting for the port Otherwise it is kept in Auto Oper field displays the actual value once it is established with the F O link partner Note The following SFP Port Parameters are read from the plugged in SFP Transceiver Connecto...

Page 22: ...The manageable Mosaic switch provides 802 3at af PoE PoE Power Source Equipment PSE capabilities with a total power capacity of up to 50 Watts on the ports When an 802 3at af PD device is connected to the port the port detects and classifies the device according to the 802 3at af standard and activates the PSE accordingly If the PD device is not 802 3at af complaint it will not be recognized and t...

Page 23: ...roviding remote power reset to the PD device Disconnect Select between AC Disconnect or DC Disconnect mode in the port configuration window Selecting DC Disconnect enables detection only of DC PDs the most common type of PDs currently Select AC Disconnect enables detection only of AC type PDs mostly old PDs The default is DC Disconnect Type PD Class Indicates the 802 3at af power classifications o...

Page 24: ... The existence of the LED itself indicates that the port is PoE Capable Ports with no PoE capabilities have no PoE LEDs On a PoE capable switch there are three possible PoE LED indications OFF BLINKING and ON steady illumination A PoE LED OFF Indicates that PoE is administratively disabled on this port This can be changed through the PoE tab in the Port View window B PoE LED BLINKING Indicates tha...

Page 25: ...orithms NOTE Port Monitoring MAC security and 802 1X cannot be active at the same time 1 In the Approved MAC list select the MAC address to be designated as the approved MAC address 2 Open the Mode list and set the mode according to the following parameter descriptions Disable MAC security is not enabled Low Security Level The port is open forwards data for all devices as long as the approved MAC ...

Page 26: ...our priority levels 0 3 Ingress 802 3ac Enables queuing of ingressing frames with 802 3ac tags containing 802 1p priority information to be queued accordingly Ingress TOS Type of Service Enables queuing of ingressing frames with IPv4 TOS DiffServ or IPv6 Traffic Class priority to be queued accordingly NOTE If both Ingress IEEE 802 3ac and Ingress ToS are enabled and a frame arrives with both types...

Page 27: ...etween 128 Kbps to 8 Mbps 128K 256K 512K 1M 2M 4M 8Mbps Ingress PRI 1 Same as PRI 0 or double i e unlimited up to 16 Mbps depending on PRI 0 settings Ingress PRI 2 Same as PRI 1 or double i e unlimited up to 32 Mbps depending on PRI 0 1 settings Ingress PRI 3 Same as PRI 2 or double i e unlimited up to 64 Mbps depending on PRI 0 1 2 settings The manageable Mosaic switch also supports different Rat...

Page 28: ...ion and contact person These names are only used to identify the device to an administrator or technician See Section 5 2 for information on how to change these fields Next on the left side of the screen are the Device configuration icons System Features Files Users Management and Relogin which provide the following options Menu Option Description Provides access to the following tabs and fields P...

Page 29: ...w of the RSTP Ports Configuration IGMP Snooping Configuration Status Enable Disable Join and leave Messages IGMP Snooping Discovered Configuration Provides a table view of the IGMP Snooping discovered Ports Configuration Provides access to the following tabs and fields Files List the Type Name and Size of the file Operation File name Status Progress and Command bar to allow manual downloads of fil...

Page 30: ...y to the default visual display Table 3 9 Color and icon Indications Copper Port connector Icons and Colors Grey No connection link Green Link without activity Yellow Link with activity Normal operation Red Collisions Red X on the port icon top left corner Port administratively closed HTTPS icon HTTPS enabled Fiber Port connector icons Four colors grey green yellow and red to indicate port status ...

Page 31: ...green The manageable Mosaic switch main screen provides also LED indication on manageable Mosaic switch unit and port status Table 3 10 lists the LED indication through the GUI Table 3 10 LED Indications LED ON OFF L A Link Active Ports 1 4 Uplink Ports U1 U2 Port connected link established Port not connected PoE Ports 1 4 PoE power provided to the port PoE enabled and PD device connected to the p...

Page 32: ...ailable options The following three bars are used in all menu pages Close Close page menu Closing the page without save of the changes will pop up a menu for the user to assure if the changes should be lost Click Yes to ignore changes and leave page Click No to return back to page Figure 3 9 Close pop up menu Apply Save new setting parameters In case changes in setting parameters a popup menu will...

Page 33: ...ails helps the system manager locate and identify devices in the network It is recommended to assign such details to each unit To define device information 1 Click on the System icon and select the from the System View menu the Properties tab Click on the Name field 2 Edit the Name Location and Contact fields 3 Click Apply 4 Text updated is displayed in Blue to indicate data is not send yet to the...

Page 34: ...power of the unit 3 5 4 Environment Figure 3 15 System View menu Environment tab The Environment tab displays the current operating temperature of the device as measured on board voltage of the device The temperature and voltage limits set for the unit define the alert thresholds The limits can be modified by a Technician level user at any time The temperature thresholds should only be changed if ...

Page 35: ... 3100 High voltage maximal value 3500 3 5 5 Factory Defaults Figure 3 17 System View menu Factory Defaults tab The unit default parameters can be restored at any time NOTE This can also be done through Telnet see Section 8 and LCS 2 FTTO Init Restoring the factory default settings will not affect the IP configurations or the Get Set Community settings To reload the unit default parameters from a T...

Page 36: ...can also be done through Telnet Section 8 Figure 3 19 System menu Commands tab To reset the unit from a Technician or Administrator level only 1 From the Commands tab click Reset Device A confirmation window appears Click Yes to confirm 3 6 Features Menus 3 6 1 Global Configuration Learning Switch Learning is always enabled and cannot be configured in this device Aging time Aging time can be set t...

Page 37: ...at node MAC address has elapsed Setting a too short value for aging time may cause addresses to be removed prematurely from the table In this case when the switch receives a packet for that destination it floods the packet to all ports This unnecessary flooding can impact network performance Setting too long an aging time can cause the address table to be filled with unused addresses it can cause ...

Page 38: ... carried over the trunk should be associated with the trunk port Figure 3 22 Features menu 802 1q VLAN Membership tab To configure VLAN membership 1 Click on the Features icon and select from the Features menu the VLAN Mode tab Select 802 1q VLAN Enabled 2 From the 802 1Q VLAN Membership tab click Add A prompt appears requesting a New VLAN ID number Enter a number that is not currently used by an ...

Page 39: ...uld be left unchecked and Egress Tag Insert should be checked If VLAN can be carried over another VLAN tag Egress Double Tag Support can be checked Figure 3 23 Features Menu 802 1q Port Settings tab The 802 1Q Port Settings tab is used for the VLAN configuration of specific ports Each port can be configured for A unique Default VLAN ID VID Tag Insert Tag Remove functionality on egressing and ingre...

Page 40: ...ntagged frames and to tagged frames double tag No double tag support on egress VLAN Filtering Filters frames for the VLAN membership of the marked port Frames are received unfiltered NOTES VLAN filtering operates on the port s incoming and outgoing frames A port whose VLAN Filtering is enabled will only forward a frame if it is a tagged frame of the VLAN that the port is a member of A non VLAN fra...

Page 41: ... go to the port line you wish to modify Horizontal lines and uncheck ports that the modified port should not be able to access 4 Click Apply and on the confirmation box click Yes NOTE Port Based VLAN cannot be active when 802 1q VLANs are active To select one or the other go to the VLAN Mode tab 3 6 6 Transparent VID Figure 3 25 Features Menu Transparent VID tab Transparent VID is a further enhanc...

Page 42: ...in flooding the network The STP creates a meshed network of connected Layer 2 bridges typically Ethernet switches and disables those links that are not part of the tree leaving a single active path between any two network nodes The IEEE 802 1w introduced an evolution of the STP known as Rapid Spanning Tree Protocol RSTP RSTP provides faster spanning tree convergence after a topology change Standar...

Page 43: ...ello messages to other network devices Enter a value from between 2 60 seconds Bridge Fwd Delay Determines how long each of the listening and learning states last before the port begins forwarding Enter a value between 2 60 seconds NOTE According to the Spanning Tree IEEE802 1D protocol a Bridge shall enforce the following relationships 2 X Bridge_Forward_Delay 1 0 seconds Bridge_Max_Age Bridge_Ma...

Page 44: ...ts State The current state of the port as a spanning tree member port Oper Edge Detects whether the port is an edge port usually connected to a user host device or a network port A network port will receive BPDU frames whereas an edge port will never receive BPDU frames Click Apply to activate and save the RSTP settings Note When Apply is clicked the system checks the validity of the parameters An...

Page 45: ...ulation application to log on to the manageable Mosaic switch unit and then configure the network IP parameters 4 1 Configuration via the Terminal Emulation Application NOTE This section describes the procedure for running the HyperTerminal emulation application The procedure may vary for other applications To set up the HyperTerminal application 1 Start HyperTerminal application used by PC Legran...

Page 46: ...n or per system configuration 4 1 1 Configuring the IP and Community Parameters The manageable Mosaic switch unit is shipped with the following defaults DHCP Disabled IP Address 192 168 0 100 Netmask 255 255 255 0 Default Gateway 192 168 0 1 TFTP Server Address 192 168 0 7 Get Community Public Set Community Private Default password mypass case sensitive Telnet password SUMMARY ...

Page 47: ...y entering Y 5 Enter a new password up to 12 alphanumeric characters It is recommended to use a combination of upper and lower case characters NOTE You will be prompted if the password is not within the required format This password is also used for Telnet access 6 Next the prompt Please enter IP parameters appears enabling you to configure the following IP parameters for the SNMP agent DHCP IP Ad...

Page 48: ...community strings for Get and Set commands The factory default community settings of the device are SNMP Get community public SNMP Set community private The TFTP prompt appears enabling to change the TFTP parameters which refer to firmware upgrades This is usually necessary at this stage Consequently press enter at each of the following prompts Refer to Section 7 2 for complete instructions on loc...

Page 49: ...ing In addition to the updated parameters the MAC address of the management agent also appears as well as the special features and the licensing key for such features if relevant Also displayed are three additional commands RSTFCT setlic and ping These commands described below are available any time via the CLI connection 4 1 1 1 The RSTFCT Command The RSTFCT command reset to factory defaults is u...

Page 50: ...stem will inform you that new license information is being stored The manageable Mosaic switch device must be restarted to activate the special feature The management application WizView or Web management must also be re started in order to view and manage the special feature 4 1 1 3 The PING Command When connecting the manageable Mosaic switch to the network or whenever network connectivity needs...

Page 51: ...le click the program icon to invoke the application The following screen is displayed Figure 4 3 LCS 2 FTTO Init Discovery screen Click Start to begin the discovery process When the process is complete the list of discovered devices is displayed Figure 4 4 LCS 2 FTTO Init Discovery screen Discovered Devices Select the device you wish to configure remotely The LCS 2 FTTO Init Password prompt dialog...

Page 52: ... The manageable Mosaic switch unit is shipped with the following defaults which can all be changed IP Address 192 168 0 100 Default Gateway 192 168 0 1 Subnetmask 255 255 255 0 DHCP Disabled Get Community Public Set Community Private FTP Server Address 192 168 0 7 Default password mypass The mypass password is case sensitive and applies to all configuration tools LCS 2 FTTO Init and Telnet 4 2 3 C...

Page 53: ...store default parameters at any time through the following ways From Telnet see Section 8 by typing the Restore Factory command From the Web management Click the System icon and select the Factory Defaults Press the Restore bar Using the LCS 2 FTTO Init application click the Commands menu and choose Reset Using the CLI connection type the RSTFCT command case sensitive The following parameters that...

Page 54: ... VLAN secured access through the uplink port option You can change the factory defaults via the Embedded web interface application or via the LCS 2 FTTO Init application Change factory defaults via Embedded web interface as follows 1 Log in to the Embedded web interface application as Technician 2 From the Embedded web interface application menu click System Config and then click the Configuration...

Page 55: ...Factory Defaults via Embedded web interface 3 Click Yes to restore the device s factory defaults 4 3 4 Configuring Active Management Interfaces Factory defaults configure all three management interfaces SNMP Web and Telnet to be active This configuration can be changed for the device to be only managed by one or a combination of two management interfaces To configure the management interfaces proc...

Page 56: ...llation and User Guide Page 56 of 87 Figure 4 10 Changing Management Interfaces 3 Under Management Interfaces make another selection from the Services field drop down list Figure 4 11 Changing Management Interfaces Services SUMMARY ...

Page 57: ...ods of Security Management Embedded web interface Application Web Management Telnet Community Strings SNMP Get Community and Set Community strings Yes Yes User Access Levels Three password protected user access levels Yes Yes Yes Single level Management Access List Restricts access only to managers whose IP address is defined on this list white list Yes Yes Yes Management Access Path Restricts acc...

Page 58: ...levels Guest Administrator and Technician For details see Section 3 1 1 and Section 3 1 2 5 1 3 Management Access List The management access list restricts management access only to managers whose IP address is listed in the device Access List Up to eight entries can be defined When the access list is enabled the device may be reached only by remote manager s whose IP address is listed in the acce...

Page 59: ... Enable 5 Click Apply and then click Yes in the verification window To delete an address select the address from the list and click Delete 5 1 4 Management Interfaces Factory defaults configure all three management interfaces SNMP Web and Telnet to be active This configuration can be changed so that the device can only be managed by one or a combination of two management interfaces To configure th...

Page 60: ...relevant traffic The manageable Mosaic switch enables assigning a dedicated VLAN to the internal management port Only frames belonging to that specific VLAN received from ports belonging to the same VLAN membership group can communicate with the management agent This type of VLAN configuration provides an additional level of security to the management access Assuming the switch operates in 802 1Q ...

Page 61: ...r basis like any standard PC notebook or other workstation It is not recommended to use MAC security for a passive device for instance a printer since passive devices do not initiate frame transmissions and therefore are not learned automatically by the device The MAC security feature is configurable only from the administrator and technician levels MAC security has two operation modes High Securi...

Page 62: ...nsmission through the port after the aging time of the approved address has elapsed It is important to keep this in mind when configuring the aging time parameters 5 2 1 3 To Configure MAC Access Security There are two modes of MAC security MAC Access Security is locally authenticated according to the approved MAC The Approved MAC is authenticated by the Radius server before continuing with the MA...

Page 63: ...abled Low Security Level The port is open forwards data for all devices as long as the approved MAC address exists on the port s look up table When the designated device is disconnected and its MAC address is removed from the port table the port blocks data communication to all devices High Security Level Only the designated approved MAC address can use the port i e only the approved MAC address e...

Page 64: ...gin information the Authenticator checks with the Authentication Server and performs the necessary action block or permit based on the results received from the Authentication Server The Authenticator uses RADIUS Remote Authentication Dial in User Service to communicate with the Authentication Server such as Freeradius Winradius or Radiator servers The Authenticator manageable Mosaic switch should...

Page 65: ...3 Activating the 802 1X Authentication Security Protocol Figure 5 6 Port View Window 802 1X Tab The 802 1X tab includes the following fields Mode Selection box that allows choosing between Enable and Disable Supplicant Addr MAC Address of the device connected to the port Status Text description of the current 802 1X status of the port User Name Displays the Logon Domain followed by the User Name a...

Page 66: ...1X Access Authentication Enabled icon 5 2 3 Secure HTTP Protocol HTTPS 5 2 3 1 General Description Hypertext Transfer Protocol Secure HTTPS is a combination of the Hypertext Transfer Protocol with the SSL TLS protocol to provide encryption and to secure identification of the server HTTPS connections are often used for sensitive transactions in corporate information systems HTTPS aims to create a s...

Page 67: ...Manageable Mosaic switch Installation and User Guide Page 67 of 87 5 2 3 2 Enabling HTTPS Figure 5 8 HTTPS Enabled icon SUMMARY ...

Page 68: ...and analysis includes port specific RMON and statistics counters and port monitoring mirroring viewing valid data of one port on another user defined port 6 1 Configuring SNMP Trap Destinations When a system event is detected the device sends a trap to a list of authorized SNMP managers The list of managers is configured through the management application NOTE The Trap destination list may be conf...

Page 69: ...on the network ports of the device are recorded Configuration changes that are initiated by the network manager are not considered events The viewed events may be acknowledged and filtered according to various user defined criteria The events recorded are Major Events Device voltage changes that exceed the thresholds and return to limits Internal temperature of the device changes that exceed the t...

Page 70: ...g to its severity Notify cyan Minor yellow Major red To Sort information From the Event Log window click any header to sort the information according to the selected header in ascending or descending order To acknowledge events From the expanded Event Log window select the requested event s in the table and click the Ack on the bottom right NOTE Only Administrator or Technician level users can ack...

Page 71: ...you wish to include in the filter Date Severity and or Source and define the appropriate filter parameters NOTE Unchecked Filters will result in displaying all the events related to that filter 3 In the Acknowledgement area select either Acknowledged or Not Acknowledged to filter events according to the parameters as required NOTE When neither check box in the acknowledge area is checked both Ackn...

Page 72: ... and recording valid data on a port by mirroring its traffic to another user allocated monitoring destination port User may monitor the egressing or both ingressing and egressing data of any port This feature can be used for network analysis as well as recording port traffic More than one port can be monitored on a single monitoring destination port To assure the integrity of the monitored data an...

Page 73: ... copied to the destination port When the device is reset the monitoring mode resets to None Egress Ingress Egress and ingress frames are copied to the destination port When the device is reset the monitoring mode resets to None NV Egress Only Only egress frames are copied to the destination port Mode remains on after system reset NV Egress Ingress Egress and Ingress frames are copied to the destin...

Page 74: ...ver that will be used to download new TFTP software versions to the device 5 Update the TFTP filename of the new software version to be downloaded to the device 6 The prompt Boot operation 1 Download image 2 Download content 3 Run appears enabling to download a file to the device or to continue Enter 1 Download image to download update the SNMP agent of the manageable Mosaic switch file with a bin...

Page 75: ...e the IP address of the TFTP server that will be used to download new TFTP software versions to the device 4 Update the TFTP filename of the new software version to be downloaded to the device 5 From the File Command list select the desired command Download image or Download content and monitor the download upload process in the Process and Status fields Figure 7 1 LCS 2 FTTO Init screen Firmware ...

Page 76: ... from the Command list Be sure to match the file type with the command bin with Download Image con with Download Content NOTE In order to perform a download or upload operation the Command being executed must be colored blue indicating a changed setting Clicking apply without changing the Command even if it was set in advance to your desired setting will not proceed with the command 5 While downlo...

Page 77: ...S 2 FTTO Bulk Source screen 2 In the File Server area update the server IP address the username and password used to connect to the server and the maximum number of devices that may connect to the server simultaneously Max Parallel Sessions 3 In the Download Commands area check the types of files to be downloaded to the devices upload not available through LCS 2 FTTO Bulk and list the file names t...

Page 78: ...ake sure the GET Community and SET community fields match the ones used by the user devices The default GET Community is public and the default SET Community is private 8 In the Targets area select all the devices to be updated from the list Use shift click and ctrl click to select multiple devices 9 Click on the Schedule tab Figure 7 5 LCS 2 FTTO Bulk Schedule screen 10 In the Start Time area sel...

Page 79: ...restart itself automatically 7 6 Firmware Licensing in order to activate optional features Special add on features can be purchased separately from Legrand To activate the feature s you need to acquire an activation key from Legrand and install it on the device through the Firmware licensing tab Each add on feature is represented by a single letter Multiple features can operate simultaneously When...

Page 80: ...ial Add on Feature s License Key After receiving the feature letter s and licensing key from Legrand Representative as explained in the previous section activate the feature s via the Embedded web interface or Web management application as explained below 1 Login to the Embedded web interface or Web management application as a Technician or Admin 2 From the Embedded web interface main screen click...

Page 81: ...s recommended to confirm that the new add on feature s have been properly activated by referring to new tabs relevant to the new features through the management applications Embedded web interface and Web management following the restart step If the validation key indicates fail then re check the feature string and license key and re start the key activation process If the validation key still doe...

Page 82: ...ed correctly In that case please make sure to make the following change in PuTTY configuration Terminal Local Echo Off and Local line editing Off 2 At the prompt enter the current password mypass is the factory default the password is case sensitive If the password is rejected please see the specific note for PuTTY in 6 2 1 The device prompt appears The device is ready to receive Telnet commands s...

Page 83: ...rt 2 egress set port 4 name Greg_laptop change port 4 name to Greg_laptop set port 3 vid 1160 change default VID of port 3 to 1160 Figure 8 2 Telnet Help on specific command 8 3 Selecting the static IP address of the device The static IP address used to manage the device cannot be updated using the web interface In order to perform this configuration change it is necessary to connect to the device...

Page 84: ...order to see what the current user level passwords are For security reasons the Telnet session will automatically terminate if there is no Telnet activity for approximately 60 seconds 8 4 1 Defining the Radius Server via Telnet 1 From the Start menu type Run Telnet and click OK At the Telnet prompt connect to the target device by typing its IP address exact syntax according to the operating system...

Page 85: ...ssign to that user level This will change the password for that particular user level as well as restore the last passwords assigned to the other two user levels see Section 0 8 5 Changing MAC Security via Telnet The following Telnet commands are used to set MAC security parameters set http password radius The login password is determined by Radius server settings set http password radius mac The ...

Page 86: ...ity Level 61 Management Remote Management Options 12 Management Access List 58 Management Access Path 60 Secure NMS Path 60 Monitoring and Analysis 68 Passwords Community String 46 52 58 74 75 User Name 14 Platforms 14 Port Port Monitoring 72 Port Name 18 RMON 68 71 Statistics 71 Power over Ethernet PoE 22 QOS 26 Rate Limit 27 Radius Server 15 16 61 64 84 Rate Limit 26 Remote Software Reset 36 RMO...

Page 87: ...Manageable Mosaic switch Installation and User Guide Page 87 of 87 ...

Reviews:

No comments