SignaMax 065-7910HPOEP Page 41 User Manual Download

Page: 41 / 89

8 Security

It mainly introduces Management Security, Port Authentication, MAC Authentication and

Storm Control.

The 802.1x protocol (802.1x for short) was developed by IEEE802 LAN/WAN committee to

address security issues of wireless LANs. It was then used in Ethernet as a common access

control mechanism for LAN ports to address mainly authentication and security problems.

802.1x is a port-based network access control protocol. It authenticates and controls devices

requesting for access in terms of the ports of LAN access control devices. With the 802.1x

protocol employed, a user-side device can access the LAN only when it passes the

authentication. Those fail to pass the authentication are denied when accessing the LAN, as

if they are disconnected from the LAN.

8.1 Management Security



Note: Enable 802.1x in

3 Advanced Configuration

before configuring Radius.

This page configures the 802.1x system as follows: Authentication RADIUS Server IP,

Authentication Port, Authentication Shared Key, Accounting RADIUS Server IP, Accounting

Port and Accounting Shared Key.

Authentication RADIUS Server IP:

IP address of the radius server to be used, a valid

unicast address in dotted decimal notation; the default value is 192.168.0.234.

Authentication Port:

UDP port number of the radius server, ranging from 0 to 65535; the

default value is 1812.

Authentication Shared Key:

Sets a shared key for radius messages. String length is 1 to 15

characters.

Accounting RADIUS Server IP:

IP address of accounting radius server to be used, a valid

unicast address in dotted decimal notation; the default value is 192.168.0.234.

Accounting Port:

UDP port number of the radius server, ranging from 0 to 65535; the

default value is 1813.

Accounting Shared Key:

Sets a shared key for accounting radius. String length is from 1

to 15 characters.

The authentication server system is an entity that provides authentication service to the

authenticator system. Normally in the form of a RADIUS server, the authentication server

system serves to perform AAA (authentication, authorization, and accounting) services to

users. It also stores user information, such as user name, password, the VLAN a user

belongs to, priority, and the ACLs (access control list) applied.

Set RADIUS configuration, including the authentication RADIUS server IP, authentication port,

authentication shared key, accounting RADIUS server IP, accounting port and accounting

Summary of Contents for 065-7910HPOEP

Page 1: ...065 7910HPOEP SIGNAMAX POE Series Industrial Ethernet Switches User Manual May 6 2014 Version V 1 0...

Page 2: ...SIGNAMAX POE Series Industrial Ethernet Switch 2 Revision History Revision Date Reason for change V1 0 2014 5 6 Initial release...

Page 3: ...4 2 Port Aggregation 14 4 2 1 Aggregate Groups 14 4 2 2 LACP Port Setting 15 4 2 3 Aggregate Basic Setting 16 4 2 4 LACP Status Setting 16 4 3 Port Bandwidth 17 4 4 Port Mirroring 17 4 5 POE 19 5 VLAN...

Page 4: ...9 1 1 Configuration 48 9 1 2 TLVs 51 9 1 3 LLDP Parameters 51 9 2 Neighbor Information 52 9 3 LLDP Statistics 52 10 Statistics 54 10 1 Port Status 54 10 2 Port Statistics 54 10 3 VLAN List 55 10 4 MAC...

Page 5: ...14 4 Event Configuration 77 14 4 1 Event 78 14 4 2 Event Log 78 15 Administration 79 15 1 Language 79 15 2 IP Configuration 79 15 3 SNTP 79 15 4 SMTP 80 15 5 E mail Alarm 80 15 5 1 System Event 80 15...

Page 6: ...nt AP network cameras etc It is designed to apply dual power supplies for redundancy with wide DC input range and support DIN rail and wall mounting for installation in industrial environments Recover...

Page 7: ...covery time 20ms RSTP STP for network redundancy 1 2 3 Port Introduction Model Ethernet Port Console port Power supply SIGNAMAX 065 7910HPOEP 8 X10 100BaseTX port 2X1000BaseX SFP slots 1X RS232 48VDC...

Page 8: ...r Status Description Power status indicator PWR Green On Power on Yellow Off Power off System status indicator Green On The system starts up successfully Green Off The system doesn t start up successf...

Page 9: ...the same subnet addresses of the switch For the first time set your PC IP address as 192 168 0 x x is any number from 1 to 254 except 253 subnet mask as 255 255 255 0 And then a login window will appe...

Page 10: ...ntrol LLDP Configures port LLDP and neighbor information and checks LLDP statistics information Statistics Checks Port Status Port Statistics VLAN List MAC Address Table IGMP Snooping Group Link Aggre...

Page 11: ...Information 11 2 System Information The device system information is shown as follows Through SNMP you can configure the corresponding system name and system location for each switch for convenient ma...

Page 12: ...3 Advanced Configuration 12 3 Advanced Configuration IGMP Snooping GVRP STP LACP LLDP 802 1X RecoverRing II and Modbus can be enabled or disabled globally on this page...

Page 13: ...ly use the best operating mode while is Force is selected it needs to configure the speed and duplex manually Speed Duplex There are four choices 10M Half 10M Full 100M Half and 100M Full Flow Control...

Page 14: ...k ID There are 13 groups T1 T13 Step 2 Specify the trunk name Step 3 Specify the trunk type Manual a manual trunk can only be manually set or deleted LACP can be disabled Static a static LACP trunk ca...

Page 15: ...ority and MAC address of this system priority number and operation key of the port Upon receiving the information the peer compares the information with the information of other ports on the peer devi...

Page 16: ...ximum member port number supported by the device the system will choose the ports with lower port numbers as the member ports Set LACP system priority from 1 to 65535 4 2 4 LACP Status Setting Set LAC...

Page 17: ...ss rate limit which means the port will run in full speed for egress traffic You can also select a specific egress rate from the drop down list for a port When completing the configuration click apply...

Page 18: ...ring state Step 2 If mirroring state is enabled choose a port as the monitoring port Caution Monitoring port cannot be link aggregration port Only one port can be selected as monitoring port Monitorin...

Page 19: ...gy for such equipments This page has three tabs to configure various parameters POE 1 POE configuration Power management mode Allocation Class Allocation mode can be directly assigned to the PD power...

Page 20: ...transmission provide up to 30W power supply for each POE port Off by default Priority You can select the Optional of important high or low by default the priority is low Maximun Power According to the...

Page 21: ...host in the network receives a lot of packets whose destination is not the host itself Thus plenty of bandwidth resources are wasted causing potential serious security problems The traditional way to...

Page 22: ...1 Advanced page so that you can enter the Port based VLAN configuration page On its page the user can create a new VLAN group with specific VID and VLAN group name Up to 255 VLAN groups can be created...

Page 23: ...rce MAC address as shown in the follow figure of Encapsulation format of traditional Ethernet frames DA refers to the destination MAC address SA refers to the source MAC address and Type refers to the...

Page 24: ...o the default VLAN of the inbound port for transmission Note Select 802 1Q VLAN from the VLAN Mode in 5 1 Advanced so that you can enter the 802 1Q VLAN configuration page 5 3 1 802 1Q VLAN Setting On...

Page 25: ...port from the VLAN group However the port can be added to the VLAN group through GVRP Forbidden Does not allow the port to be added to the VLAN group even if GVRP indicates so 5 3 3 802 1Q Port This t...

Page 26: ...ile Admit Only Tagged accepts only tagged packages and discards untagged ones VLAN Ingress Filter When enabled an Ethernet package is discarded if this port is not a member of the VLAN with which this...

Page 27: ...be registered can be propagated to all the switches in the same switched network GARP uses the following timers Join Timer To transmit the Join messages reliably to other entities a GARP entity sends...

Page 28: ...mically It only propagates static VLAN information That is a trunk port only permits the packets of manually configured VLANs in this mode even if you configure the port to permit the packets of all t...

Page 29: ...5 VLAN 29...

Page 30: ...telemedicine video telephone video conference and Video on Demand VoD The enterprise users expect to connect their regional branches together through VPN technologies to carry out operational applica...

Page 31: ...queue with lower priority are sent You can put critical service packets into the queues with higher priority and put non critical service such as e mail packets into the queues with lower priority In...

Page 32: ...1p priority and the local precedence cannot satisfy the user s need you can modify the map from 802 1p priority to local precedence to change the relationship between 802 1p priority and transmit que...

Page 33: ...6 QoS 33...

Page 34: ...cast MAC Address Specifies the destination MAC address Port Specifies the port of the outbound interface Type Choose among Dynamic Static and Blackhole Static MAC address entry Also known as permanent...

Page 35: ...point data transmission By allowing high efficiency point to multipoint data transmission over a network multicast greatly saves network bandwidth and reduces network load With the multicast technolog...

Page 36: ...ast group Typically a multicast source does not need to join a multicast group An information sender is referred to as a multicast source A multicast source can send data to multiple multicast groups...

Page 37: ...packets to the multicast address 01 ac 2b 4e 32 55 Caution Multicast MAC address cannot configured on Link aggregation ports 7 3 IGMP Snooping Configuration Note Before configuring IGMP Snooping firs...

Page 38: ...is used more and more It adds the multicast source filtering function which enabled the receiver be able to specify the multicast group to join in as well as specify the multicast source to receive m...

Page 39: ...ly connected to multicast devices which is the IGMP Querier The lower part of this page lists static router ports of all VLANs Caution the router port should be within the VLAN Please refer to 5 VLAN...

Page 40: ...query packets to all the hosts and router ports After it times out it will delete the port form the group It is in the range of 1 to 255 by default the value is 125 seconds Max Response Time The maxi...

Page 41: ...ver IP IP address of the radius server to be used a valid unicast address in dotted decimal notation the default value is 192 168 0 234 Authentication Port UDP port number of the radius server ranging...

Page 42: ...packet to ask the 802 1x client for the user name The 802 1x client responds by sending an EAP response identity packet to the switch with the user name contained in it The switch then encapsulates th...

Page 43: ...1x is enabled you can further configure port control re authentication and Guest VLAN Auto Specify to operate in auto access control mode When one port operates in this mode all the unauthenticated h...

Page 44: ...orderly way Quiet Period Set the quiet period when a supplicant system fails to pass the authentication the switch quiets for the set period before it processes another authentication request re init...

Page 45: ...range of 1 to 300 the default value is 30 seconds Max Request Count Set the maximum number of times that a switch sends authentication request packets to a user It is in the range of 1 to 10 and the...

Page 46: ...rocess is affected by the following timers Offline detect time Sets the time interval for a switch to test whether a user goes offline Upon detecting a user is offline a switch notifies the RADIUS ser...

Page 47: ...lead to traffic congestion If the transmission rate of the three kind packets exceeds the set bandwidth the packets will be automatically discarded to avoid network broadcast storm This page sets thre...

Page 48: ...bors in a standard management information base MIB It allows a network management system to fast detect Layer 2 network topology change and identify what the change is 9 1 Management LLDP 9 1 1 Config...

Page 49: ...2 SNAP encapsulated LLDPDU format Field Description Destination MAC address The MAC address to which the LLDPDU is advertised It is fixed to 0x0180 C200 000E a multicast MAC address Source MAC addres...

Page 50: ...ng in Tx and Rx mode or Tx Only mode sends LLDPDUs to its directly connected devices both periodically and when the local configuration changes To prevent the network from being overwhelmed by LLDPDUs...

Page 51: ...t name and the version of the interface hardware software System Name Identifies the administratively assigned name for the device System Description A textual description of the device this value typ...

Page 52: ...umber of fast sending packets It is in the range of 1 to 10 and the default value is 3 Caution Tx Interval and Tx Delay both should be smaller than TTL otherwise it will cause the neighbor device be u...

Page 53: ...9 LLDP 53...

Page 54: ...ts TxBadPkts RxGoodPkts RxBadPkts TxAbort Collision and DropPkt of each Ethernet port TxGoodPkts The total number of outgoing normal packets on the port including outgoing normal packets and normal pa...

Page 55: ...des Static and Dynamic Tagged lists all ports from which packets are sent tagged Untagged lists all ports from which packets are sent untagged and Forbidden lists all ports that cannot be added to the...

Page 56: ...fixed to Manual 10 6 2 Static Trunking Group This page shows static trunk information including Trunk ID Trunk Name Type and Port List Type is fixed to Static 10 6 3 LACP Trunking Group This page sho...

Page 57: ...rs BPDUs contain sufficient information for the network devices to complete the spanning tree calculation 3 Basic concepts in STP 1 Root bridge A tree network must have a root hence the concept of roo...

Page 58: ...signated port is the port AP1 on Device A Two devices are connected to the LAN Device B and Device C If Device B forwards BPDUs to the LAN the designated bridge for the LAN is Device B and the designa...

Page 59: ...s by default Forward Delay Time This value is in the range of 4 to 30 seconds and is 15 seconds by default To prevent the occurrence of a temporary loop when a port changes its state from discarding t...

Page 60: ...IP address While enabling port fast can avoid this problem Root protection By default the root protection function is disabled Due to configuration error or malicious attack the root bridge in the net...

Page 61: ...DUs received on the port and ignores the protocol type If the switch receives an 802 1d BPDU after the port s migration delay timer is expired it assumes that it is connected to an 802 1d switch and s...

Page 62: ...tection function is disabled on an edge port configuration BPDUs sent deliberately by a malicious user may reach the port If an edge port receives a BPDU it changes itself to be a non edge port Cautio...

Page 63: ...ime is in second while RecoverRing II can cover the communication more quickly and the nodes in the ring don t affect the recovery time of RecoverRing II so it can used in large diameter network Recov...

Page 64: ...rotocol packets within the RecoverRing II Protect VLAN It is used for transferring data packets When a VLAN is created in a ring this VLAN must be configured as a Protect VLAN or Control VLAN Fast det...

Page 65: ...pling function of the selected ring To enable this function the associated ring must be enabled first Coupling Mode There are four coupling modes Dual homing Coupling Primary Coupling Backup and Peer...

Page 66: ...switch It is in the range of 1 to 10 seconds The default value is 1 second FailTime Sets fail time of the switch It is in the range of 3 to 30 seconds and the default value is 3 seconds FastHelloTime...

Page 67: ...12 RecoverRing II Configuration 67 To set those parameters the following rules shall be met 3 HelloTime FailTime and 3 FastHelloTime FastFailTime...

Page 68: ...es data types and error codes SNMPv3 uses a user based security model USM to secure SNMP communication You can configure authentication and privacy mechanisms to authenticate access and encrypt SNMP N...

Page 69: ...o 16 characters Select the privilege RW and RO RO Specifies the community that has been created has read only permission to access MIB objects Communities of this type can only query MIBs for device i...

Page 70: ...ecimal number in cipher text if MD5 algorithm is used or a 40 bit hexadecimal number in cipher text if SHA algorithm is used Privacy Algorithm Select the Privacy Algorithm for the SNMP v3 User Disable...

Page 71: ...ost to receive the traps The bottom part of this page lists all existing trap host IP addresses They can be deleted 13 2 3 Trap Port Enable or disable the trap function for each port The trap informat...

Page 72: ...ged devices operate normally and the change of physical status of interfaces Traps in RMON and those in SNMP have different monitored targets triggering conditions and report contents RMON provides an...

Page 73: ...ets that are longer than 1518 octets excluding framing bits but including FCS octets and has either a bad FCS with an integral number of octets FCS Error or a bad FCS with a non integral number of oct...

Page 74: ...er about its transmitting situation Port The Ethernet port for collecting statistics Owner The entity that configured this entry and is therefore using the resources assigned to it Sampling interval s...

Page 75: ...n None Unicast Pks In Discarded Pks In Error Pks In Unknown Protocol Pks Out Octets Out Unicast Pks Out None Unicast Pks Out Discarded Pks Out Error Pks RMON Drop Events RMON Received Octets RMON Rece...

Page 76: ...compared directly with the thresholds at the end of the sampling interval If the value of this object is deltaValue 2 the value of the selected variable at the last sample will be subtracted from the...

Page 77: ...Select Startup Alarm rising alarm falling alarm and rising or falling alarm Startup Alarm The alarm that is sent when this entry is set to be valid for the first time If the first sample after this en...

Page 78: ...pe of notification that the probe makes about this event None No action Log The result will be shown in Event Log Trap The switch will send trap to the specified trap host refer to 13 2 2 Trap Host IP...

Page 79: ...rvers and clients to ensure high clock accuracy SNTP Mode Select Service mode or Client mode If you select Client mode you need to specify the IP address of the NTP server A client sends a clock synch...

Page 80: ...password for source e mail account Click Test to check whether the configuration is correct If it is correct the destination mail will receive an e mail 15 5 E mail Alarm This page sets the events th...

Page 81: ...mentioned in 14 RMON of this manual 15 5 2 Port Event This page sets port event alarm configuration including Port Alarm Type Traffic Overload Traffic Threshold and Traffic Duration Port Specify the...

Page 82: ...figuration including Power A Failure Power B Failure and RecoverRing II Broken Power A Failure Enable or disable to trigger relay alarm when power A is off Power B Failure Enable or disable to trigger...

Page 83: ...tatistics duration time for calculating port traffic Note Traffic Overload Traffic Threshold and Traffic Duration are interrelated When Traffic Overload is enabled Traffic Threshold shall be set with...

Page 84: ...rname Password and Privilege for the new account are set on this page Username Username a string of 3 to 16 characters Password Password a string of 1 to 16 characters Privilege Choose user or admin U...

Page 85: ...the TFTP server and receives acknowledgement packets from the TFTP server The TFTP service mentioned in this section refers to TFTP client function of switch When an SIGNAMAX POE series Ethernet indus...

Page 86: ...n file will be uploaded to TFTP server with the specified File Name after Apply button is clicked 15 10 3 Restore Configuration This page sets a TFTP Server IP and File Name Before restoring a configu...

Page 87: ...5 12 Reset There are two tab pages Reset and Reset To Default Reset The switch will be reset to the factory default setting except that the IP address and user accounts are kept unchanged Reset To Def...

Page 88: ...16 Logout 88 16 Logout Click Logout on the left menu to log out from the switch and close the browser...

Page 89: ...ch MIB List RFC1213 MIB RFC1643 EtherLike MIB RFC1573 IF MIB RFC1493 BRIDGE MIB RFC2674 P BRIDGE MIB FMC SWITCH MIB RFC1757 RMON MIB RFC2674 Q BRIDGE MIB FMC IGMP SNOOPING MIB RSTP MIB FMC SWITCH MAC...

Search results

Summary of Contents for 065-7910HPOEP

Reviews:

Related manuals for 065-7910HPOEP

Brands by name

Popular brands

SignaMax 065-7910HPOEP, User Manual

Search results

Summary of Contents for 065-7910HPOEP

Reviews:

Related manuals for 065-7910HPOEP

Brands by name

Popular brands