Black Box LE2425A Скачать руководство пользователя страница 35 | Manualshive

Страница: 35 / 143

background image

MNS-BB

Software User Guide

-24-

6.0 Security

Features

6.1

Manager and Operator passwords:

You can gain access and privileges for the command line through either the console port or through
the network by using Telnet . The features described in this chapter enhance security controls against
unauthorized access through the network.

6.2

Console access interface and the CLI.

There are two levels of console access:

Manager

and

Operator

. For security, you can set a password

on each of these levels.

6.2.1 Manager

This level allows access to all console interface areas.
Please change the default Manager Password to limit access of unauthorized people to the
configuration area of the console interface.

6.2.2 Operator

This level allows access to the Status, Event Log, and CLI levels but does not allow Configuration
capabilities.
On the Operator level, the Configuration Context, Download Application, and Reboot Switch option
are not accessible.

6.3

To use password security:

1. Set a Manager password (and an Operator password, if applicable for your system).
2. Exit from the current console session. A Manager password will now be needed for full access to
the console. Assuming that both a Manager password and an Operator password have been set, the
level of access to the console interface will be determined by which password is entered in response
to the prompt. The manager and operator passwords control access to the CLI.

Note

: Passwords are case-sensitive.

6.4

CLI: Setting Manager and Operator Passwords

6.4.1

Configuring Manager and Operator Passwords

This procedure prompts you to enter a password twice to help verify that you have correctly entered
the desired characters.

Syntax:

set password

LE2425A#

set password

Enter old password:********
Enter new password:*********
Confirm password :*********
Password changed successfully

Note:

Password must be 4-10 characters

(For more details, please refer

chapter

3)

6.5 Access

Levels

For each authorized user, the Manager and Operator have specific access levels (For Details, Please
see

Chapter 2

).

6.6

Configuring and Monitoring Port Security

The port security feature can be used to block input to an Ethernet, Fast Ethernet, or Gigabit Ethernet
port when the MAC (Media Control Address) of the station attempting to access the port is different
from any of the MAC addresses specified for that port. In the event of security violation, the port can
be configured to go into the disable mode or drop mode. The drop mode allows the user to configure
the port to remain enabled during a security violation and drop only packets that are coming in from
insecure hosts.

Network security hinges on the ability to allow or deny access to network resources. The access

«
...
33
34
35
36
37
...
»

Содержание LE2425A

Страница 1: ...hours 7 A M Monday to midnight Friday 877 877 BBOX FREE technical support 24 hours a day 7 days a week Call 724 746 5500 or fax 724 746 0746 Mail order Black Box Corporation 1000 Park Drive Lawrence...

Страница 2: ...LE2425A LEV2525A Switch Software User Guide MNS BB...

Страница 3: ...and Web Interface for LE2425A and LEV2525A Switches If you need information on a specific command in the CLI type the command name after you type the word help help command or just type command Enter...

Страница 4: ...in a commercial environment Operation of this equipment in a residential area is likely to cause interference in which case the user at his own expense will be required to take whatever measures may b...

Страница 5: ...a su uso La colocaci n del aparato el ctrico sobre una cama sof alfombra o superficie similar puede bloquea la ventilaci n no se debe colocar en libreros o gabinetes que impidan el flujo de aire por l...

Страница 6: ...cable de poder o el contacto ha sido da ado u B Objectos han ca do o l quido ha sido derramado dentro del aparato o C El aparato ha sido expuesto a la lluvia o D El aparato parece no operar normalment...

Страница 7: ...WEB INTERFACE 10 4 1 Overview 10 4 2 General Features 10 4 3 Session with the Switch 11 4 4 User Management 12 4 4 1 To set the passwords 12 4 5 Status Reporting Features 13 4 5 1 The Device View 13...

Страница 8: ...AGERS TO PROTECT AGAINST UNAUTHORIZED ACCESS 32 7 1 Authorized IP Manager Features 32 7 2 Access Levels 32 7 2 1 Authorizing Single Stations 32 7 2 2 Authorizing Multiple Stations 32 7 3 Overview of I...

Страница 9: ...iffServ 55 11 5 PQ Priority Queuing 56 11 6 QoS Management 56 11 7 QoS on Ethernet 57 11 8 CLI 57 11 8 1 To set the QoS type on the switch 57 11 8 2 Functions of QoS settings 57 11 9 To tag untagged p...

Страница 10: ...15 4 2 Displaying the Configuration for a Particular VLAN 84 15 5 Creating a New Static VLAN 84 15 5 1 Changing the VLAN Context Level 84 15 6 Effect of VLANs on Other Switch Features 85 15 6 1 VLAN...

Страница 11: ...20 22 7 Web View and Configure 802 1x 121 23 0 TROUBLESHOOTING 122 23 1 Overview 122 23 2 Troubleshooting Approaches 122 23 3 Console Access Problems 122 23 4 Unusual Network Activity 122 23 5 General...

Страница 12: ...atible with your network Also you should change the Manager password to control access privileges from the console The default password is manager for the Manager user and operator for the Operator us...

Страница 13: ...tion Y or N The switch is now configured with a Manager Password IP address and subnet mask and can be accessed through the Console Telnet Web or an SNMP based network management tools Here is some in...

Страница 14: ...interface a switch interface offering status information and a subset of switch commands through a standard web browser such as Netscape Navigator or Microsoft Internet Explorer This manual describes...

Страница 15: ...termining available options and variables 2 4 CLI Usage To perform specific procedures such as configuring IP addressing or VLAN or any other module To monitor and analyze switch operations 2 5 Advant...

Страница 16: ...e following privilege levels to prevent unauthorized access to the switch Operator Manager When you use the CLI mode to make a configuration change the switch writes the changes to the Running Configu...

Страница 17: ...or prompt LE2425A _ The Manager prompt Global Configuration level Provides all Operator and Manager level privileges and enables you to make configuration changes to any of the switch s software featu...

Страница 18: ...ailable at both the Operator and Manager levels Privilege Level Example of Prompt and Permitted Operations 3 5 1 Operator Privilege View status and configuration information Perform connectivity tests...

Страница 19: ...mand usage of specific commands 3 5 5 Displaying Help for an Individual Command You can display Help for any command that is available at the current context level by typing help then entering enough...

Страница 20: ...Syntax TAB Or Command string TAB Or First character of the command TAB For example TAB will list the available commands in the particular privilege level LE2425A TAB clear enable exit help logout pin...

Страница 21: ...tarting a web browser interface session Tasks for your first web browser interface session Creating usernames and passwords in the web browser interface Getting access to online help for the web brows...

Страница 22: ...Session with the Switch 1 You can start a web browser session using a standalone web browser on a network connection from a PC or UNIX workstation Directly connected to your network Connected through...

Страница 23: ...d write access to the web browser interface To Set the Device Passwords Window 4 4 1 To set the passwords 1 Go to Administration User Management 2 Click in the appropriate box in the Passwords window...

Страница 24: ...Help is available for the web browser interface You can use it by clicking on the Help button in the navigation bar of the web browser interface screens Context sensitive help is provided with in the...

Страница 25: ...k activity on each port The following figure shows a sample reading of the Port Utilization and Port Status 4 5 3 Port Utilization The Port Utilization bar graphs show the network traffic on the port...

Страница 26: ...other end may be powered off or inoperable or the cable or connected device could be faulty Port Disabled the port has been configured as disabled through the web browser interface the switch console...

Страница 27: ...hort narrative statement that describes the event For example Vlan with this Vlan name already exists Sorting the Alert Log Entries The alerts are sorted by default by the Date Time field with the mos...

Страница 28: ...will auto configure the IP Refer to DHCP Bootp Operation for information on setting up automatic configuration from a server For information on how IP addressing affects switch performance refer to Ho...

Страница 29: ...rily leased from the DHCP Periodically the switch may be required to renew its lease of the IP configuration Thus the IP addressing provided by the server may be different each time the switch reboots...

Страница 30: ...into an appropriate Bootp server The necessary network connections are in place The Bootp server is accessible from the switch 5 3 7 Globally Assigned IP Network Addresses If you intend to connect yo...

Страница 31: ...eeds are handled by a telnet server program running on the remote computer It should be emphasized that the telnet server can pass on the data it has received from the client to many other types of pr...

Страница 32: ...le s set successfully For more details see chapter SNMP 5 7 Configure the Date and Time The switch uses the date command to configure the date Note that the CLI uses either a 12 or 24 hour clock schem...

Страница 33: ...time when daylight saving time shifts occur Syntax set timezone GMT or hour 0 14 min 0 59 set timeformat format 12 24 set daylight country country name Note For more details please read Appendix A 5...

Страница 34: ...aveconf 2 Erase current configuration Command kill config 3 Hard boot the switch to get the factory default configuration 5 9 Web Configuring IP Addressing You can use the web browser interface to acc...

Страница 35: ...the level of access to the console interface will be determined by which password is entered in response to the prompt The manager and operator passwords control access to the CLI Note Passwords are...

Страница 36: ...of a detected attempted security violation to a network management station and disables the port Note There is a limitation of 200 MAC addresses per port and 500 MAC addresses per Switch for Port Sec...

Страница 37: ...enable disable LE2425A port security ps enable This command enables the port security and switch is now ready to learn the MAC addresses To See the Authorized Devices Syntax show port security LE2425...

Страница 38: ...list range type none disable drop User can set the action type none disable or drop for un authorized devices for secured ports LE2425A port security action port 11 drop Port security Action type set...

Страница 39: ...44 AM PS INTRUDER 00 02 b3 64 d8 cf port17 packet dropped A 01 01 2001 12 05 44 AM PS INTRUDER 00 e0 29 09 5d be port17 packet dropped A 01 01 2001 12 05 48 AM PS INTRUDER 00 02 b3 08 d2 22 port17 pac...

Страница 40: ...server s identity SSL enabled client software can use standard techniques of public key cryptography to check that a server s certificate and public ID are valid and have been issued by a certificate...

Страница 41: ...eloped for RSA Data Security RSA A public key algorithm for both encryption and authentication RSA key exchange A key exchange algorithm for SSL based on the RSA algorithm SHA 1 Secure Hash Algorithm...

Страница 42: ...access ssl enable SSL is enabled To see the status of SSL and Web Syntax show ssl LE2425A show ssl SSL TLS is enabled Syntax show web LE2425A show web HTTP is enabled Current HTTP type is secure If S...

Страница 43: ...the Authorized Managers feature 7 2 2 Authorizing Multiple Stations The table entry uses the IP Mask to authorize access to the switch from a defined group of stations This is useful if you want to e...

Страница 44: ...mask also as shown below Syntax deny ip ipaddress mask netmask service name list LE2425A access deny ip 10 28 227 101 mask 255 255 255 0 service telnet To Edit an Existing Access Entry To change the m...

Страница 45: ...55 If a bit in an octet of the mask is on set to 1 then the corresponding bit in the IP address of a potentially authorized station must match the same bit in the IP address you entered in the Authori...

Страница 46: ...o eliminate a web proxy server from the path between a station and the switch Even if you need proxy server access enabled in order to use other applications you can still eliminate proxy service for...

Страница 47: ...raffic monitoring and network activity analysis tools 8 2 SNMP v1 v2 and v3 LE2425A and LEV2525A switches support all three versions of SNMP viz SNMP v1 v2 and v3 User can switch between version 1 and...

Страница 48: ...details Blackbox Proprietary MIB 8 5 Configuring for SNMP Access to the Switch SNMP access requires an IP address and subnet mask configured on the switch In other words Network stacks should be confi...

Страница 49: ...ot specify restricted or unrestricted for the read write MIB access the switch automatically restricts the community to read access for the MIB 8 7 1 Adding SNMP Communities in the Switch The followin...

Страница 50: ...he network The security features provided in SNMPv3 are Message integrity Ensuring that a packet has not been tampered with in transit Authentication Determining the message is from a valid source Enc...

Страница 51: ...enticating and encrypting SNMPv3 packets are generated as a function of the authoritative SNMP engine s engine ID and user passwords When an SNMP message expects a response for example get exact get n...

Страница 52: ...NMP users that belong to a common SNMP list that defines an access policy in which object identification numbers OIDs are both read accessible and write accessible Users belonging to a particular SNMP...

Страница 53: ...port SNMPv1 access If all the agent supports v1 v2c and v3 SNMP accesses Note By default SNMPv1 is enabled LE2425A set snmp type v1 LE2425A show snmp SNMP CONFIGURATION INFORMATION SNMP Get Community...

Страница 54: ...on done default VACM enabled Syntax engineid string string The agent has to have an engineID to be able to respond to SNMPv3 messages The default engine ID value is 6K_v3Engine This command allows the...

Страница 55: ...ap add id 1 type v1 host 10 21 1 100 Entry is added successfully Syntax show trap id id This commands shows the configured trap stations in tabular format id optional the trap entry number in the tabl...

Страница 56: ...d this shows a specific entry LE2425A snmpv3 show group ID Group Name Sec Model Com2Sec ID 1 v1 v1 1 2 3 4 5 6 7 8 9 10 LE2425A snmpv3 show group id 1 Group ID 1 Group Name v1 Model v1 Com2Sec ID 1 Sy...

Страница 57: ...om group security model security level to a view A user can add up to 10 access entries LE2425A snmpv3 access add id 1 accessname v1 model v1 level noauth read 1 write none notify none Entry is added...

Страница 58: ...d Ethernet Statistics Group maintains utilization and error statistics for the switch port being monitored History Group gathers and stores periodic statistical samples from previous Statistics Group...

Страница 59: ...lyzer can be attached 9 2 1 CLI Configuring Port Monitoring You must use the following configuration sequence to configure port monitoring in the CLI 1 Assign a monitoring mirroring or sniffer port 2...

Страница 60: ...assigns the monitor and sniffer ports 9 3 Limitation One port can monitor at a time Source port and sniffer port must be the members of the same VLAN 9 4 Web Viewing Port Monitor status In the web br...

Страница 61: ...data transfer operation setting 10 100Base T ports Auto default Senses speed and negotiates with the port at the other end of the link for data transfer operation half duplex or full duplex Note Ensu...

Страница 62: ...packets and drops received flow control packets Enabled The port uses 802 3x Link Layer Flow Control generates flow control packets and processes received flow control packets With the port mode set...

Страница 63: ...is Auto negotiation Enabled Before changing the port setting of a copper port you have to Disable the Auto negotiation LE2425A device setport port 1 4 7 speed 100 duplex full Similarly to configure a...

Страница 64: ...storms on each interface Port A network administrator can set the maximum number of broadcast frames Threshold value that are permitted from a particular interface every second If that maximum number...

Страница 65: ...the packet storm you need to set up the threshold value Threshold value should be less than the current rate LE2425A Device rate threshold port 20 rate 3500 LE2425A Device show broadcast protect PORT...

Страница 66: ...ighest The LE2425A and LEV2525A switches have two priority queues 1 low and 0 high When a tagged packet enters a switch port the switch responds by placing the packet into one of the two queues 11 3 I...

Страница 67: ...xample IP IPX or AppleTalk incoming interface packet size source destination address and so on In PQ each packet is placed in one of two queues high or low based on an assigned priority Packets that a...

Страница 68: ...Port QOS b Tag QOS c Tos QOS Layer 3 d None Note Not all packets received on a port have high priority IGMP and BPDU packets have high priority by default 11 8 2 Functions of QoS settings Port QOS If...

Страница 69: ...traffic with an IP Precedence field value of 7 gets a lower weight than traffic with an IP Precedence field value of 3 and thus has priority in the transmit order Syntax set weight weight 0 7 Once you...

Страница 70: ...ority queue All tagged frames will be directed to either the low or high priority queue as specified 11 9 To tag untagged packets When a packet is received untagged and has to be transmitted with an a...

Страница 71: ...nfiguration 2 Click on QoS 3 Click on Modify 4 After you make the desired changes click on OK button 5 Click Save to save the configuration 12 0 IGMP 12 1 Overview In a network where IP multicast traf...

Страница 72: ...also function as the querier If you need to disable the querier feature you can do so through the IGMP configuration MIB Refer to Changing the Querier Configuration Setting 12 3 IGMP Operating Feature...

Страница 73: ...by a host to the querier to indicate that the host has ceased to be a member of a specific multicast group Thus IGMP identifies members of a multicast group within a subnet and allows IGMP configured...

Страница 74: ...tches 3 and 4 Either of these switches can operate as querier because a multicast router is not present on the network If an IGMP switch does not detect a querier it automatically assumes this role as...

Страница 75: ...f 224 0 0 0 to 224 0 0 255 will always be flooded because addresses in this range are well known or reserved addresses Thus if IP Multicast is enabled and there is an IP multicast group within the res...

Страница 76: ...the command show group in IGMP command context will show the multicast groups being snooped For example LE2425A igmp show group The GroupIp column shows the multicast groups PortNo shows the port wher...

Страница 77: ...mp show igmp IGMP State Enabled ImmediateLeave Disabled Querier Enabled Querier Interval 125 Querier Response Interval 10 LE2425A igmp set querier disable IGMP querier status is disabled LE2425A igmp...

Страница 78: ...te Enabled ImmediateLeave Disabled Querier Disabled Querier Interval 125 Querier Response Interval 11 Every port can be individually set to three different IGMP modes please see section Showing IGMP P...

Страница 79: ...e The default mode is Auto 12 15 Web Configure and View In the web browser interface 1 Click on the Configuration 2 Click on IGMP 3 Click on Information 4 Click on Modify button 5 After you make the d...

Страница 80: ...ty 32768 max age 20 s hello time 2 s fwd delay 15 s reconfiguring per port STP path cost var priority 128 mode norm monitoring STP n a In the factory default configuration STP is off If a redundant li...

Страница 81: ...st This field indicates the root ports path cost A path cost is assigned to individual ports for the switch to determine which ports are the forwarding points A higher cost means more loops a lower co...

Страница 82: ...tion against redundant loops that can significantly slow or halt a network Go to STP configuration mode to configure STP Syntax stp enter LE2425A stp enter LE2425A stp To enable disable STP Syntax stp...

Страница 83: ...between the learning state to the forwarding state Syntax to set the above mentioned parameters priority port number list range value 0 255 0 65535 cost port number list range value 0 65535 time forwa...

Страница 84: ...ation Spanning Tree Enabled Global YES Spanning Tree Enabled Ports NO Bridge Priority 32768 Bridge Forward Delay 15 Bridge Hello Time 2 Bridge Max Age 20 Root Port 0 Root Path Cost 0 Designated Root 8...

Страница 85: ...1 Root Path Cost 100 Designated Root 80 00 00 01 96 ed a7 80 Designated Root Priority 32768 Root Bridge Forward Delay 15 Root Bridge Hello Time 2 Root Bridge Max Age 20 LE2425A stp priority value 6553...

Страница 86: ...1 96 ed a7 80 80 20 02 TP 10 100 128 100 Disabled ff ff 00 20 06 25 00 62 80 02 03 TP 10 100 128 100 Disabled ff ff 00 20 06 25 00 62 80 03 04 TP 10 100 128 100 Disabled ff ff 00 20 06 25 00 62 80 04...

Страница 87: ...s effective it requires that frame transfer must halt after a link outage until all bridges in the network are sure to be aware of the new topology Using the Spanning Tree Protocol IEEE 802 1d recomme...

Страница 88: ...the switch ports are connected to switches or bridges on your network that do not support RSTP RSTP can still be used on this switch RSTP automatically detects when the switch ports are connected to n...

Страница 89: ...14 7 1 Main Context Commands Switch between STP and RSTP Syntax set stp type stp rstp LE2425A set stp type rstp This command sets the current STP to either STP or RSTP To see the active STP STP or RST...

Страница 90: ...stp This command sets the stp or RSTP compatibility mode Syntax show forceversion User can see the current forced version using this command LE2425A rstp show forceversion Force Version Normal RSTP To...

Страница 91: ...e connected to end nodes During spanning tree establishment these ports transition immediately to the Forwarding state Disable this feature on all switch ports that are connected to another switch or...

Страница 92: ...ts are not running at full duplex All connections to hubs are not full duplex You can also set this parameter to ON such as to another switch or bridge or to an end node force true This parameter shou...

Страница 93: ...n external router is required to enable separate VLANs on a switch to communicate with each other 15 2 VLAN Support and the Default VLAN In the factory default configuration VLAN support is enabled an...

Страница 94: ...one type of VLAN at a time The user has to set the VLAN type before configuration Steps To set the type of Vlan that you are going to use Syntax set vlan type port tag none LE2425A set vlan type port...

Страница 95: ...the VID to identify and display the data for a specific static VLAN Syntax show vlan type port id vlanid LE2425A show vlan type port id 2 VLAN ID 2 Name Engg Status Active PORT STATUS 9 UP 10 DOWN 11...

Страница 96: ...the default VLAN DEFAULT VLAN VID 1 Before you can delete a VLAN you can optionally re assign all ports in the VLAN to another VLAN Ports that are members of other VLANs will retain these memberships...

Страница 97: ...red changes click on OK button 6 Click Save to save the configuration For web based Help on how to use the web browser interface screen click on the Help button provided on the web browser screen 16 0...

Страница 98: ...assignment where the port is connected to a non 802 1Q compliant device or is assigned to only one VLAN Use the Tagged designation on at least one of the VLAN s when the port is assigned to more than...

Страница 99: ...ng and port membership the system determines the details of VLAN operation by observing two main types of rules Ingress rules Assign an incoming frame to a specific VLAN Egress rules Use standard brid...

Страница 100: ...lan type tag Than go to Vlan configuration mode by typing LE2425A vlan type tag To add a TAG based VLAN we use the following command LE2425A tag vlan add id vlan Id name vlan name port number list ran...

Страница 101: ...ee the list of VLAN s use the following command LE2425A tag vlan show vlan type port tag mac id vlanid where type is the type of VLAN here it has to be tag Id is optional and is used to see informatio...

Страница 102: ...ng id number status tagged untagged will define the outgoing packets from a port will be tagged or untagged This definition is on a per VLAN basis For example the command set port port 1 tagging id 10...

Страница 103: ...own list 6 After you make the desired changes click on OK button 7 Click Save to save the configuration This menu also gives the facility to configure Ingress and Egress rules by clicking Ingress or E...

Страница 104: ...tatic VLANs on the same ports as either Tagged Forbid Forbid option described under Per Port Options for Dynamic VLAN Advertising and Joining 17 2 General Operation A GVRP enabled port with a Tagged o...

Страница 105: ...port then dynamically create a VLAN with the same VID as in the advertisement and begin moving that VLAN s traffic If the switch already has a static VLAN assignment with the same VID as in the adver...

Страница 106: ...rt Options for Dynamic VLAN Advertising and Joining Initiating Advertisements As described in the preceding section to enable dynamic joins GVRP must be enabled and a port must be configured to Learn...

Страница 107: ...eceive them from other devices that is the port cannot dynamically join a VLAN but other devices can dynamically join the VLANs it advertises Prevent a port from sending dynamic VLAN advertisements fo...

Страница 108: ...gure the static VLANs on the switch es where they are needed along with the per VLAN parameters Tagged Untagged and Forbid see table on the appropriate ports 7 Dynamic VLANs will then appear automatic...

Страница 109: ...n IP address Converting a dynamic VLAN to a static VLAN and then executing the save command saves the VLAN in the startup config file and makes it a permanent part of the switch s VLAN configuration W...

Страница 110: ...nfigure GVRP Parameters In the web browser interface 1 Click on the Configuration 2 Click on Vlan 3 Click on GVRP 4 Click on toggle button to enable or disable GVRP 5 After you make the desired change...

Страница 111: ...ftware CLI command The factory default setting is off disabled The ports on which this capability is to be enabled are entered through a CLI command 18 1 CLI Link Loss Learn LLL commands are available...

Страница 112: ...Alarm MOMENTARY 9 Intruder Alarm MOMENTARY 10 Link Loss Learn Triggered MOMENTARY 11 Broadcast Storm Detected MOMENTARY 12 STP RSTP Reconfigured MOMENTARY Note For System event Log please read the ch...

Страница 113: ...8 Intruder Alarm NOT ENABLED 9 Link Loss Learn Triggered NOT ENABLED 10 Broadcast Storm Detected NOT ENABLED 11 STP RSTP Reconfigured NOT ENABLED If you enable the Alarm system and add event Ids then...

Страница 114: ...egory happens Send email alert according to the configuration rules when a specific trap SNMP trap category happens Provide configuration and customization commands for users to specify SMTP server to...

Страница 115: ...ient none no event will be sent to recipient or a combination of I informational A activity C critical F fatal and D debug event ACF means that events of severity types activity critical and fatal wil...

Страница 116: ...s SMTP alert enable disable mandatory Enables or disables SMTP alert Here is an example of email alert THIS IS A GENERATED E MAIL ALERT COMING FROM AN LE2425A and LEV2525A SWITCH PLEASE DO NOT REPLY A...

Страница 117: ...e following the protocol between devices desiring access to the bridged LAN and devices providing access to the bridged LAN the requirements for a protocol between the authenticator and an authenticat...

Страница 118: ...P over LAN or EAPOL encapsulates EAP packets onto 802 frames with a few extensions to handle 802 characteristics EAP over RADIUS encapsulates EAP packets onto RADIUS packets for relaying to RADIUS aut...

Страница 119: ...have the necessary credentials a RADIUS Access Deny packet is sent back and relayed to the supplicant as an EAP Failure frame The MNS BB Software implements the 802 1x authenticator It fully conforms...

Страница 120: ...horized 12 Enabled Auto Deasserted Unauthorized 13 Enabled Auto Deasserted Unauthorized 14 Enabled Auto Deasserted Unauthorized 15 Enabled Auto Deasserted Unauthorized 16 Enabled Auto Deasserted Unaut...

Страница 121: ...zed 17 Enabled Auto Deasserted Unauthorized 18 19 20 21 22 23 24 25 Enabled Auto Deasserted Unauthorized Port not available LE2425A auth auth disable 802 1X Authenticator is disabled Authserver This c...

Страница 122: ...from 1 to 10 LE2425A auth backend port 2 supptimeout 45 servertimeout 60 maxreq 5 Successfully set backend server authentication parameter s LE2425A auth show port backend Port Supp Timeout Server Ti...

Страница 123: ...60 2 30 8 60 2 30 9 60 2 30 10 60 2 30 11 60 2 30 12 60 2 30 13 60 2 30 14 60 2 30 15 60 2 30 16 60 2 30 17 60 2 30 18 19 20 21 22 23 24 25 60 2 30 Port not available reauth This command configures ho...

Страница 124: ...force authorized or force unauthorized When auto is used the authenticator and supplication goes through the normal authentication cycle When force authorized the supplicant connected to this port is...

Страница 125: ...ed 18 19 20 21 22 23 24 25 Enabled Auto Deasserted Unauthorized Port not available show port This command shows port related configuration information Syntax show port access backend reauth port num l...

Страница 126: ...2 30 30 2 13 30 30 2 14 30 30 2 15 30 30 2 16 30 30 2 17 30 30 2 18 19 20 21 22 23 24 25 30 30 2 Port not available LE2425A auth show port reauth Port Reauth Status Reauth Period sec 1 Enabled 3600 2...

Страница 127: ...EapLogoffWhileAuthenticated 0 backendResponses 5 backendAccessChallenges 2 backendOtherRequestsToSupplicant 0 backendNonNakResponsesFromSupplicant 2 backendAuthSuccesses 2 backendAuthFails 0 trigger r...

Страница 128: ...ontrol protocol TCP offers a connection oriented transport while UDP offers best effort delivery 22 3 Overview TACACS improves on TACACS and XTACACS by separating the functions of authentication autho...

Страница 129: ...nfigured to connect to two TACACS servers in the network Note Each LE2425A or LEV2525A switches can be configured to connect to up to five TACACS servers Whether through serial console or telnet a use...

Страница 130: ...e is authorization where it is determined whether the user has operator or manager access Logout State User inputs name and password Is User in Local User List YES Is User Manager YES Login State as M...

Страница 131: ...ication TAC_PLUS_AUTHOR 0x02 Authorization TAC_PLUS_ACCT 0x03 Accounting Sequence number The sequence number of the current packet for the current session Flags This field contains various flags in th...

Страница 132: ...le or disable packet encryption key optional for add when encryption is enabled the secret shared key string must be supplied LE2425A user tacserver add id 2 ip 10 21 1 123 encrypt enable key secret T...

Страница 133: ...f the LED behavior and information on using the LEDs for trouble shooting Check the network topology installation See the Hardware User Guide shipped with the Switch for topology information Check cab...

Страница 134: ...as a tool for isolating problems Each Event Log entry is composed of four fields Severity Date Time Description Severity is one of the following levels I Information indicates routine events A Activi...

Страница 135: ...ne I VLAN Pvlan port based vlan started I VLAN Pvlan default vlan is modified I VLAN Tvlan Tag based vlan started I TCP IP Failed to initialize the interface x F BRIDGE Bridge init failed for ethx F B...

Страница 136: ...o valid I RMON Event entry X is set to invalid I RMON Alarm entry X is set to valid I RMON Alarm entry X is set to invalid I RMON Alarm internal error unable to get memory F RMON Alarm internal error...

Страница 137: ...y Color Scheme Severity is one of the following levels with different color I Information White A Activity Blue D Debug Black C Critical Orange F Fatal Red Logged Events View 23 8 Diagnostic Tools 23...

Страница 138: ...15ms 192 168 1 10 is alive time 15ms You can do any combination of the above IP address count and timeout commands To halt a ping test before it concludes press Ctrl C 23 9 CLI Administrative and Trou...

Страница 139: ...the first Sunday on or after October 25th End DST at 2am the first Sunday on or after March 1st Western Europe Begin DST at 2am the first Sunday on or after March 23rd End DST at 2am the first Sunday...

Страница 140: ...r of the unit as shown in Fig 1 0 to a serial port of a Desktop PC operating as a console terminal Note The DB 9 Null Modem connecting cable is required for the connection It is not supplied along wit...

Страница 141: ...m will abort back to the boot prompt NOTE Please do not interrupt the LE2425A or LEV2525A unit or the Desktop PC during the download process If for any reason the download is not complete please follo...

Страница 142: ...file Name user username pass password Boot Code Upgrade Boot code upgrade is a part of software upgrade Once the software upgrade done it checks for the boot code If there is an old boot code softwar...

Страница 143: ...BB Software User Guide 132 Corporate Headquarters Black Box Corporation 1000 Park Drive Lawrence PA 15055 USA Phone 724 746 5500 Fax 724 746 0746 Web http www blackbox com Email techsupport blackbox...

Отзывы:

Нет отзывов

Похожие инструкции для LE2425A

DUB-H4 - Hub - USB

Бренд: D-Link Страницы: 4

Бренд: D-Link Страницы: 2

Бренд: l-com Страницы: 12

Бренд: Little Giant Страницы: 2

Бренд: Sangamo Страницы: 2

EXHL-TRN-LE1 Series

Бренд: Larson Electronics Страницы: 2

SISTG1040-242-LRT

Бренд: Transition Networks Страницы: 31

Бренд: N-Tron Страницы: 20

Бренд: N-Tron Страницы: 17

Бренд: E&C Страницы: 10

Бренд: Lantech Страницы: 119

QuantaMesh T4000 Series

Бренд: QCT Страницы: 41

Бренд: NETGEAR Страницы: 2

Бренд: Inter-m Страницы: 12

Бренд: Vagner Pool Страницы: 5

Cordex HP CXRF 48-2.4kW

Бренд: Alpha Страницы: 56

Бренд: FIBERROAD Страницы: 30

Бренд: Witura Страницы: 12

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды