IS5 COMMUNICATIONS iSG18GFP Скачать руководство пользователя страница 63

Страница: 63 / 78

ISG18GFP USER MANUAL, GENERAL, SECTION G

UM-G-iSG18GFP-4.5.06.1-EN.docx

Login and Management

Configuring of the Login Authentication Method sets the authentication method.

Setting up specific authorized personnel to manage iSG18GFP is possible using filtering conditions such as IP

address (mandatory), vlan-id, and service type (SSH, Telnet, SNMP, etc.), etc.

Once the information about the authorized personnel has been configured in the system, no other entity can have

management privileges to the secure gateway over IP network. Serial console management remains available and

is not influenced by the authorized manager conditions.

If no authorized managers are configured (default state), then secure gateway management is possible on all

configured VLANs and associated ports via the respective IP interfaces assigned.

7.1 Login Authentication Hierarchy

GCE

+ root

lock

logout

show authorized-manager [ip-source < ip_addr >]

show system information

show logging

show users

show aliases

show line {

console | vty <line> }

listuser

show privilege

+ configure terminal

[no] authorized-manager ip-source <ip_addr> {<ip_mask> ,cpu0

CR | service

interface <type>, service <type>

,vlan <port_list> }

username <user-name> { confirm-password, [ 0 | 7 | LINE ], password [8-20 char], privilege <1-15> , status [enable

| disable] }

no username <user-name>

Содержание iSG18GFP

Страница 1: ...ICATIONS INC ALL RIGHTS RESERVED iSG18GFP User Manual General Section G iSG18GFP Intelligent 18 Port Compact Service Aware Ethernet Switch IEC 61850 3 and IEEE 1613 Compliant Version 4 5 06 1 Apr 2020...

Страница 2: ...ucts found to be defective within this warranty period including shipping costs This warranty does not cover product modifications or repairs done by persons other than iS5 approved personnel and this...

Страница 3: ...ector 8 3 3 3 Power Budget 8 CHAPTER 4 CONFIGURATION ENVIRONMENT 9 4 1 Command Line Interface 9 4 2 Command Line navigation 10 4 2 1 Minimum Abbreviation 10 4 2 2 GREP 10 4 2 3 Dynamic Completion of C...

Страница 4: ...ntrol 50 6 10 2 Rate Limit Output 50 6 11 Ports Command Hierarchy 50 6 12 Ports Commands Description 52 6 12 1 Port Configuration Example 54 6 12 2 Configuration Output Example 56 CHAPTER 7 LOGIN AND...

Страница 5: ...nterfaces Defaults 14 Table 8 Root Commands Description 16 Table 9 GCE Commands Description 20 Table 10 Port Addressing Syntax 46 Table 11 Ports Default States 48 Table 12 Ports Default States 48 Tabl...

Страница 6: ...ts for the Distributed Automation control of remote sites This product is as a secure gateway for Ethernet IP and Serial services as an optimized platform for servicing these needs over the network co...

Страница 7: ...ng features please refer to Section B iSG18GFP User Manual Basic Section B UM B iSG18GFP 4 5 06 01 EN docx For security features refer to iSG18GFP User Manual Security Section S UM S iSG18GFP 4 5 06 0...

Страница 8: ...Example Your Product enable 15 Courier New 10 regular blue Courier New 10 regular black CLI command outputs Current privilege level is 15 Your Product show privilege Pre requisites or special informa...

Страница 9: ...P Address Resolution Protocol CLI Command Line Interface CLI Fa or FE Fa stands for Fast Ethernet Gi Gigabit Ethernet GCE General Configuration Environment MAC Media Access Control VLAN Virtual LAN TC...

Страница 10: ...iSG18GFP 4 5 06 1 EN docx 2020 IS5 COMMUNICATIONS Inc ALL RIGHTS RESERVED Hardware and Interfaces 2 1 Graphical View of Hardware Figure 1 Graphical View of Hardware 2 2 Logical System View Figure 2 Lo...

Страница 11: ...ing device for proper cooling using natural air flow Refer to the figure below Figure 3 Distance for Natural Air Flow 3 2 Grounding 1 To install the grounding wire prepare a minimum 10 American Wire G...

Страница 12: ...to a reliable ground as described below 3 3 Connecting to a Power Source CAUTION Please refer to the iSG18GFP installation guide for complete installation instructions 3 3 1 Wiring DC Input Voltage Fe...

Страница 13: ...tor Use 18AWG 1mm2 wire with insulated ferrules 3 3 3 Power Budget Please refer to the iSG18GFP installation guide for complete breakdown of power consumption per product group and recommended upstrea...

Страница 14: ...ng table lists the CLI environments and modes Table 4 Command Line Interface Command Mode Access Method Prompt Exit Method Root Following user log in this mode is available to the user iSG18GFP To exi...

Страница 15: ...CLI mode 4 2 2 GREP The GREP and GREP V allows filtering long show outputs GREP text filter to output lines which includes the given text GREP v text filter to output lines which do not include the gi...

Страница 16: ...ace gigabit mac address table static unicast 02 20 d2 fc 1c 79 vlan 4092 interface fastethernet mac address table static unicast 02 20 d2 fc 1c 7a vlan 4092 interface fastethernet 4 2 3 Dynamic Comple...

Страница 17: ...rts Serial ports Cellular modem OSPF VLAN tagging IPSec VPN Management Authentication SCADA Gateway SCADA Firewall L2 L4 Firewall QOS Serial services Terminal services ERP MSTP OSPF RIP FTP SNMP NAT T...

Страница 18: ...nt X SNMP Trap X SNMP X SSH Client X X Syslog X X Telnet Client X X Telnet server X X TFTP Client X Web management interface X Networking LLDP X OAM CFM ITU T Y 1731 X QOS X Protection Conditioned sch...

Страница 19: ...Firewall X Serial Transparent Tunneling X Terminal Server X VPN L2 GRE VPN X L3 IPSec VPN X L3 mGRE DM VPN X 4 4 System Defaults The following table details the features and interfaces defaults Table...

Страница 20: ...led TACACS Disabled Radius Disabled ACLs Disabled SNTP Disabled Firewall Disabled VPN Disabled 4 5 Root Commands The Root Configuration Environment list of main CLI commands is shown below Root Help c...

Страница 21: ...permissible mode Lock Locks the CLI console It allows the user system administrator to lock the console to prevent unauthorized users from gaining access to the CLI command shell Enter the login pass...

Страница 22: ...efault ip address ip address default ip address allocation protocol ip address dhcp login authentication login authentication default authorized manager ip source archive download sw interface configu...

Страница 23: ...r counters show ip interface show authorized managers show interfaces show interfaces counters show system specific port id show interface mtu show interface bridge port type show nvram show env show...

Страница 24: ...COMMANDS UM G iSG18GFP 4 5 06 1 EN docx 2020 IS5 COMMUNICATIONS Inc ALL RIGHTS RESERVED show telnet server show audit set http authentication scheme set http redirection enable http redirect show htt...

Страница 25: ...accessing the GUI to manage the switch authorized manager ip source Configures an IP authorized manager and the no form of the command removes manager from authorized managers list mtu frame size Con...

Страница 26: ...maximum number of unicast dynamic MAC L2 MAC entries hardware can learn on the system system contact system location clear interfaces counters clear counters show ip interface show authorized manager...

Страница 27: ...lear line vty login block for audit logging logsize threshold feature telnet show telnet server show audit set http authentication scheme set http redirection enable http redirect show http authentica...

Страница 28: ...ace status management vlan list port_list show iftype protocol deny table clear line vty audit logging logsize threshold feature telnet show telnet server show audit set http authentication scheme set...

Страница 29: ...ospf ip rip NAT cellular connection continuous echo disable enable modem network refresh settings show wan capture delete export help show start stop date discrete service show dm vpn multipoint gre n...

Страница 30: ...vlan show running config interface fastethernet 0 1 8 show running config interface gigabitethernet 0 1 2 show vlan port config show interfaces status ACLs show running config acl FDB show mac addres...

Страница 31: ...ACE ACE Routing router interface show router route show router static enable show running config show ip route exit router ospf enable show running config show ip ospf route show ip ospf neighbor show...

Страница 32: ...show l2 vpn nhrp spoke show l2 vpn nhrp hub show ipsec vpn tunnel show ipsec show global defs ipsec show preshared ipsec show sa ipsec show log Serial serial card show serial port show serial local en...

Страница 33: ...e must be FAT32 The iSG18GFP can hold at its disk a maximum of two OS image files Before downloading a new OS file to the switch make sure the iSG18GFP has on it only one the active file If needed del...

Страница 34: ...RIGHTS RESERVED startup config import export flash file_name sftp user password aa bb cc dd file_name tftp aa bb cc dd file_name logs export flash file_name sftp user password aa bb cc dd file_name tf...

Страница 35: ...CLI management 2 Prepare a USB stick formatted to FAT32 and with the OS version at its root directory 3 Display available OS files iSG18GFP os image show list Versions list IS_5018_4 5 04 09 tar IS_50...

Страница 36: ...image show list Versions list IS_5018_4 5 04 09 tar active IS_5018_4 5 06 01 tar 5 4 2 From SFTP To upgrade the OS image file from a SFTP server perform the following 1 Display the available OS files...

Страница 37: ..._5018_4 5 06 01 tar active iSG18GFP 4 Activate desired OS file will automatically reboot the device iSG18GFP os image activate flash IS_5018_4 5 04 09 tar Switch booting iSG18GFP os image show list Ve...

Страница 38: ...p address filename Example iSG18GFP logs export sftp user user 172 18 212 230 logs_january13 5 6 Example of Exporting DB Files to Flash Drive The following flow will show how to export configuration a...

Страница 39: ...ble reboot the unit and interrupt the boot process at the Safe Mode prompt The first Safe mode is used for approved technician only and should not be used unless specified iS5Com This Safe Mode state...

Страница 40: ...ther type field continue c Continue with start up process help H Display help about this utility c Extracting software s OK 01 01 70 00 25 34 Running applications For safe mode Press s safe mode menu...

Страница 41: ...ult configuration for the device eeprom 3 Write to EEPROM recover 4 Recover the device s images from a package file db 5 Export Import DB continue c Continue in start up process refresh r Refresh menu...

Страница 42: ...the switch safe mode menu reset 1 Reset the device defcfg 2 Load the factory default configuration for the device eeprom 3 Write to EEPROM recover 4 Recover the device s images from a package file db...

Страница 43: ...guration for the device eeprom 3 Write to EEPROM recover 4 Recover the device s images from a package file db 5 Export Import DB continue c Continue in start up process refresh r Refresh menu help H D...

Страница 44: ...te file name and path Below examples shown relate to version 4 0 02 10 tar Choose Options 4 and 1 safe mode menu reset 1 Reset the device defcfg 2 Load the factory default configuration for the device...

Страница 45: ...4 09 tar Enter version number on USB For main menu press X mnt usb IS_5018_4 5 06 01 tar Version was installed successfully 4 Activate the new version Select Options 4 and 3 The system will boot safe...

Страница 46: ...file please wait 5 8 3 Installing First Firmware Image from a USB Follow the steps below for an example of installing a first version from a USB Local database and any active OS image will be deleted...

Страница 47: ...require an update to the iSG18GFP s OS Such updates will include the OS image also referred to as Uboot file provided to you by the iS5Com support team Upon obtaining the OS file follow these steps 1...

Страница 48: ...s images from a package file db 5 Export Import DB continue c Continue in start up process refresh r Refresh menu help H Display help about this utility 4 safe mode menu reset 1 Reset the device defcf...

Страница 49: ...package file db 5 Export Import DB continue c Continue in start up process help H Display help about this utility 5 Export Import DB export 1 Export DB to usb import 2 Import DB from usb list 3 Show l...

Страница 50: ...SYSTEM VERSION AND DATABASE SECTION SAFE MODE UM G iSG18GFP 4 5 06 1 EN docx 2020 IS5 COMMUNICATIONS Inc ALL RIGHTS RESERVED continue c Continue in start up process help H Display help about this uti...

Страница 51: ...Syntax Command Description interface type Specifies the interface type Fastethernet F gigabitethernet G Port id Specifies the port id in a slot number port format Slot number is 0 for Ethernet ports...

Страница 52: ...4 Enabling Ports To be accessible the required interfaces must be activated This is done using the no shutdown command 1 An example of enabling port interface number 5 is as follows iSG18GFP config in...

Страница 53: ...4 Serial tunneling Service VLANs Terminal Server Service VLANs Gateway Service VLANs L2 VPN NNI Vlan UNI VLAN L3 VPN NNI Vlan IPsec NNI Vlan Cellular Firewall Service VLANs 6 6 Ports FE 0 9 16 The usa...

Страница 54: ...8 1 Power Management of PoE 1 The eight PoE ports support in total maximum power output of a For 12 VDC powered units 70 Watt b For 24 VDC powered units 90 Watt c For 48 VDC powered units 120 Watt or...

Страница 55: ...state of the port Port number is in the range 1 8 when related to fastethernet 1 8 6 9 Cellular Ports Cellular Port Description 2SIM LTE1 Dual SIM LTE Modem with 3G fallback International 2SIM LTE2 Du...

Страница 56: ...end desired on off mtu mtu value no shutdown no storm control broadcast multicast dlf level pps 1 250 000 no rate limit output rate limit burst limit switchport unicast mac learning limit limit value...

Страница 57: ...llowed only if the port is not a tagged member at any VLAN The port property of switchport acceptable frame type must be set to untagged AND priority Tagged Trunk accepts and sends only tagged frames...

Страница 58: ...operating over the interface Note Any messages larger than the MTU are divided into smaller packets before transmission Default 1500 system specific port id This command configures the system specific...

Страница 59: ...en used with send option storm control sets the storm control rate for broadcast multicast and DLF packets broadcast Broadcast packets multicast Multicast packets dlf Unicast packets level Storm contr...

Страница 60: ...GFP 4 5 06 1 EN docx 2020 IS5 COMMUNICATIONS Inc ALL RIGHTS RESERVED 3 Set a port PVID iSG18GFP config interface fastethernet 0 5 iSG18GFP config if switchport pvid 5 4 Set a Port Alias iSG18GFP confi...

Страница 61: ...ess is 00 20 d2 fc c1 f1 MTU 1500 bytes Full duplex 100 Mbps No Negotiation HOL Block Prevention disabled CPU Controlled Learning disabled Auto MDIX on Input flow control is off output flow control is...

Страница 62: ...t Vlan ID 1 Port Acceptable Frame Type Admit All Port Mac Learning Status Enabled Port Mac Learning Limit Default Port Ingress Filtering Disabled Port Mode Trunk iSG18GFP show vlan port config port fa...

Страница 63: ...uenced by the authorized manager conditions If no authorized managers are configured default state then secure gateway management is possible on all configured VLANs and associated ports via the respe...

Страница 64: ...a specific authorized manager from the list of authorized managers ip_addr Sets the network or host address from which the secure gateway is managed An address 0 0 0 0 indicates Any Manager ip_mask S...

Страница 65: ...r Logins no username Set a new user Username 2 32 characters length Must start with A Z or a z Allowed small and capital letters Allowed numbers 0 9 Allowed special symbols and _ Password 8 32 charact...

Страница 66: ...7 5 Password Expiration The password expiration has the following pre set parameters maximum time default 90 days warning time default 10 days At the next login the iSG18GFP will notify the user to c...

Страница 67: ...ager iSG18GFP config authorized manager ip source 10 10 10 10 32 interface fastethernet 0 1 vlan 1 service ssh snmp telnet iSG18GFP config authorized manager ip source 10 10 10 10 iSG18GFP show author...

Страница 68: ...Enable Disable Exit Help logout Users with privilege level 1 can access all user level commands with iSG18GFP prompt Users with privilege level 15 can access all commands It is the least restricted le...

Страница 69: ...ational parameters 7 9 1 1 Connecting the device to a PC using the Console Port 1 Connect the RJ45 connector of the console cable to the device s Console Port CON 2 Connect the other side of the cable...

Страница 70: ...0 1 Default state Table 18 Default State of Features Feature Default state Vlan 1 Active All ports are members Layer 3 interface Interface VLAN 1 is set to 10 10 10 1 8 SSH Enabled Telnet Disabled Con...

Страница 71: ...elnet interface type port id no switchport pvid vlan ID no shutdown no interface vlan vlan id no shutdown ip address dhcp ip address subnet mask Application connect reload schedule date and time YYYY...

Страница 72: ...tch supports SSH client allowing It to open SSH session to a remote partner User username to be logged in at the remote partner Remote ip IP address of remote partner Config terminal line vty Set idle...

Страница 73: ...reload cancel Cancels all scheduled automatic reloads reload show Shows user set scheduled reloads 7 10 4 Example For management of ports using designated VLAN and IP follow the configuration example...

Страница 74: ...s for Creating Alias Command Description Config terminal Alias replacement string Represents the string for which a replacement is needed token to be replaced Specifies an abbreviated short form of th...

Страница 75: ...1 Port Mac Learning Limit The Administrator can enable or disable the Mac Learning Status of each port By default each port in the bridge is allocated a limit on the number of Mac addresses that is l...

Страница 76: ...raffic will be learned with the VLAN tag by default 7 13 3 Configuration Example Static MAC entry 1 Place a static entry iSG18GFP config mac address table static unicast 02 20 d2 fc 1c 95 vlan 1 inter...

Страница 77: ...hardware address Vlan vlan id 1 4094 no arp ip address show ip arp Vlan vlan id 1 4094 interface type interface id ip address mac address summary information Table 21 Commands Hierarchy Commands Desc...

Страница 78: ...G18GFP config arp timeout 50 2 Set static entry iSG18GFP config arp 172 18 212 100 00 11 22 33 44 55 Vlan 1 Output example iSG18GFP show ip arp VRF Id 0 VRF Name default Address Hardware Address Type...

Результаты поиска

Содержание iSG18GFP

Отзывы:

Похожие инструкции для iSG18GFP

Бренды по названию

Популярные бренды

IS5 COMMUNICATIONS iSG18GFP, Руководство пользователя

Результаты поиска

Содержание iSG18GFP

Отзывы:

Похожие инструкции для iSG18GFP

Бренды по названию

Популярные бренды