manualshive.com logo in svg

KTI KGS-3120, Руководство по эксплуатации, Страница: 163 / 221

Поделиться
Скачать
KTI KGS-3120 Скачать руководство пользователя страница 163

-163-

To set the SSH User Authentication parameters on the Switch, a user account must be
previously configured. For more information on configuring local user accounts on the
Switch, see the Security IP section of this document.

Access Authentication Control

The TACACS/XTACACS//RADIUS commands let you secure access to the switch using
the TACACS/XTACACS//RADIUS protocols. When a user logs in to the switch or tries to
access the administrator level privilege, he or she is prompted for a password. If TACACS/XTACACS/
/RADIUS authentication is enabled on the switch, it will contact a TACACS/XTACACS/
/RADIUS server to verify the user. If the user is verified, he or she is granted access to the
switch.

There are currently three versions of the TACACS security protocol, each a separate entity. The
switch

s software supports the following versions of TACACS:

TACACS (Terminal Access Controller Access Control System) - Provides password checking
and authentication, and notification of user actions for security purposes utilizing via one or more
centralized TACACS servers, utilizing the UDP protocol for packet transmission.

Extended TACACS (XTACACS) - An extension of the TACACS protocol with the ability to
provide more types of authentication requests and more types of response codes than TACACS.
This protocol also uses UDP to transmit packets.

(Terminal Access Controller Access Control System plus) - Provides detailed access
control for authentication for network devices. is facilitated through Authentication
commands via one or more centralized servers. The protocol encrypts all traffic
between the switch and the daemon, using the TCP protocol to ensure reliable
delivery

In order for the TACACS/XTACACS//RADIUS security function to work properly, a
TACACS/XTACACS//RADIUS server must be configured on a device other than the
switch, called an Authentication Server Host and it must include usernames and passwords for authen-
tication. When the user is prompted by the switch to enter usernames and passwords for authentica-
tion, the switch contacts the TACACS/XTACACS//RADIUS server to verify, and the
server will respond with one of three messages:

The server verifies the username and password, and the user is granted normal user privileges on
the switch.

The server will not accept the username and password and the user is denied access to the
switch.

The server doesn

t respond to the verification query. At this point, the switch receives the

timeout from the server and then moves to the next method of verification configured in the
method list.

The switch has four built-in Authentication Server Groups, one for each of the TACACS, XTACACS,
, and RADIUS protocols. These built-in Authentication Server Groups are used to authen-
ticate users trying to access the switch. The users will set Authentication Server Hosts in a preferable
order in the built-in Authentication Server Groups and when a user tries to gain access to the switch,
the switch will ask the first Authentication Server Hosts for authentication. If no authentication is
made, the second server host in the list will be queried, and so on. The built-in Authentication Server
Groups can only have hosts that are running the specified protocol. For example, the TACACS Au-

Содержание KGS-3120

Страница 1: ...1 DOC 041230 KGS 3120 Operation Manual...

Страница 2: ...ves the right to revise this documentation and to make changes in content from time to time without obligation on the part of KTI Networks Inc to provide notification of such revision or change For mo...

Страница 3: ...nterface cables and AC power cord if any must be used in order to comply with the emission limits CISPR A COMPLIANCE This device complies with EMC directive of the European Community and meets or exce...

Страница 4: ...Management 25 Before You Start 25 General Deployment Strategy 25 VLAN Setup 26 Defining Static Routes 26 Web based User Interface 26 Areas of the User Interface 26 Login to Web Manager 28 Web Pages an...

Страница 5: ...ings 129 Static Default Route Settings 130 Static ARP Settings 131 RIP 132 RIP Global Setting 132 RIP Interface Settings 132 OSPF 134 OSPF General Setting 134 OSPF Area ID Settings 135 OSPF Interface...

Страница 6: ...189 Transmitted Packets 191 Errors 192 Received Errors 193 Transmitted Errors 195 Size 197 Packet Size 197 MAC Address 199 Switch History 200 IGMP Snooping Table 201 Browser Router Port 201 VLAN Stat...

Страница 7: ...7 Save Changes 212 Factory Reset 213 Restart System 214 Logout 214 Appendix A Technical Specifications 215 Appendix B Cables and Connectors 216 Appendix C Cable Lengths 217 Glossary 218...

Страница 8: ...name means that optionally you can type copy followed by the name of the file Do not type the brackets Bold font Indicates a button a toolbar icon menu or menu item For example Open the File menu and...

Страница 9: ...side these compartments If any of the following conditions occur unplug the product from the electrical outlet and replace the part or contact your trained service provider The power cable extension c...

Страница 10: ...lp protect your system from sudden transient increases and decreases in electrical power use a surge suppressor line conditioner or uninterruptible power supply UPS Position system cables and power ca...

Страница 11: ...nd practices Never defeat the ground conductor or operate the equipment in the absence of a suitably installed ground conductor Contact the appropriate electrical inspection author ity or an electrici...

Страница 12: ...1000BASE T or Gigabit SFP 24 Gbps Switching fabric capacity Supports 802 1D STP and 802 1w Rapid Spanning Tree for redundant back up bridge paths Supports 802 1Q VLAN Supports IGMP snooping Supports 8...

Страница 13: ...ports TACACS TACACS and XTACACS Front Panel Components The front panel of the Switch consists of LED indicators an RS 232 communication port two slide in module slots and four 1000BASE T SFP combo por...

Страница 14: ...rt has a corresponding indicator This will light steady green for a valid link and blink whenever there is reception or transmission i e Activ ity Act of data occurring at a port The ID LED on the Swi...

Страница 15: ...00 1000Mbps Expansion Module 4 Port 10 100 1000BASE T Four port module Front panel module Connects to 1000BASE T devices LED indicators for Link Activity KGM 340F 4 Port Gigabit SFP Mini GBIC Expansio...

Страница 16: ...nd Line Reference Manual which is included on the documentation CD SNMP Based Management You can manage the Switch with an SNMP compatible console program The Switch is supports SNMP version 1 0 versi...

Страница 17: ...ulation program plug in the power cord and then set up a password and IP address Do not connect the Switch to the network until you have established the correct IP settings and user accounts Installin...

Страница 18: ...o attach a mounting bracket to each side of the Switch 2 Align the holes in the mounting bracket with the holes in the rack 3 Insert and tighten two screws through each of the mounting brackets Attach...

Страница 19: ...19 Mounting the Switch in a Standard 19 Rack Install Switch in equipment rack Unit ID Display The 7 segment LED as shown below on the front panel will always display F 15 in hex KGS 3120 Front Panel...

Страница 20: ...data bits 1 stop bit and no parity d Set flow control to none e Under Properties select VT100 for Emulation mode f Select Terminal keys for Function Arrow and Ctrl keys Ensure that you select Terminal...

Страница 21: ...thorized access to the Switch and record the passwords for future reference To create an administrator level account for the Switch do the following 1 At the CLI login prompt enter create account admi...

Страница 22: ...bjects are defined in a Management Information Base MIB which provides a standard presentation of the information controlled by the on board SNMP agent SNMP defines both the format of the MIB specific...

Страница 23: ...st Multicast Storm MIBs Management and counter information are stored by the Switch in the Management Information Base MIB The Switch uses the standard MIB II Management Information Base module Conseq...

Страница 24: ...ement station to the Switch s Telnet or Web based management agent KGS 3120 Gigabit Ethernet Switch Command Line Interface Firmware Build 2 00 B17 Copyright C 2000 2003 All right reserved UserName Pas...

Страница 25: ...in a network can be thought of as a new generation of router that performs routing functions in hardware rather than software It is in effect a router that also has numerous independent Ethernet colli...

Страница 26: ...rces can save valuable time in case of a link or device failure The Spanning Tree function can be used to block the redundant link until it is needed VLAN Setup VLANs setup in Layer 3 Switching is mor...

Страница 27: ...itch s ports and expansion modules Click on the ports in the front panel to manage the port s configuration or view data for the port Left Select the window to be displayed The folder icons can be ope...

Страница 28: ...mmand line interface CLI command save Web Pages and Folders Below is a list and description of the main folders and windows available in the web interface Configuration This folder includes all the su...

Страница 29: ...start the Switch Switch Information The first page displayed upon logging in is the System Information Basic Settings window This window can be accessed at any time by clicking the Switch Information...

Страница 30: ...ss is 10 90 90 90 with a subnet mask of 255 0 0 0 and a default gateway of 0 0 0 0 To manually assign the Switch s IP address subnet mask and default gateway address 1 Select Manual from the Get IP Fr...

Страница 31: ...The fields which require entries under this option are as follows Subnet Mask A Bitmask that determines the extent of the subnet that the Switch is on Should be of the form xxx xxx xxx xxx where each...

Страница 32: ...ssigned to the IP interface named System and the z represents the corresponding number of subnets in CIDR notation The IP interface named System on the Switch can be assigned an IP address and subnet...

Страница 33: ...ing in a User Name and New Password and retype the same password in the Confirm New Password Choose the level of privilege Admin or User from the Access Right drop down menu User Account Modify Table...

Страница 34: ...by clicking the Save Changes button located in the Maintenance folder Save Configuration window The Switch has two levels of memory normal RAM and non volatile or NV RAM To save all the changes made i...

Страница 35: ...ra tion will be returned to the factory default settings for the current session only When the Switch is rebooted it will return to the last configuration saved to the Switch s NV RAM using the Save C...

Страница 36: ...e current configuration to non volatile RAM before restarting the Switch Clicking the No option instructs the Switch not to save the current configuration before restarting the Switch All of the confi...

Страница 37: ...defined Choose from the following options 9600 19200 38400 or 115200 MAC Address Aging Time 10 1000000 This field specifies the length of time a learned MAC Address will remain in the forwarding table...

Страница 38: ...to disable this by selecting Disabled you will lose the ability to configure the system through the web interface as soon as these settings are applied Web TCP Port Number 1 65535 The TCP port number...

Страница 39: ...Settings RADIUS Server IGMP IGMP Snooping Static Router Ports Entry Spanning Tree STP Switch Settings STP Port Settings Forwarding Filtering Unicast Forwarding Multicast Forwarding VLANs Static VLAN E...

Страница 40: ...window displays general information about the Switch including its MAC Address Hardware Boot PROM and Firmware versions and installed module information IP Address Switch IP settings may initially be...

Страница 41: ...he management station that will access the Switch The Switch will allow management access from stations with the same VID listed here To use the BOOTP or DHCP protocols to assign the Switch an IP addr...

Страница 42: ...nagement station that can connect to the Switch can access the Switch until either Management Station IP Addresses are assigned or SNMP settings are configured to control management access Setting the...

Страница 43: ...defined Choose from the following options 9600 19200 38400 or 115200 MAC Address Aging Time 10 1000000 This field specifies the length of time a learned MAC Address will remain in the forwarding table...

Страница 44: ...his by selecting Disabled you will lose the ability to configure the system through the web interface as soon as these settings are applied Web TCP Port Number 1 65535 The TCP port number currently be...

Страница 45: ...100 Mbps devices full or half duplex The Auto setting allows the port to automati cally determine the fastest settings the device the port is connected to can handle and then to use those settings The...

Страница 46: ...orts click Port Description on the Configuration folder Port Description Setting window The user may set the following parameters Unit This is the Unit ID of a Switch The number 15 indicates a KGS 312...

Страница 47: ...hat will be mirrored Choose Ingress Egress or Both for the mirrored port by clicking the appropriate radio button for the port 3 Select the Target Port using the Unit and Port drop down menus 4 Change...

Страница 48: ...d of shutting down a loop when a storm is formed because a MAC address cannot be located in the Switch s forwarding data base and it must send a packet to all ports or all ports on a VLAN To configure...

Страница 49: ...e aggregation group This port is called the Master Port of the group and all configuration options including the VLAN configuration that can be applied to the Master Port are applied to the entire lin...

Страница 50: ...kly isolate a bandwidth intensive network device or to have an absolute backup aggregation group that is not under automatic control Type This pull down menu allows you to select between Static and LA...

Страница 51: ...ending LACP control frames This allows LACP compliant devices to negotiate the aggregated link so the group may be changed dynamically as needs require In order to utilize the ability to change an agg...

Страница 52: ...tation of the server side of IEEE 802 1X Port Based Network Access Control Through this mechanism users have to be authorized before being able to access the network See the following figure Typical 8...

Страница 53: ...53 Once the user is authenticated the Switch unblocks the port that is connected to the user as shown in the next figure Typical 802 1X Configuration with User Authentication...

Страница 54: ...US server Typical Configuration with 802 1X Fully Implemented State Machine Name Port Timers state machine Authenticator PAE state machine The Authenticator Key Transmit state machine Reauthentication...

Страница 55: ...der and click on the 802 1X Authenticator Settings link 1st 802 1X Authenticator Settings window To configure the 802 1X Authenticator settings for a given port click on the blue port number under the...

Страница 56: ...through the interface If Auto is selected it will enable 802 1X and cause the port to begin in the unauthorized state allowing only EAPOL frames to be sent and received through the port The authentic...

Страница 57: ...the 802 1X Capability Settings link 802 1X Capability Settings 802 1X Capability Settings window To set up the Switch s 802 1X port based authentication select which ports are to be configured in the...

Страница 58: ...US server settings index Radius Server Type in the IP address of the RADIUS server Authentic Port This is the UDP port on the RADIUS server that will be used to authenticate users The default is 1812...

Страница 59: ...on IGMP messages sent from the device to the IGMP host or vice versa The Switch monitors IGMP messages and discontinues forwarding multicast packets when there are no longer hosts re questing that th...

Страница 60: ...es the maximum amount of time between group specific query messages including those sent in response to leave group messages The default value is 1 Host Timeout This is the maximum amount of time in s...

Страница 61: ...do not send IGMP reports or implement IGMP snooping a multicast router connected to the router port of the Layer 3 Switch would not be able to receive UDP data streams unless the UDP multicast packets...

Страница 62: ...TP was developed in order to overcome some limitations of STP that impede the function of some recent Switching innovations in particular certain Layer 3 function that are increasingly handled by Ethe...

Страница 63: ...example would be a port connected directly to a single worksta tion Ports that are designated as edge ports transition to a forwarding state immediately without going through the listening and learni...

Страница 64: ...nning Tree Protocol STP operates on two levels on the Switch level the settings are globally implemented On the port level the settings are implemented on a per user defined group of ports basis Switc...

Страница 65: ...itch spends in the listening state while moving from the blocking state to the forwarding state Bridge Priority 0 61440 32768 A Priority for the Switch can be set from 0 to 61440 This number is used i...

Страница 66: ...Group spanning tree works in the same way as the Switch level spanning tree but the root bridge concept is replaced with a root port concept A root port is a port of the group that is elected on the...

Страница 67: ...an coexist with standard STP however the benefits of RSTP are not realized on a port where an 802 1d network connects to an 802 1w enabled network Migration should be enabled Yes on ports connected to...

Страница 68: ...Forwarding Table window as shown below Setup Static Unicast Forwarding Table window To add an entry define the following parameters VLAN ID The VLAN ID number of the VLAN on which the above Unicast MA...

Страница 69: ...ng Table window The following parameters can be set VID The VLAN ID of the VLAN the MAC address below belongs to Multicast MAC Address The MAC address of the static source of multicast packets This mu...

Страница 70: ...improvement in performance since it bypasses any routing functions packets transferred between subnets are reduced to a hardware decision Even though a Switch inspects a packet s IP address to determ...

Страница 71: ...orwarded only to members of the VLAN on which the broadcast was initiated IEEE 802 1Q VLANs Some relevant terms Tagging The act of putting 802 1Q VLAN information into the header of a packet Untagging...

Страница 72: ...wo octets and consists of three bits or user priority one bit of Canonical Format Identifier CFI used for encapsulating Token Ring packets so they can be carried across Ethernet backbones and twelve b...

Страница 73: ...re inserted after the MAC source address but before the original EtherType Length or Logical Link Control Because the packet is now a bit longer than it was origi nally the Cyclic Redundancy Check CRC...

Страница 74: ...g to the VID contained within the tag Tagged packets are also as signed a PVID but the PVID is not used to make packet forwarding decisions the VID is Tag aware Switches must keep a table to relate PV...

Страница 75: ...tagged with VLAN information the ingress port will tag the packet with its own PVID as a VID if the port is a tagging port The Switch then determines if the destination port is a member of the same V...

Страница 76: ...VLAN ID For a new VLAN entry type in a unique identifier This number is used to configure other settings such as GVRP status for ports in the VLAN VLAN Name For a new VLAN entry type in a unique name...

Страница 77: ...h Added VLAN window To change the port settings of any listed VLAN click the Modify button Now click the Modify button in the first 802 1Q Static VLANs window for the newly created VLAN engineering A...

Страница 78: ...w Configure the 802 1 Port Settings Unit Select the relevant Switch for configuration From To Use these drop down menus to specify the range of ports that will be included in the VLAN Ingress Check Th...

Страница 79: ...into the packet header is used to identify the priority level of data packets The Switch implements 802 1p priority using eight hardware queues Therefore the Switch must have a means of mapping the e...

Страница 80: ...port on the Switch Click on the 802 1p Default Priority link in the QoS sub folder Port Default Priority assignment window This page allows you to assign a default 802 1p priority to any given port on...

Страница 81: ...e assignment of a User Priority to each of the 802 1p priorities User Priority Configuration window Once you have assigned a priority to the port groups on the Switch you can then assign this Class to...

Страница 82: ...uling may result in unacceptable levels of packet loss or significant transmission delay If you choose to customize this setting it is important to monitor network performance especially during peak d...

Страница 83: ...to limit traffic but is more restrictive It provides a method of directing traffic that does not increase the overhead of the Master Switch CPU Traffic Segmentation Setting window The Unit drop down...

Страница 84: ...ports may be configured starting with the selected port Type This drop down menu allows you to select between RX receive TX transmit and Both This setting will determine whether the bandwidth ceiling...

Страница 85: ...ation Global Settings MAC Notification Global Settings window The following parameters can be set State This drop down menu is used to enable or disable MAC notification on the selected Switch Interva...

Страница 86: ...ation Port Settings window The following parameters can be set Unit Specify number 15 indicates the Switch From To A consecutive group of ports may be configured starting with the selected port State...

Страница 87: ...sages to up to four designated servers System Log Servers window Click the Add button to bring up the window pictured below The parameters configured for adding System Log are described in the table b...

Страница 88: ...own in the following Bold font means the facility values that the Switch currently supports Code Facility 0 kernel messages 1 user level messages 2 mail system 3 system daemons 4 security authorizatio...

Страница 89: ...orts and gaining access to the network Port Security Settings window The following parameters can be set Unit Specify number 15 indicates the Switch From To A consecutive group of ports may be configu...

Страница 90: ...State Use this pull down menu to enable or disable SNTP SNTP Secondary Server This is the primary server the SNTP information will be taken from SNTP Poll Interval in Seconds This is the interval betw...

Страница 91: ...DST offset 30 60 90 or 120 minutes Time Zone Offset from GMT in HH MM Use these pull down menus to specify your local time zone s offset from Greenwich Mean Time GMT DST Repeating Settings Repeating U...

Страница 92: ...ime DST will end DST Annual Settings Annual Using annual mode will enable DST seasonal time adjustment Annual mode requires that the DST beginning and ending date be specified concisely For example sp...

Страница 93: ...y the currently configured Access Profiles on the Switch open the Configuration folder and click on the Access Profile Table link This will open the Access Profile Table window as shown below Access P...

Страница 94: ...t header Vlan Selecting this option instructs the Switch to examine the VLAN part of each packet header and use this as the or part of the criterion for forwarding Source Mac Source MAC Mask Enter a M...

Страница 95: ...u according to the requirements for the type of profile Select Ethernet to instruct the Switch to examine the layer 2 part of each packet header Select IP to instruct the Switch to examine the IP addr...

Страница 96: ...P type value Select TCP to use the TCP port number contained in an incoming packet as the forwarding criterion Selecting TCP requires that you specify a source port mask a destination port mask or a f...

Страница 97: ...97 The window shown below is the Access Profile Configuration window for Packet Content Mask Access Profile Configuration Packet Content Mask window...

Страница 98: ...ket header Select IP to instruct the Switch to examine the IP address in each frame s s header Select Packet Content Mask to specify a mask to hide the content of the packet header Offset This field w...

Страница 99: ...rofile Table window and then click the Modify button for that individual entry Access Rule Table window To create a new rule set for the access profile click the Add button A new window is displayed T...

Страница 100: ...in the packet header that will be identified by the Switch Replace Priority 0 7 This parameter is specified if you want to change the 802 1p user priority of a packet that meets the specified criteria...

Страница 101: ...101 Access Rule Configuration IP window Configure the Access Rule Configuration settings on the window above...

Страница 102: ...pecify a mask to hide the content of the packet header Priority 0 7 Specify the priority tag located in the packet header that will be identified by the Switch Replace Dscp with 0 63 Select this optio...

Страница 103: ...103 Access Rule Configuration Package Content Mask window Configure the Access Rule Configuration settings on the window above...

Страница 104: ...o examine the IP address in each frame s header Select Packet Content Mask to specify a mask to hide the content of the packet header Priority 0 7 Specify the priority tag located in the packet header...

Страница 105: ...g OSPF Area ID Settings OSPF Interface Settings OSPF Virtual Interface Settings OSPF Area Aggregation Settings OSPF Host Route Settings DHCP BOOTP Relay DHCP BOOTP Relay Information DHCP BOOTP Relay S...

Страница 106: ...n the ARP dynamic entry table To setup permanent entries for ARP use the Static ARP Settings window described later in this chapter PIM RIP OSPF and DVMRP may also be globally enabled or disabled usin...

Страница 107: ...address and subnet mask in the corresponding fields Pull the Admin State pull down menu to Enabled and click Apply to enter to make the IP interface effective Use Save Changes in the Maintenance folde...

Страница 108: ...he backbone Only routers have connections to the backbone and OSPF is structured such that routing information changes in other areas will be introduced into the backbone and then propagated to the re...

Страница 109: ...ociated cost also called metric that is representative of the over head required to send packets over that interface This cost is inversely proportional to the bandwidth of the interface i e a higher...

Страница 110: ...ter A can reach 222 211 10 0 through Router C with a cost of 10 10 20 Router A can also reach 222 211 10 0 through Router B and Router D with a cost of 10 5 10 25 but the cost is higher than the route...

Страница 111: ...s between areas Areas are specific to the router interface A router that has all of its interfaces in the same area is called an Internal Router A router that has interfaces in multiple areas is calle...

Страница 112: ...then uses an algorithm to generate a mathematical message digest that is derived from the OSPF packet the key and the key ID This message digest a number is then appended to the packet The key is not...

Страница 113: ...o packets that a router sends on an OSPF interface The dead interval is the number of seconds that a router s Hello packets have not been seen before its neighbors declare the OSPF router down OSPF ro...

Страница 114: ...e by sending database description packets Loading The routers are finalizing the information exchange Routers have link state request list and a link state retransmission list Any information that loo...

Страница 115: ...eld Authentication Type The type of authentication to be used for the packet Authentication A 64 bit field used by the authentication scheme Hello Packet Hello packets are OSPF packet type 1 They are...

Страница 116: ...the DR or the BDR Router Dead Interval The number of seconds that must pass before declaring a silent router as down Designated Router The identity of the DR for this network in the view of the advert...

Страница 117: ...The optional capabilities supported by the router I bit The Initial bit When set to 1 this packet is the first in the sequence of Database Description packets M bit The More bit When set to 1 this in...

Страница 118: ...an adjacency A router that sends a Link State Request packet has in mind the precise instance of the database pieces it is requesting defined by LS sequence number LS checksum and LS age although the...

Страница 119: ...In order to make the flooding procedure reliable flooded advertisements are acknowledged in Link State Acknowledgment packets If retransmission of certain advertisements is necessary the retrans mitte...

Страница 120: ...urce of the advertisements being acknowl edged a Link State Acknowledgment packet is sent either to the multicast address AllSPFRouters to the multicast address AllDRouters or as a unicast packet The...

Страница 121: ...database each router constructs a shortest path tree with itself as root This yields a routing table There are four types of link state advertisements each using a common link state header These are...

Страница 122: ...The contents of this field depend on the advertisement Link State Type Advertising Router The Router ID of the router that originated the Link State Adver tisement For example in network links advert...

Страница 123: ...he area must be described in a single router links advertisement The format of the Router Links Advertisement is shown below Routers Links Advertisement In router links advertisements the Link State I...

Страница 124: ...nnection to a stub network Virtual link Link ID Identifies the object that this router link connects to Value depends on the link s Type When connecting to an object that also originates a link state...

Страница 125: ...cess network that has more than one attached router The network links advertisement is originated by the network s Desig nated router The advertisement describes all routers attached to the network in...

Страница 126: ...per area basis Default summary routes are used in stub area instead of flooding a complete set of external routes When describing a default summary route the advertisement s Link State ID is al ways...

Страница 127: ...ternal Link Advertisement is shown below AS External Link Advertisements Field Description Network Mask The IP address mask for the advertised destination E bit The type of external metric If the E bi...

Страница 128: ...domain MD5 Keys created here are entered in when setting up OSPF interfaces Please read the description in the section below about OSPF Interface Settings To configure an MD5 Key click the MD5 Key Se...

Страница 129: ...istributed Route Redistribution Settings window To create a new route redistribution criteria select the Dest Protocol destination protocol and Src Protocol source protocol from the drop down menus ch...

Страница 130: ...indow To view the new route and any other static routes configured for the Switch click the Show All Static Default Route Entries link The following fields can be set IP Address 0 0 0 0 Allows the ent...

Страница 131: ...ng entry click the X button in the Delete column for the entry you want to eliminate To delete all static ARP entries click the Clear All button Static ARP Settings window Clicking the Add button allo...

Страница 132: ...Apply button RIP can be disabled or enabled without changing any of the RIP IP interfaces settings using this window RIP Global Setting window RIP Interface Settings RIP settings are configured for e...

Страница 133: ...which version of the RIP protocol will be used to transmit RIP packets Disabled prevents the transmission of RIP packets RX Mode Disabled Toggle among Disabled V1 Only V2 Only and V1 and V2 This entry...

Страница 134: ...eneral Setting window The following parameters are used for general OSPF configuration OSPF Route ID A 32 bit number in the same format as an IP address xxx xxx xxx xxx that uniquely identifies the Sw...

Страница 135: ...k the Add Modify button to add the Area ID set to the table To remove an Area ID configuration set simply click the X in the Delete column for the configura tion To change an existing set in the list...

Страница 136: ...or in IP interface click on the hyperlinked name of the interface to see the configuration menu for that interface OSPF Interface Settings window OSPF Interface Settings Edit window Configure each IP...

Страница 137: ...that router down An interval between 5 and 65535 seconds can be specified The Dead Interval must be evenly divisible by the Hello Interval State Allows the OSPF interface to be disabled for the selec...

Страница 138: ...l interface appears Up or Down in the Status column OSPF Virtual Interface Settings Add window Configure the following parameters if you are adding or changing an OSPF Virtual Interface Transit Area I...

Страница 139: ...area to be aggregated into a summary LSDB advertisement of just the network address and subnet mask This allows for a reduction in the volume of LSDB advertisement traffic as well as a reduction in th...

Страница 140: ...Settings OSPF host routes work in a way analogous to RIP only this is used to share OSPF information with other OSPF routers This is used to work around problems that might prevent OSPF information sh...

Страница 141: ...interface on which they reside DHCP Bootp Relay Information DHCP Bootp Relay Information window This window is used to enable BOOTP Relay and configure hops and time limit Set the relay configu ratio...

Страница 142: ...nformation DNS Relay Information window The DNS Relay Information window is used to enable DNS Relay and configure IP addresses for available DNS servers Set the relay configuration as desired and cli...

Страница 143: ...p router by end hosts Utilizing VRRP the administrator can achieve a higher available default path cost without needing to configure every end host for dynamic routing or routing discovery protocols S...

Страница 144: ...o view this window click Configuration Layer 3 IP Networking VRRP VRRP Interface Settings VRRP Interface Table window This window displays VRRP entries currently set on the Switch and holds the follow...

Страница 145: ...terface to create a VRRP entry for This IP interface must be assigned to a VLAN on the Switch VRID 1 255 Enter a value between 1 and 255 to uniquely identify this VRRP group on the Switch All routers...

Страница 146: ...e network If the connection from the virtual router to this IP address fails a new Master will be elected from the backup routers participating in the VRRP group If the connection to the backup fails...

Страница 147: ...ived by a virtual router Simple Text Password A Simple password has been selected to com pare VRRP packets received by a virtual router for authentication IP Authentication Header An MD5 message diges...

Страница 148: ...y is set higher than the master router False will disable the backup router from becoming the master router Virtual Router Up Time Displays the time in minutes since the virtual router has been initia...

Страница 149: ...Query Interval 1 65535 125 Allows the entry of a value between 1 and 65535 seconds with a default of 125 seconds This specifies the length of time between sending IGMP queries Max Response Time 1 25...

Страница 150: ...tings that have been configured so it can later be enabled and apply the same settings DVMRP Global Setting window Select Enabled or Disabled and click on the Apply button to make the change DVMRP Int...

Страница 151: ...Probe Interval 10 This field allows an entry between 0 and 65 535 seconds and defines the interval between probes The default is 10 Neighbor Timeout Interval 35 This field allows an entry between 1 a...

Страница 152: ...ling PIM DM will not affect any PIM DM settings that have been configured so it can later be enabled and apply the same settings PIM DM Global Setting window Select Enabled or Disabled and click on th...

Страница 153: ...IP interface named above Hello Interval 30 This field allows an entry of between 0 and 18724 seconds and determines the interval between sending Hello packets to other routers on the net work The def...

Страница 154: ...al hosts on the same subnet as the Switch that will be allowed to manage the Switch It is recommended that the IP address of the local host that will be used to manage the Switch be entered here to av...

Страница 155: ...d host for optimal use CBC Block Ciphers CBC refers to Cipher Block Chaining which means that a portion of the previously encrypted block of encrypted text is used in the encryption of the current blo...

Страница 156: ...extension Ex c cert der Key File Name Enter the path and the filename of the key file you wish to download This file must have a der extension Ex c pkey der SSL Configuration This window will allow th...

Страница 157: ...ld is Enabled by default RSA EXPORT with RC4 40 MD5 This ciphersuite combines the RSA Export key exchange and stream cipher RC4 encryption with 40 bit keys Use the pull down menu to enable or disable...

Страница 158: ...s using the User Accounts window in the Manage ment folder This is identical to creating any other admin lever User account on the Switch including specifying a password This password is used to login...

Страница 159: ...ion timeout The user may set a time between 120 and 600 seconds The default is 300 seconds Auth Fail 2 20 Allows the administrator to set the maximum number of attempts that a user may try to log on t...

Страница 160: ...e Shell SSH SSH Algorithm Encryption Algorithm window The user may set the following parameters Encryption Algorithm 3DES CBC Use the pull down menu to enable or disable the Triple_Data Encryption Sta...

Страница 161: ...cryption The default is Enabled HMAC MD5 Use the pull down menu to enable or disable the HMAC Hash for Message Authentication Code mechanism utilizing the MD5 Message Digest encryption algorithm The d...

Страница 162: ...ter should be chosen if the administrator wishes to use a remote SSH server for authentication purposes Choosing this parameter requires the user to input the following information to identify the SSH...

Страница 163: ...one or more centralized servers The TACACS protocol encrypts all traffic between the switch and the TACACS daemon using the TCP protocol to ensure reliable delivery In order for the TACACS XTACACS TA...

Страница 164: ...he server must be configured exactly the same using the same protocol For example if the switch is set up for TACACS authentication so must be the host server Policy Parameters This command will enabl...

Страница 165: ...erface application the Telnet application the Secure Shell SSH application and the Web HTTP application Login Method List Using the pull down menu configure an application for normal login on the user...

Страница 166: ...dow This window displays the Authentication Server Groups on the Switch The Switch has four built in Authentication Server Groups that cannot be removed but can be modified To modify a particular grou...

Страница 167: ...n one authentication protocol can be run on the same physical server host but remem ber that RADIUS TACACS TACACS XTACACS are separate entities and are not compatible with each other The maximum suppo...

Страница 168: ...command will configure a user defined or default Login Method List of authentication techniques for users logging on to the Switch The sequence of techniques implemented in this command will affect t...

Страница 169: ...ame defined by the user of up to 15 characters Method 1 2 3 4 The user may add one or a combination of up to four of the following authenti cation methods to this method list local Adding this paramet...

Страница 170: ...oup If no verification is found the Switch will send an authentication request to the second TACACS host in the server group and so on until the list is exhausted At that point the Switch will restart...

Страница 171: ...enable password must be set by the user in the next section entitled Local Enable Password none Adding this parameter will require no authentication to access the switch radius Adding this parameter...

Страница 172: ...password of up to 15 characters Confirm Local Enable Confirm the new password entered above Entering a different password here from the one set in the New Local Enabled field will result in a fail mes...

Страница 173: ...Enable Admin window When this window appears click the Enable Admin button revealing a dialog box for the user to enter authentication password username as seen below A successful entry will promote...

Страница 174: ...Management to control user privileges To view existing User Accounts open the Management folder and click on the User Accounts link This will open the User Account Manage ment window as shown below U...

Страница 175: ...own menu Admin and User Privileges There are two levels of user privileges Admin and User Some menu selections available to users with Admin privileges may not be available to those with User privileg...

Страница 176: ...of the web man ager Workstations on the network that are allowed SNMP privileged access to the Switch can be restricted with the Security IP Management window located in the Security folder under Tru...

Страница 177: ...on protocol is in use DES Indicates that DES 56 bit encryption is in use based on the CBC DES DES 56 standard To add a new entry to the SNMP User Table Configuration click on the Add button on the SNM...

Страница 178: ...ts can be accessed by a remote SNMP manager SNMP View Table window To delete an existing SNMP View Table entry click the X button listed under Delete on the far left that corresponds to View Name To c...

Страница 179: ...cess by an SNMP manager View Type Select Included to include this object in the list of objects that an SNMP manager can access Select Excluded to exclude this object from the list of objects that an...

Страница 180: ...y under the Group Name heading SNMP Group Table Display window To add a new entry to the Switch s SNMP Group Table click the Add button in the upper left hand corner of the SNMP Group Table window Thi...

Страница 181: ...sed The SNMP v2c supports both centralized and distributed network management strategies It includes improvements in the Structure of Management Information SMI and adds some security features SNMPv3...

Страница 182: ...munity Table Configuration window The following parameters can set Community Name Type an alphanumeric string of up to 33 characters that is used to identify members of an SNMP community This string i...

Страница 183: ...e SNMP Host Table window This will open the SNMP Host Table Configuration window as shown below SNMP Host Table Configuration SNMP Host Table Configuration window The following parameters can set IP A...

Страница 184: ...e on the Switch To display the Switch s SNMP Engine ID open the Management folder and then the SNMPV3 folder Finally click on the SNMP Engine ID link This will open the SNMP Engine ID Configuration wi...

Страница 185: ...Multicast Forwarding Table Browse IGMP Group Table OSPF Monitor Browse OSPF LSDB Table Browse OSPF Neighbor Table Browse OSPF Virtual Neighbor Table DVMRP Monitor Browse DVMRP Routing Table Browse DV...

Страница 186: ...set Unit Specify number 15 indicates the Switch Port Allows you to specify a port to monitor from the Switch selected above Clear Clicking this button clears all statistics counters on this window Ti...

Страница 187: ...Interval 1s Select the desired setting between 1s and 60s where s stands for seconds The default value is one second Record Number 200 Select number of times the Switch will be polled between 20 and 2...

Страница 188: ...188 Rx Packets Analysis line graph for Bytes Packets window Rx Packets Analysis table for Bytes Packets window...

Страница 189: ...thisbuttoninstructstheSwitchtodisplayatableratherthanalinegraph View Line Chart ClickingthisbuttoninstructstheSwitchtodisplayalinegraphratherthanatable Bytes Counts the number of bytes received on the...

Страница 190: ...buttoninstructstheSwitchtodisplayatableratherthanalinegraph View Line Chart ClickingthisbuttoninstructstheSwitchtodisplayalinegraphratherthanatable Unicast Counts the total number of good packets that...

Страница 191: ...191 Transmitted Packets Tx Packets Analysis line graph for Bytes Packets window Tx Packets Analysis table for Bytes Packets window...

Страница 192: ...uttoninstructstheSwitchtodisplayatableratherthanalinegraph View Line Chart ClickingthisbuttoninstructstheSwitchtodisplayalinegraphratherthanatable Bytes Counts the number of bytes successfully sent fr...

Страница 193: ...line graph window Rx Error Analysis table window Select the desired Switch using the Unit drop down menu and the desired port using the Port drop down menu The Time Interval field sets the interval at...

Страница 194: ...lly indicate collision fragments a normal network occurrence OverSize Counts packets received that were longer than 1518 octets or if a VLAN frame 1522 octets and less than the MAX_PKT_LEN Internally...

Страница 195: ...195 Transmitted Errors Tx Error Analysis line graph window Tx Error Analysis table window...

Страница 196: ...mission attempt on a particular interface was delayed because the medium was busy LateColl Late Collision Late Collisions The number of times that a collision is detected later than 512 bit times into...

Страница 197: ...197 Size Various statistics can be viewed as either a line graph or a table Packet Size Packet Size Packet Size Analysis line graph window Packet Size Analysis table window...

Страница 198: ...h inclusive excluding framing bits but including FCS octets 128 255 The total number of packets including bad packets received that were between 128 and 255 octets in length inclusive excluding framin...

Страница 199: ...MAC address and a port number it makes an entry into its forwarding table These entries are then used to forward packets through the Switch MAC Address Table window The following fields can be set VL...

Страница 200: ...to the console manager Clicking Next at the bottom of the window will allow you to display all the switch Trap Logs The information is described as follows Sequence A counter incremented whenever an e...

Страница 201: ...The following field can be set Multicast Group The IP address of the multicast group MAC Address The MAC address of the multicast group Reports The total number of reports received for this group Bro...

Страница 202: ...tatus This window displays the status of VLANs managed by the Switch VLAN Status window Session Table This window displays the management sessions since the Switch was last rebooted Current Session Ta...

Страница 203: ...ddressTablewindowmaybefoundintheMonitoringfolderintheLayer3Featuresub folder This window allows the user to view IP addresses discovered by the Switch To search a specific IP address enter it into the...

Страница 204: ...an IP address into the Destination Address field along with a proper subnet mask into the Mask field Routing Table window Browse ARP Table The ARP Table window may be found in the Monitoring folder i...

Страница 205: ...ast group IP address into the Multicast Group field or a Source IP address and click Find IP Multicast Forwarding Table window Browse IGMP Group Table The IGMP Group Table window may be found in the M...

Страница 206: ...is selected as the browse method you must enter the IP address in the Area ID field and then click Find If Advertise Router ID is selected you must enter the IP address in the Advertise Router ID fiel...

Страница 207: ...ibed by the advertisement The contents of this field depend on the advertisement s LS type LS Type Link State ID 1 The originating router s Router ID 2 The IP interface address of the network s Design...

Страница 208: ...to be monitored for each IP interface defined on the switch This folder found in the Monitoring folder offers three win dows for monitoring DVMRP Routing Table DVMRP Neighbor Address Table and DVMRP...

Страница 209: ...e IP Address in the fields at the top of the window and clicking Find DVMRP Routing Next Hop Table window PIM Monitor Multicast routers use Protocol Independent Multicast PIM to determine which other...

Страница 210: ...to the TFTP server Download Firmware To update the Switch s firmware click on the Maintenance folder and then the TFTP Services folder and then the Download Firmware link Download Firmware window Use...

Страница 211: ...initiate the file transfer Save Settings To upload the Switch settings to a TFTP server click on the Maintenance folder and then the TFTP Service folder and then the Save Settings link Save Settings...

Страница 212: ...packets to the specified IP address until the program is stopped Save Changes The KGS 3120 has two levels of memory normal RAM and non volatile or NV RAM Configuration changes are made effective clic...

Страница 213: ...t the factory Reset gives the option of retaining the Switch s User Accounts and History Log while resetting all other configuration parameters to their factory defaults If the Switch is reset with th...

Страница 214: ...the No click box instructs the Switch not to save the current configuration before restarting the Switch All of the configuration information entered from the last time Save Changes was ex ecuted wil...

Страница 215: ...forward RAM Buffer 1 MB per device Filtering Address Table 16 K MAC address per device Packet Filtering Forwarding Rate Full wire speed for all connections 148 800 pps per port for 100Mbps 1 488 000...

Страница 216: ...ng diagrams and tables show the standard RJ 45 receptacle connector and their pin assign ments The standard RJ 45 port and connector RJ 45 Pin Assignments Contact MDI X Port MDI II Port 1 RD receive T...

Страница 217: ...Mini GBIC 1000BASE LX Single mode fiber module 10km 1000BASE SX Multi mode fiber module 550m 1000BASE LHX Single mode fiber module 40km 1000BASE ZX Single mode fiber module 80km 1000BASE T Category 5e...

Страница 218: ...ckbone port A port which does not learn device addresses and which receives all frames with an unknown address Backbone ports are normally used to connect the Switch to the backbone of your network No...

Страница 219: ...et toward its destination by an internetworking device full duplex A system that allows packets to be transmitted and received at the same time and in effect doubles the potential throughput of a link...

Страница 220: ...e connec tion SNMP Simple Network Management Protocol A protocol originally designed to be used in managing TCP IP internets SNMP is presently implemented on a wide range of computers and net working...

Страница 221: ...llows an application program on one device to send a datagram to an application program on another device VLAN Virtual LAN A group of location and topology independent devices that communicate as if t...

Отзывы:

Нет отзывов