Linksys LGS308 Скачать руководство пользователя страница 152 | Manualshive

Страница: 152 / 209

background image

152

RADIUS

Remote Authorization Dial-In User Service (RADIUS) servers provide a centralized 802.1X
network access control. The device is a RADIUS client that can use a RADIUS server to provide
centralized security.
An organization can establish a RADIUS server to provide centralized 802.1X network access
control for all of its devices. In this way, authentication and authorization can be handled on a
single server for all devices in the organization.
The device can act as a RADIUS client that uses the RADIUS server for the following services:

•

Authentication—Provides authentication of regular and 802.1X users logging onto the
device by using usernames and user-defined passwords.

•

Authorization—Performed at login. After the authentication session is completed, an
authorization session starts using the authenticated username. The RADIUS server then
checks user privileges.

•

Accounting—Enable accounting of login sessions using the RADIUS server. This enables a
system administrator to generate accounting reports from the RADIUS server.

Accounting Using a RADIUS Server

The user can enable accounting of login sessions using a RADIUS server.
The user-configurable, TCP port used for RADIUS server accounting is the same TCP port that is
used for RADIUS server authentication and authorization.

«
...
150
151
152
153
154
...
»

Содержание LGS308

Страница 1: ...1 User Guide SMART SWITCH LGS3XX...

Страница 2: ...System Information 20 Management Session Timeout 21 Time 21 SNMP 27 Logs 44 Chapter5 Port Management 50 Ports 50 Link Aggregation 52 Green Ethernet 56 PoE 59 Discovery LLDP 65 Chapter 6 VLAN Managemen...

Страница 3: ...Snooping 115 Multicast Router Ports 116 Forward All 117 Unregistered Multicast 118 IGMP MLD IP Group Addresses 120 MAC Group Address FDB 121 IP Group Address FDB 123 Chapter 10 IP Interface 125 IPv4...

Страница 4: ...IPv6 Based ACE 176 ACL Binding 178 Chapter 14 Quality of Service 180 Feature Configuration 182 Queue Scheduling 183 CoS 802 1p to Queue 184 DSCP to Queue 186 Bandwidth Control 187 Egress Shaping 188...

Страница 5: ...station use the IPv6 global address and not the IPv6 link local address to access the device from your browser Launching the Configuration Utility To open the Web based configuration utility do the fo...

Страница 6: ...timeout occurs or you intentionally log out of the system a message appears and the login page appears with a message indicating the logged out state Interface Naming Conventions Within the GUI inter...

Страница 7: ...ype Click Save to display the Configuration File Copy page and save the Running Configuration to the Startup Configuration file type on the device Close Click to return to the previous page Any change...

Страница 8: ...8 Configuring with Menu Command Line Interface To configure with the device through the menu CLI 1 Log on to the device through telnet 2 Configure the device 3 Click Logout...

Страница 9: ...mode System Description A description of the system SystemLocation Physicallocationofthedevice To edit this field go to Configuration System Management System Information System Contact Name of a cont...

Страница 10: ...nd time System Uptime Length of time since last reboot RMON RMON Statistics The Statistics page displays detailed information regarding packet sizes and information regarding physical layer errors The...

Страница 11: ...packets over 2000 octets received Fragments Number of fragments packets with less than 64 octets excluding framing bits but including Frame Check Sequence octets received Jabbers Total number receive...

Страница 12: ...ory Table page that can be viewed by clicking the History button To enter RMON control information 1 Click System Status RMON History 2 Click Add 3 Enter the parameters New History Control Entry Index...

Страница 13: ...tatistics were taken from this sample Drop Events Dropped packets due to lack of network resources during the sampling interval This may not represent the exact number of dropped packets but rather th...

Страница 14: ...ures the occurrences that trigger an alarm To define RMON events 1 Click System Status RMON Events This page displays previously defined events 2 Click Add 3 Enter the parameters Event Entry Index Dis...

Страница 15: ...onfiguration file 5 Click Event Log to display the log of alarms that have occurred and that have been logged see description below RMON Events Logs The Event Log Table page displays the log of events...

Страница 16: ...n the Add RMON Alarm page below Counter Value Displays the value of the statistic during the last sampling period 2 Click Add 3 Enter the parameters Alarm Entry Index Displays the alarm entry number I...

Страница 17: ...value triggers the falling threshold alarm o Rising and Falling Both rising and falling values trigger the alarm Owner Enter the name of the user or network management system that receives the alarm 4...

Страница 18: ...nds o Total Octets Octets received including bad packets and FCS octets but excluding framing bits o Unicast Packets Good Unicast packets received o Multicast Packets Good Multicast packets received o...

Страница 19: ...used pages Link Name on the Page Linked Page Configure User Accounts and Management Access User Access Accounts Configure Device IP Address IPv4 Interface Create VLANs VLANs Configure VLAN Memberships...

Страница 20: ...name of a contact person System Host Name Select the host name of this device o Default The default host name System Name of these switches is switch123456 where 123456 represents the last three byte...

Страница 21: ...tion settings on the device Time Network time synchronization is critical because every aspect of managing securing planning and debugging a network involves determining when events occur Without sync...

Страница 22: ...r in one of the following ways Client Broadcast Reception passive mode SNTP servers broadcast the time and the device listens to these broadcasts When the device is in this mode there is no need to de...

Страница 23: ...bled or fails Note The DHCP server must supply DHCP option 100 in order for dynamic time zone configuration to take place System Time Use the System Time page to select the system time source If the s...

Страница 24: ...m any SNTP servers on the subnet Manual Date Time Set the date and time manually The local time is used when there is no alternate source of time such as an SNTP server Time Zone Time Zone from DHCP S...

Страница 25: ...on the same date every year This allows customization of the start and stop of DST Day Day of the week on which DST begins every year Week Week within the month from which DST begins every year Month...

Страница 26: ...ing the algorithm described in RFC 2030 Delay Estimated round trip delay of the server s clock relative to the local clock over the network path between them in milliseconds The host determines the va...

Страница 27: ...ith the lowest stratum level distance from the reference clock that is reachable The server with the lowest stratum is considered to be the primary server The server with the next lowest stratum is a...

Страница 28: ...Pv1 or v2 1 Navigate to the SNMP Communities page and click Add The community can be associated with access rights and a view in Basic mode or with a group in Advanced mode There are two ways to defin...

Страница 29: ...P database 2 Optionally define SNMP view s by using the Views page This limits the range of Object IDs available to a community or group 3 Define groups by using the Groups page 4 Define users by usin...

Страница 30: ...1000 3 8 1 LGS318 18 Port Smart Gigabit Switch enterprises 1 linksys 3955 smb 1000 3 18 1 LGS326 26 Port Smart Gigabit Switch enterprises 1 linksys 3955 smb 1000 3 26 1 LGS308P 8 Port Smart Gigabit P...

Страница 31: ...ault MAC address This engine ID must be unique for the administrative domain so that no two devices in a network have the same engine ID Local information is stored in four MIB variables that are read...

Страница 32: ...nd Engine ID To add the IP address of an engine ID 4 Click Add Enter the following fields Remote Engine IP Address Select whether to specify the Engine ID server by IP address or name IP Version Selec...

Страница 33: ...ss mode through the Communities page To define SNMP views 1 Click Configuration System Management SNMP Views 2 Click Add to define new views 3 Enter the parameters View Name Enter a view name between...

Страница 34: ...s whether the defined object and its subtree are included or excluded in the selected SNMP view Groups In SNMPv1 and SNMPv2 a community string is sent along with the SNMP frames The community string a...

Страница 35: ...ication Read View Only authenticated users are allowed to read the view By default all users or community of a group can access all the MIB objects A group can be limited to specific view s based on t...

Страница 36: ...enticated but does not encrypt them o Authorized View Select the Read Write and Notify views associated with this group and with the above security level o Authentication and Privacy Authenticates SNM...

Страница 37: ...r Database To receive inform messages and request information you must define both a local and remote user o Local User is connected to the local device o Engine User is connected to a different SNMP...

Страница 38: ...ted 4 Click Apply to save the settings Communities Access rights in SNMPv1 and SNMPv2 are managed by defining communities in the Communities page The community name is a type of shared password betwee...

Страница 39: ...A link local address has a prefix of FE80 is not routable and can be used for communication only on the local network Only one link local address is supported If a link local address exists on the in...

Страница 40: ...fined and the Running Configuration is updated Notification Filters The Notification Filter page enables configuring SNMP notification filters and Object IDs OIDs that are checked After creating a not...

Страница 41: ...ted 4 Include or exclude in Object Filter If this is selected the selected MIBs are included in the filter otherwise they are excluded 5 Click Apply The SNMP views are defined and the running configur...

Страница 42: ...er IPv4 or IPv6 IPv6 Address Type Select either Link Local or Global o Link Local The IPv6 address uniquely identifies hosts on a single network link A link local address has a prefix of FE80 is not r...

Страница 43: ...he IPv6 address uniquely identifies hosts on a single network link A link local address has a prefix of FE80 is not routable and can be used for communication only on the local network Only one link l...

Страница 44: ...the User page the security level on this screen can be either No Authentication or Authentication Only or Authentication and Privacy The options are o No Authentication Indicates the packet is neithe...

Страница 45: ...The event severity levels are listed from the highest severity to the lowest severity 1 Emergency System is not usable 2 Alert Action is needed 3 Critical System is in a critical condition 4 Error Sy...

Страница 46: ...e options o None Do not include the origin identifier in SYSLOG messages o Hostname Include the system hostname in SYSLOG messages o IPv4 Address Include the IPv4 address of the sending interface inSY...

Страница 47: ...ame o IP Version Select the supported IP version o IPv6 Address Type Select the IPv6 address type if IPv6 is used The options Global The IPv6 address is a global Unicast IPV6 type that is visible and...

Страница 48: ...If a second facility code is assigned the first facility value is overridden o Description Enter a server description o Minimum Logging Level Select the minimum level of system log messages to be sent...

Страница 49: ...ry in chronological order The minimum severity for logging is configured in the Log Management page Flash logs remain when the device is rebooted You can clear the logs manually Click Configuration Sy...

Страница 50: ...ure is enabled 3 To update the port settings select the desired port and click Edit Select Your Port o Port Select the port number from the drop down menu Port settings o Operational Status Displays w...

Страница 51: ...tise its transmission speed duplex mode and flow control abilities to the port link partner o Port Speed Port type determines available speeds You can designate this field only when port Auto Negotiat...

Страница 52: ...nel LAG LAGs multiply the bandwidth increase port flexibility and provide link redundancy between two devices This switch supports two kinds of LAG Static A LAG is static if the LACP is disabled The p...

Страница 53: ...hen a port is added to a LAG the configuration of the LAG is applied to the port When the port is removed from the LAG its original configuration is reapplied Protocols such as Spanning Tree consider...

Страница 54: ...red and click Edit Select Your LAG o LAG Select the LAG from the drop down menu LAG Settings o Operational Status Whether the LAG is up or down o Port List Move those ports that are to be assigned to...

Страница 55: ...e the available speeds You can designate this field only when port auto negotiation is disabled o Auto Advertisement Select the capabilities to be advertised by the LAG Max Capability All LAG speeds a...

Страница 56: ...djusted for various cable lengths If the cable is shorter than 50 meters the device uses less power to send frames over the cable thus saving energy This mode is only supported on RJ45 GE ports it doe...

Страница 57: ...hen there is no traffic and this feature is enabled on the port the port is placed in the LPI mode which reduces power consumption dramatically Both sides of a connection device port and connecting de...

Страница 58: ...his is supported in GE models only 802 3 EEE Configuration Workflow This section describes how to configure the 802 3 EEE feature and view its counters 1 Ensure that auto negotiation is enabled on the...

Страница 59: ...elect a port and click Edit Select Your Port o Port Select a port from the drop down menu Port Settings o Energy Detect Mode Select to enable o Short Reach Mode Select to enable o 802 3 EEE Mode Selec...

Страница 60: ...iation the PD specifies its class which is the amount of maximum power that the PD consumes Power Consumption After the classification stage completes the PSE provides power to the PD If the PD suppor...

Страница 61: ...versa when the device is operational forces the Powered Device to reboot Maximum port limit allowed as a per port numerical limit in mW Port Limit mode The PoE specific hardware automatically detects...

Страница 62: ...r allowed Output power is disabled during power on reboot initialization and system configuration to ensure that PDs are not damaged To configure PoE on the device and monitor current power usage 1 Cl...

Страница 63: ...r supply is low For example if the power supply is running at 99 usage and port 1 is prioritized as high but port 3 is prioritized as low port 1 receives power and port 3 might be denied power Power A...

Страница 64: ...es power and port 3 might be denied power Class Class configured on this port The classes are shown in the following Class Maximum Power Delivered by Device Port 0 15 4 watt 1 4 0 watt 2 7 0 watt 3 15...

Страница 65: ...that provides and accepts information from media endpoint devices such as VoIP phones and video phones Some notes about LLDP configuration LLDP can be enabled or disabled globally or per port The LLD...

Страница 66: ...f they are in the same VLAN An LLDP capable device may receive advertisements from more than one device if the LLDP incapable devices flood the LLDP packets Workflows Following are examples of actions...

Страница 67: ...he neighbor o power priority Port power priority o power value Port power value 2 Enter the following fields LLDP Status Select to enable LLDP on the device enabled by default LLDP Frame Handling If L...

Страница 68: ...or manual configuration o 802 3 Link Aggregation Whether the link associated with the port on which the LLDP PDU is transmitted can be aggregated It also indicates whether the link is currently aggre...

Страница 69: ...tion Whether Location TLV is transmitted PoE Whether POE PSE TLV is transmitted Inventory Whether Inventory TLV is transmitted 2 The message at the top of the page indicates whether the generation of...

Страница 70: ...l TLVs Note The following fields must be entered in hexadecimal characters in the exact data format that is defined in the LLDP MED standard ANSI TIA 1057_final_for_publication pdf Location Coordinate...

Страница 71: ...rt identifier that is shown o Port ID Identifier of port o Port Description Information about the port including manufacturer product name and hardware software version Management Address o Displays t...

Страница 72: ...on o Serial Number Device serial number o Manufacturer Name Device manufacturer name o Model Name Device model name o Asset ID Asset ID Location Information o Civic Street address o Coordinates Map co...

Страница 73: ...confirm the Global items o MSAP Entry Device Media Service Access Point MSAP entry number Basic Details o Chassis ID Subtype Type of chassis ID for example MAC address o Chassis ID Identifier of the 8...

Страница 74: ...Class 1 Indicates a generic endpoint class offering basic LLDP services Endpoint Class 2 Indicates a media endpoint class offering media streaming capabilities as well as all Class 1 features Endpoint...

Страница 75: ...k policy user priority o DSCP Network policy DSCP LLDP MED Network Policy LLDP Media Endpoint Discovery LLDP MED is an extension of LLDP that provides the following additional capabilities to support...

Страница 76: ...ails on how the device maintains its voice VLAN To define an LLDP MED network policy 1 Click Configuration Port Management Discovery LLDP LLDP MED Network This page contains previously created network...

Страница 77: ...f multiple tagged VLANs A port in VLAN Access mode can be part of only one VLAN If it is in General or Trunk mode the port can be part of one or more VLANs VLANs address security and scalability issue...

Страница 78: ...o not have direct connectivity to each other over the Ethernet MAC layer Device VLANs can only be created statically Some VLANs can have additional roles including Voice VLAN For more information refe...

Страница 79: ...ing on all the ports in the VLAN after saving the configuration and rebooting the device Removes VLAN membership of the ports from the original default VLAN takes effect after reboot Changes the PVID...

Страница 80: ...tion VLAN Management VLANs 2 Click Add to add one or more new VLANs The page enables the creation of either a single VLAN or a range of VLANs 3 Enter the following fields for the new VLANs VLAN Select...

Страница 81: ...Join VLAN page is displayed 4 Enter the values for the following fields Interface Select a Port LAG Interface VLAN Mode Select the interface mode for the VLAN The options are Access The interface is a...

Страница 82: ...Apply The parameters are written to the Running Configuration file Join VLAN When a port is forbidden default VLAN membership that port is not allowed membership in any other VLAN An internal VID of...

Страница 83: ...a member of any other VLAN enabling this option on the port makes the port part of internal VLAN 4095 a reserved VID Excluded The interface is currently not a member of the VLAN This is the default f...

Страница 84: ...es must be to the same VLAN In other words the PVID on the ports between the two devices must be the same if the ports are to send and receive untagged packets to and from the VLAN Otherwise traffic m...

Страница 85: ...er of the VLAN This is the default for all the ports and LAGs when the VLAN is newly created Tagged The interface is a tagged member of the VLAN This is not relevant for Access ports Untagged The inte...

Страница 86: ...addresses on the same port The following table describes the availability of MAC based groups in various SKUs Table 1 MAC Based Group Availability SKU System Mode MAC Based Groups S d Smart Layer 2 Y...

Страница 87: ...Length Prefix of the MAC address 4 Click Apply The MAC address is assigned to a VLAN group MAC Based VLAN per interface See Table 1 for a description of the availability of this feature Ports LAGs mus...

Страница 88: ...the voice VLAN if it receives a packet with a source MAC address matching one of the configured telephony OUIs An OUI is the first three bytes of an Ethernet MAC address For more information about Tel...

Страница 89: ...lephony OUI voice streams you can override the class of service and optionally remark the 802 1p of the voice streams by specifying the desired CoS 802 1p values and using the remarking option under T...

Страница 90: ...ble automatically adding ports to voice VLAN when OUI packets are received Remark CoS 802 1p Select the enable remarking packets with the CoS 802 1p value Aging Time Enter the time delay to remove a p...

Страница 91: ...lick Restore the system recovers the known OUIs 4 Click Apply The OUI is added to the Telephony OUI Table Telephony OUI Interfaces QoS attributes can be assigned per port to the voice packets in one o...

Страница 92: ...face Select an interface Telephony OUI VLAN If enabled the interface is a candidate port of the telephony OUI based voice VLAN When packets that match one of the configured telephony OUI are received...

Страница 93: ...network topologies to provide faster convergence of the spanning tree This is most effective when the network topology is naturally tree structured and therefore faster convergence might be possible R...

Страница 94: ...STP ports The default path cost assigned to an interface varies according to the selected method o Short Specifies the range 1 through 65 535 for port path costs o Long Specifies the range 1 through 2...

Страница 95: ...d Delay Set the interval in seconds that a bridge remains in a learning state before forwarding packet Designated Root Bridge ID The bridge priority concatenated with the MAC address of the device Roo...

Страница 96: ...PDU packets are managed when STP is disabled on the port or the device BPDUs are used to transmit spanning tree information o Use Global Settings Select to use the settings defined in the Spanning Tre...

Страница 97: ...he port can forward traffic and learn new MAC addresses Designated Bridge ID Displays the priority and interface of the selected port Designated Port ID Displays the priority and interface of the sele...

Страница 98: ...set to forwarding state when the port link is up Fast Link optimizes the STP protocol convergence The options o Enable Enables Fast Link immediately o Disable Disables Fast Link o Auto Enables Fast L...

Страница 99: ...fic and cannot learn MAC addresses o Learning The port is in Learning Mode The port cannot forward traffic however it can learn new MAC addresses o Forwarding The port is in Forwarding Mode The port c...

Страница 100: ...switches in addition to instance zero VLAN to MSTP Instance Mapping For two or more switches to be in the same MST region they must have the same VLANs to MST instance mapping the same configuration...

Страница 101: ...rties are defined and the Running Configuration file is updated To edit an MSTP instance 1 Click Configuration Spanning Tree Management MSTP Properties 2 Select the MST instance from the MST Instance...

Страница 102: ...ed and defined Bridge Priority Set the priority of this bridge for the selected MST instance Designated Root Bridge ID Displays the priority and MAC address of the Root Bridge for the MST instance Roo...

Страница 103: ...r the interfaces on the instance are displayed Interface Select the interface for which the MSTI settings are to be defined Interface Priority Set the port priority for the specified interface and MST...

Страница 104: ...by a point to point link Backup ports also occur when a LAN has two or more established connections to a shared segment o Disabled The interface does not participate in the Spanning Tree o Boundary Th...

Страница 105: ...ions Displays the number of times the port has changed from the Forwarding state to the Blocking state 4 Select an interface and click Edit 5 Enter the parameters 6 Click Apply The Running Configurati...

Страница 106: ...or a corresponding matching MAC address in the static or dynamic table If a match is found the frame is marked for egress on the port specified in the table If frames are sent to a MAC address that is...

Страница 107: ...ch the table is queried 5 Click Search The Dynamic MAC Address Table is queried and the results are displayed 6 To delete all dynamic MAC addresses click Clear Static MAC Addresses Static MAC addresse...

Страница 108: ...nation MAC address that belongs to a reserved range per the IEEE standard the frame can be discarded or bridged The entry in the Reserved MAC Address Table can either specify the reserved MAC address...

Страница 109: ...address o All Applies to all packets with the specific MAC address and protocol Action Select one of the following actions to be taken upon receiving a packet that matches the selected criteria o Brid...

Страница 110: ...evice with Internet Group Membership Protocol IGMP snooping capabilities and a Multicast client that wants to receive a Multicast stream In this setup the router sends IGMP queries periodically These...

Страница 111: ...ource the device adds the registration to its Multicast Forwarding Data Base MFDB IGMP snooping can effectively reduce Multicast traffic from streaming bandwidth intensive IP applications A device usi...

Страница 112: ...warding to a smaller subset A common way of representing Multicast membership is the S G notation where S is the single source sending a Multicast stream of data and G is the IPv4 group address If a M...

Страница 113: ...IPv6 Multicast Forwarding Select one of the following options By MAC Address Select to enable the MAC address method for forwarding Multicast packets By IPv6 Group Address Select to enable the IPv4 g...

Страница 114: ...he VLAN ID on which IGMP snooping is defined IGMP Snooping Status Enable or disable the monitoring of network traffic for the selected VLAN Auto Learn MRouter Ports Select to enable auto learning of t...

Страница 115: ...1 Click Configuration Multicast MLD Snooping When MLD Snooping is globally enabled the device monitoring network traffic can determine which hosts have requested to receive Multicast traffic The devi...

Страница 116: ...lick Apply The Running Configuration file is updated Multicast Router Ports A Multicast router Mrouter port is a port that connects to a Multicast router The device includes the Multicast router port...

Страница 117: ...this port i e MRouter Ports Auto Learn is not enabled on this port None The port is not currently a Multicast router port 4 Click Apply to update the device Forward All The Forward All page enables an...

Страница 118: ...Configuration file is updated Unregistered Multicast Multicast frames are generally forwarded to all ports in the VLAN If IGMP Snooping is enabled the device learns about the existence of Multicast gr...

Страница 119: ...icast settings 1 Click Configuration Multicast Unregistered Multicast 2 Define the following Interface Type Define whether to display ports or LAGs Interface Settings Displays the forwarding status of...

Страница 120: ...the MAC Group Address FDB page but two entries on this page To query for an IP Multicast group 1 Click Configuration Multicast IGMP IP Group Addresses 2 Enter some or all of following query filter cr...

Страница 121: ...ed to forward Multicast streams based on MAC group addresses and its destination address is a Layer 2 Multicast address the frame is forwarded to all ports that are members of the MAC group address Th...

Страница 122: ...6 Click Apply the MAC Multicast group is saved to the Running Configuration file To configure and display the registration for the interfaces within the group select an address and click Membership T...

Страница 123: ...IP address of the sending device If mode is S G enter the sender S This together with the IP group address is the Multicast group ID S G to be displayed If mode is G enter an to indicate that the Mult...

Страница 124: ...play ports or LAGs 7 For each interface select its association type Static Attaches the interface to the Multicast group as a static member Dynamic Indicates that the interface was added to the Multic...

Страница 125: ...conds it continues to send DHCPDISCOVER queries and adopts the default IPv4 address 192 168 1 251 24 IP address collisions occur when the same IP address is used in the same IP subnet by more than one...

Страница 126: ...VLAN Select the Management VLAN used to access the device through telnet or the Web GUI VLAN1 is the default Management VLAN IP Address Type Select one of the following options o Dynamic DHCP Discove...

Страница 127: ...ly connected IP subnet is the subnet to which an IPv4 interface of the device is connected When the device is required to send route a packet to a local device it searches the ARP table to obtain the...

Страница 128: ...The Internet Protocol version 6 IPv6 is a network layer protocol for packet switched Internet works IPv6 was designed to replace IPv4 the predominantly deployed Internet protocol IPv6 introduces great...

Страница 129: ...igned New addresses remain in a tentative state during DAD verification Entering 0 in this field disables duplicate address detection processing on the specified interface Entering 1 in this field ind...

Страница 130: ...uely identifies hosts on a single network link A link local address has a prefix of FE80 is not routable and can be used for communication only on the local network Only one link local address is supp...

Страница 131: ...e randomly selects a router from the list The device supports one static IPv6 default router Dynamic default routers are routers that have sent router advertisements to the device IPv6 interface When...

Страница 132: ...ute IPv6 address 0 that uses the default router selected from the IPv6 Default Router List to send packets to destination devices that are not in the same IPv6 subnet as the device In addition to the...

Страница 133: ...ddress that is a global Unicast IPV6 type that is visible and reachable from other networks o Point to Point A Point to point tunnel Metric Value used for comparing this route to other routes with the...

Страница 134: ...figuration IP Interface IPv6 IPv6 Neighbors The following fields are displayed for the neighboring interfaces IPv6 Interface Neighboring IPv6 interface type IPv6 Address IPv6 address of a neighbor MAC...

Страница 135: ...lect to designate the device as a DNS client which can resolve DNS names into IP addresses through one or more configured DNS servers Default Domain Name Enter the DNS domain name used to complete unq...

Страница 136: ...tively determines the order in which unqualified names are completed during DNS queries 3 Click Apply The DNS server is saved to the Running Configuration file DHCP DHCP snooping provides a security m...

Страница 137: ...atures to determine legitimate packet sources DHCP Trusted Ports Ports can be either DHCP trusted or untrusted By default all ports are untrusted To create a port as trusted use the DHCP Snooping Trus...

Страница 138: ...r Forward the packet according to DHCP information If the destination address is unknown the packet is filtered DHCPREQUEST Forward to trusted interfaces only Forward to trusted interfaces only DHCPAC...

Страница 139: ...g fields DHCP Snooping Select to enable DHCP Snooping Option 82 Passthrough Select to leave foreign Option 82 information when forwarding packets Verify MAC Address Select to verify that the source MA...

Страница 140: ...yed for each interface for which the DHCP Snooping is enabled Interface On which DHCP Snooping is enabled or disabled Interface IP Address IP address of the interface on which DHCP Snooping is enabled...

Страница 141: ...ed To designate an interface as untrusted go to Interface Settings DHCP Snooping Binding Database Note the following points about maintenance of the DHCP Snooping Binding database The device does not...

Страница 142: ...vant search criteria and click Search 2 To add an entry click Add and enter the fields VLAN ID VLAN on which a packet is expected MAC Address MAC address of a packet IPv4 Address IP address of a packe...

Страница 143: ...e Settings To configure trusted interfaces Click Configuration IP Network Operation Interface Settings Interface Interface identifier DHCP Snooping Trusted Interface Whether the interface is DHCP Snoo...

Страница 144: ...f the selected authentication methods are RADIUS and Local and all configured RADIUS servers are queried in priority order and do not reply the user is authenticated locally If an authentication metho...

Страница 145: ...ice 3 Click Add to add a new user or click Edit to modify a user 4 Enter the parameters User Name Enter a new username between 0 and 20 characters UTF 8 characters are not permitted Password Enter a p...

Страница 146: ...ds for an access method 1 Click Configuration Security Management Security Management Access Authentication 2 Select an access method from the Application list 3 Use the arrows to move the authenticat...

Страница 147: ...vice at one time Access profiles consist of one or more rules The rules are executed in order of their priority within the access profile top to bottom Rules are composed of filters that include the f...

Страница 148: ...finished To add additional rules to the profile use the Profile Rules page 1 Click Configuration Security Management Security Access Profile This page displays all of the access profiles active and i...

Страница 149: ...and LAGs o Port Rule applies to ports o LAG Rule applies to LAGs o VLAN Rule applies to VLANs Source IP Address Select the type of source IP address to which the access profile applies The Source IP A...

Страница 150: ...at are allocated to the IT management center In this way the device can still be managed and has gained another layer of security To add profile rules to an access profile 1 Click Configuration Securi...

Страница 151: ...The options are o All Applies to all ports VLANs and LAGs o Port Select the port attached to the rule o LAG Select the LAG attached to the rule o VLAN Select the VLAN attached to the rule Source IP Ad...

Страница 152: ...Authentication Provides authentication of regular and 802 1X users logging onto the device by using usernames and user defined passwords Authorization Performed at login After the authentication sessi...

Страница 153: ...lure is considered to have occurred Timeout for Reply Enter the number of seconds that the device waits for an answer from the RADIUS server before retrying the query or switching to the next server D...

Страница 154: ...g Port Enter the UDP port number of the RADIUS server port for accounting requests Priority Enter the priority of the server The priority determines the order the device attempts to contact the server...

Страница 155: ...1x protocol for authentication it runs the supplicant part of the 802 1x protocol and the client part of the EAP protocol Authenticator An authenticator is a network device that provides network serv...

Страница 156: ...onfigured in the Host Authentication page Multi Host Mode A port is authorized if there is at least one authorized client When a port is unauthorized and a guest VLAN is enabled untagged traffic is re...

Страница 157: ...t authorized with the old method 802 1x Based Authentication The device supports the 802 1x authentication mechanism as described in the standard to authenticate and authorize 802 1x supplicants The 8...

Страница 158: ...guest VLAN in Single Host and Multi Host Mode Untagged traffic and tagged traffic belonging to the guest VLAN arriving on an unauthorized port are bridged via the guest VLAN All other traffic is disc...

Страница 159: ...uration file is updated 5 Click Configuration Security Network Access Control Port Authentication 6 Select the required port and click Edit 7 Set the Host Authentication mode 8 Select a port and click...

Страница 160: ...ntication Enable or disable port based authentication If this is disabled 802 1X is disabled Authentication Method Select the user authentication methods The options are as follows o RADIUS None Perfo...

Страница 161: ...e Authorized state such as host authentication it is recommended that you change the port control to Force Authorized before making changes When the configuration is complete return the port control t...

Страница 162: ...AN Select to indicate that the usage of a previously defined guest VLAN is enabled for the device Enables using a guest VLAN for unauthorized ports If a guest VLAN is enabled the unauthorized port aut...

Страница 163: ...ated on each port MAC Address Displays the supplicant MAC address Port Number of the port VLAN ID VLAN where the host is learned or assigned Session Time Amount of time that the supplicant was logged...

Страница 164: ...dropped Frames are dropped unless they belong to the unauthenticated VLANs N S The authentication method does not support the port mode Authenticated Traffic With RADIUS VLAN Without RADIUS VLAN Unta...

Страница 165: ...addresses are not subject to aging or relearning Limited Dynamic Lock The device learns MAC addresses up to the configured limit of allowed addresses After the limit is reached the device does not lea...

Страница 166: ...current dynamic MAC addresses associated with the port The port learns up to the maximum addresses allowed on the port Both relearning and aging of MAC addresses are enabled Maximum Addresses Enter t...

Страница 167: ...rate of Broadcast Multicast or Unknown Unicast frames is higher than the user defined threshold frames received beyond the threshold are discarded To define Storm Control 1 Click Configuration Securit...

Страница 168: ...Enter the maximum rate at which unknown packets can be forwarded The default for this threshold is 10 000 for FE devices and 100 000 for GE devices 3 Click Apply Storm control is modified and the Runn...

Страница 169: ...se of this default drop action you must explicitly add ACEs into the ACL to permit the desired traffic including management traffic such as Telnet HTTP or SNMP that is directed to the device itself Fo...

Страница 170: ...ce using the ACL Binding page 2 If the ACL is part of the class map and not bound to an interface then it can be modified 3 If the ACL is part of a class map contained in a policy bound to an interfac...

Страница 171: ...Configuration Access Control List MAC based ACE 2 Select an ACL and click Search The ACEs in the ACL are listed 3 Click Add 4 Enter the parameters ACL Name Select the name of the ACL to which an ACE...

Страница 172: ...bits where there are 1 s You need to translate the 1 s to a decimal integer and you write 0 for each four zeros In this example since 1111 1111 255 the mask would be written as 0 0 0 255 Source MAC A...

Страница 173: ...ncluding wildcards DSCP IP precedence value Note ACLs are also used as the building elements of flow definitions for per flow QoS handling The IPv4 Based ACL page enables adding ACLs to the system The...

Страница 174: ...E The options o Permit Forward packets that meet the ACE criteria o Deny Drop packets that meet the ACE criteria o Shutdown Drop packet that meets the ACE criteria and disable the port to which the pa...

Страница 175: ...on addresses Destination IP Address Value Enter the IP address to which the destination IP address is to be matched Destination IP Wildcard Mask Enter the mask to define a range of IP addresses Source...

Страница 176: ...s all currently defined IPv6 Based ACLs 2 Click Add 3 Enter the name of the new ACL in the ACL Name field The names are case sensitive 4 Click Apply The IPv6 Based ACL is saved to the Running Configur...

Страница 177: ...rotocol ID Instead of selecting the name enter the protocol ID Source IP Address Select Any if all source addresses are acceptable or User Defined to enter a source address or range of source addresse...

Страница 178: ...he Running Configuration file ACL Binding When an ACL is bound to an interface port LAG or VLAN its ACE rules are applied to packets arriving at that interface Packets that do not match any of the ACE...

Страница 179: ...to the interface IPv4 Based ACL Select an IPv4 Based ACL to be bound to the interface IPv6 Based ACL Select an IPv6 Based ACL to be bound to the interface Permit Any Unmatched Packets Select to enable...

Страница 180: ...long See Queue Scheduling Other Traffic Class Handling Attribute Applies QoS mechanisms to various classes including bandwidth management QoS Operation When using the QoS feature all traffic of the sa...

Страница 181: ...aper and queue setting WRR SP bandwidth setting are reset to default values All other user configurations remain intact QoS Workflow To configure general QoS parameters 1 Choose the QoS mode Basic or...

Страница 182: ...the device Basic QoS is enabled on the device in Basic mode 3 Select Port LAG and click Search to display modify all ports LAGs on the device and their CoS information The following fields are displa...

Страница 183: ...R In WRR mode the number of packets sent from the queue is proportional to the weight of the queue the higher the weight the more frames are sent For example if there are a maximum of four queues poss...

Страница 184: ...s the queue number Scheduling Method Select one of the following options o Strict Priority Traffic scheduling for the selected queue and all higher queues is based strictly on the queue priority o WRR...

Страница 185: ...page and bandwidth allocation Bandwidth page it is possible to achieve the desired quality of service in a network The CoS 802 1p to Queue mapping is applicable only if one of the following exists The...

Страница 186: ...de and DSCP is the trusted mode Non IP packets are always classified to the best effort queue The following tables describe the default DSCP to queue mapping DSCP 63 55 47 39 31 23 15 7 Queue 3 3 4 3...

Страница 187: ...e ingress interface Excess bandwidth above this limit is discarded The following values are entered for egress shaping Committed Information Rate CIR sets the average maximum amount of data allowed to...

Страница 188: ...te Enter the maximum bandwidth for the egress interface Egress Committed Burst Size CBS Enter the maximum burst size of data for the egress interface in bytes of data This amount can be sent even if i...

Страница 189: ...ximum rate CIR in Kbits per second Kbps CIR is the average maximum amount of data that can be sent Committed Burst Size Enter the maximum burst size CBS in bytes CBS is the maximum burst of data allow...

Страница 190: ...d at the edge of the QoS domain To define the Trust configuration 1 Click Configuration Quality of Service Basic QoS 2 Select the Trust Mode while the device is in Basic mode The Trust mode determines...

Страница 191: ...before the interface Ethernet statistics are refreshed The available options o No Refresh Statistics are not refreshed o 15 Sec Statistics are refreshed every 15 seconds o 30 Sec Statistics are refre...

Страница 192: ...erfaces and queues with a high DP Drop Precedence o Set 2 Displays the statistics for Set 2 that contains all interfaces and queues with a low DP Interface Select the ports for which statistics are di...

Страница 193: ...Configuration file and the backup configuration file File Management System files are files that contain configuration information firmware images or boot code Various actions can be performed with th...

Страница 194: ...The Startup Configuration is retained in flash memory and is preserved when the device is rebooted At this time the Startup Configuration is copied to RAM and identified as the Running Configuration B...

Страница 195: ...atus of the new image to be the active image by using the procedure in the Active Firmware Image section Then boot the device To upgrade or backup a software image 1 Click Maintenance File Management...

Страница 196: ...ported If a link local address exists on the interface this entry replaces the address in the configuration o Global The IPv6 address is a global Unicast IPV6 type that is visible and reachable from o...

Страница 197: ...Displays the image file that is currently active on the device Version Displays the firmware version of the active image Active Firmware Image After Reboot Displays the image that is active after rebo...

Страница 198: ...Running Configuration You can reboot the device by using the process described in the Management Interface section To backup or restore the system configuration file 1 Click Maintenance File Managemen...

Страница 199: ...main name of the TFTP server Note If the server is selected by name in the Server Definition there is no need to select the IP version related options 4 Click Apply The file is upgraded or backed up 5...

Страница 200: ...n the device is rebooted The following combinations of copying internal file types are allowed From the Running Configuration to the Startup Configuration or Backup Configuration From the Startup Conf...

Страница 201: ...n block of the Copper Test page Preconditions to Running the Copper Port Test Before running the test Mandatory Disable Short Reach mode go to Port Management Green Ethernet Properties Optional Disabl...

Страница 202: ...Result Error has occurred Distance to Fault Distance from the port to the location on the cable where the fault was discovered Port Operational Status Displays whether port is up or down Note TDR tes...

Страница 203: ...to a destination device Ping operates by sending Internet Control Message Protocol ICMP echo request packets to the target host and waiting for an ICMP response sometimes called a pong It measures th...

Страница 204: ...the Host Definition Ping Interval Length of time the system waits between ping packets Ping is repeated the number of times configured in the Number of Pings field whether the ping succeeds or not Cho...

Страница 205: ...has a prefix of FE80 is not routable and can be used for communication only on the local network Only one link local address is supported If a link local address exists on the interface this entry re...

Страница 206: ...such as an intrusion detection system A network analyzer connected to the monitoring port processes the data packets for diagnosing debugging and performance monitoring Up to four sources can be mirr...

Страница 207: ...yzer port to where packets are copied A network analyzer such as a PC running Wireshark is connected to this port If a port is identified as an analyzer destination port it remains the analyzer destin...

Страница 208: ...ort Click Get Support to go to the Linksys Small Business support website Resources available there include setup help frequently asked questions software downloads live chat with technical support an...

Страница 209: ...ademarks mentioned are the property of their respective owners Licenses and notices for third party software used in this product may be viewed here http support linksys com en us license Please conta...

Отзывы:

Нет отзывов

Похожие инструкции для LGS308

SmartSwitch 6500

Бренд: Cabletron Systems Страницы: 150

MMAC-Plus 9H421-12

Бренд: Cabletron Systems Страницы: 38

Бренд: Cabletron Systems Страницы: 86

MMAC-Plus 9T125-24

Бренд: Cabletron Systems Страницы: 30

7C03 MMAC SmartSWITCH

Бренд: Cabletron Systems Страницы: 16

Бренд: IBM Страницы: 2

Бренд: Jabra Страницы: 4

LINK 14201-20 - DATASHEET FOR TOSHIBA PHONES

Бренд: Jabra Страницы: 2

ePowerSwitch 8M+R2

Бренд: Neol Страницы: 74

TRIPP LITE Series

Бренд: Eaton Страницы: 8

Бренд: BeeSecure Страницы: 35

Бренд: Adler Страницы: 8

PowerSwitch Z9332F-ON

Бренд: Dell EMC Страницы: 16

AW-FGT-100C-120

Бренд: Vivotek Страницы: 2

Бренд: GarrettCom Страницы: 39

Бренд: 3onedata Страницы: 2

Бренд: N-Tron Страницы: 17

kontron KSwitch D4 MF

Бренд: S&T Страницы: 100

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды