NETGEAR GS716Tv2 - ProSafe Gigabit Managed Switch Скачать руководство пользователя страница 173 | Manualshive

Страница: 173 / 246

NETGEAR GS716Tv2 - ProSafe Gigabit Managed Switch Скачать руководство пользователя страница 173

GS716Tv2 and GS724Tv3 Software Administration Manual

Managing Device Security

5-47

v1.0, July 2009

IP ACL

IP ACLs allow network managers to define classification actions and rules for specific ingress
ports. Packets can be filtered on ingress (inbound) ports only. If the filter rules match, then some
actions can be taken, including dropping the packet or disabling the port. For example, a network
administrator defines an ACL rule that says port number 20 can receive TCP packets. However, if
a UDP packet is received the packet is dropped.

ACLs are composed of access control entries (ACE), or rules, that consist of the filters that
determine traffic classifications.

Use the IP ACL Configuration page to add or remove IP-based ACLs.

To display the IP ACL page:

1.

Click

Security



ACL

, then click the

Advanced



IP ACL

link.

Table

5-29

shows the current size of the ACL table versus the maximum size of the ACL

table. The current size is equal to the number of configured IPv4 plus the number of
configured MAC ACLs. The maximum size is 100.

Figure

5-29

«
...
171
172
173
174
175
...
»

Содержание GS716Tv2 - ProSafe Gigabit Managed Switch

Страница 1: ...202 10484 01 July 2009 NETGEAR Inc 350 E Plumeria Drive San Jose CA 95134 USA GS716Tv2 and GS724Tv3 Software Administration Manual...

Страница 2: ...ficate of the Manufacturer Importer It is hereby certified that the Gigabit Smart Switch has been suppressed in accordance with the conditions set out in the BMPT AmtsblVfg 243 1991 and Vfg 46 1992 Th...

Страница 3: ...become the cause of radio interference Read instructions for correct handling Product and Publication Details Model Number GS716T and GS724T Publication Date July 2009 Product Family GS716T GS724T Ser...

Страница 4: ...v1 0 July 2009 iv...

Страница 5: ...rk 1 1 Switch Management Interface 1 2 SmartWizard Discovery in a Network with a DHCP Server 1 3 SmartWizard Discovery in a Network without a DHCP Server 1 4 Manually Assigning Network Parameters 1 5...

Страница 6: ...2 15 SNMP V1 V2 2 16 Community Configuration 2 17 Trap Configuration 2 19 Trap Flags 2 20 SNMP v3 User Configuration 2 21 LLDP 2 23 LLDP Configuration 2 23 LLDP Port Settings 2 24 Local Information 2...

Страница 7: ...abase Information 3 35 IGMP Snooping Table 3 36 MFDB Table 3 37 MFDB Statistics 3 39 IGMP Snooping VLAN Configuration 3 40 Configuring IGMP Snooping Queriers 3 42 IGMP Snooping Querier Configuration 3...

Страница 8: ...uration 5 19 Access Rule Configuration 5 21 Port Authentication 5 22 802 1X Configuration 5 23 Port Authentication 5 24 Port Summary 5 28 Traffic Control 5 30 MAC Filter Configuration 5 30 MAC Filter...

Страница 9: ...ing Port Mirroring 6 23 Multiple Port Mirroring 6 23 Chapter 7 Maintenance Reset 7 1 Rebooting the Switch 7 1 Reset Configuration to Defaults 7 2 Upload File From Switch 7 3 Uploading Files 7 5 Downlo...

Страница 10: ...guration Examples Virtual Local Area Networks VLANs B 1 VLAN Example Configuration B 2 Access Control Lists ACLs B 4 MAC ACL Example Configuration B 5 Standard IP ACL Example Configuration B 6 802 1X...

Страница 11: ...it will function in a network using its remaining factory default parameters However a greater level of configuration anywhere from the basic up to the maximum possible will give your network the full...

Страница 12: ...the GS716T GS724T switch Appendix B Configuration Examples on page B 1 contains examples of how to configure various features on the GS716T GS724T switch such as VLAN and Access Control List ACL conf...

Страница 13: ...notice may result in personal injury or death GS716Tv2 and GS724Tv3 Software Administration Manual xiii v1 0 July 2009 Scope This manual is written for the Smart Switch according to these specificatio...

Страница 14: ...ML Each page in the HTML version of the manual is dedicated to a major topic Select File Print from the browser menu to print the page contents Printing from PDF Your computer must have the free Adobe...

Страница 15: ...icon in the upper left of your browser window Revision History Tip If your printer supports printing two pages on a single sheet of paper you can save paper and printer ink by selecting this feature...

Страница 16: ...GS716Tv2 and GS724Tv3 Software Administration Manual xvi v1 0 July 2009...

Страница 17: ...work The switch comes up with a default IP address of 192 168 0 239 and DHCP is enabled by default To access the switch over a network you must first configure it with network information an IP addres...

Страница 18: ...tches on your network segment When you power up your switch for the first time the SmartWizard Discovery utility enables you to configure its basic network parameters without prior knowledge of the IP...

Страница 19: ...mputer 4 Start the SmartWizard Discovery utility 5 Click Discover for the SmartWizard Discovery utility to find your GS716T or GS724T switch You should see a screen similar to the one shown in Figure...

Страница 20: ...d to management of the switch covered in Using the Web Interface on page 1 9 SmartWizard Discovery in a Network without a DHCP Server This section describes how to set up your switch in a network with...

Страница 21: ...IP is 192 168 0 239 3 Install the SmartWizard Discovery utility on your computer 4 Start the SmartWizard Discovery utility 5 Click Discover for the SmartWizard Discovery utility to find your GS716T o...

Страница 22: ...gh they do not appear in the Windows view You need Windows Administrator privileges to change these settings To modify your NIC settings 1 On your PC access the MS Windows operating system TCP IP Prop...

Страница 23: ...age of improvements and additional features as they become available The upgrade procedure and the required equipment are described below This procedure assumes that you have downloaded or otherwise o...

Страница 24: ...pgrade Password Enter your password then click Apply the default password is password Start Upgrade Shows upgrading in progress 3 Click Start to begin loading the upgrade The system software is automa...

Страница 25: ...ize and requirements and on your preference The GS716Tv2 and GS724Tv3 Software Administration Manual describes how to use the Web based interface to manage and monitor the system Using the Web Interfa...

Страница 26: ...GS716Tv2 and GS724Tv3 Software Administration Manual 1 10 Getting Started v1 0 July 2009 3 After the system authenticates you the System Information page displays Figure 1 6...

Страница 27: ...rious device functions When you select a tab its hierarchical tree view is on the left side of the Web interface The tree view contains a list of various device features The branches in the navigation...

Страница 28: ...Each page contains access to the HTML based help that explains the fields and configuration options for the page Many pages also contain command buttons Table 1 2 shows the following command buttons...

Страница 29: ...ation and feature components The Device View is available from the System Device View page The port coloring indicates whether a port is currently active Green indicates that the port is enabled red i...

Страница 30: ...online help pages are context sensitive For example if the IP Addressing page is open the help topic for that page displays if you click Help Figure 1 7 on page 1 11 shows the location of the Help lin...

Страница 31: ...ryption settings for the SNMPv3 admin profile by using the Web interface 1 Navigate to the System SNMP SNMPv3 User Configuration page 2 To enable authentication select an Authentication Protocol optio...

Страница 32: ...ical interfaces Logical Interface Represents a logical interface This is applicable for a LAG port channel interface which is represented as l1 l2 and so on Table 1 4 Types of Interface Interface Desc...

Страница 33: ...onnectivity on page 2 3 Time on page 2 5 Denial of Service on page 2 13 Green Ethernet Configuration on page 2 15 SNMP V1 V2 on page 2 16 SNMP v3 User Configuration on page 2 21 LLDP on page 2 23 Syst...

Страница 34: ...switch You may use up to 31 alphanumeric characters The factory default is blank System Contact Enter the contact person for this switch You may use up to 31 alphanumeric characters The factory defau...

Страница 35: ...band connectivity with the switch via any of the switch s front panel ports The configuration parameters associated with the switch s network interface do not affect the configuration of the front pa...

Страница 36: ...ectivity Fields Field Description IP Address The IP address of the network interface The factory default value is 192 168 0 239 Note Each part of the IP address must start with a number other than zer...

Страница 37: ...as the time source for example a GPS system Stratum 1 A server that is directly linked to a Stratum 0 time source is used Stratum 1 time servers provide primary network time standards Stratum 2 The ti...

Страница 38: ...figuration page 1 Click System Management Time SNTP Global Configuration in the navigation menu 2 Use the Time option to set the time locally on the switch Select the Clock Source as Local by checking...

Страница 39: ...witch is located expressed as the number of hours The options in the Time Zone menu specify the time difference from UTC time zone 4 Click Apply to send the updated configuration to the switch Configu...

Страница 40: ...agement Time SNTP Global Configuration in the navigation menu Time Specifies the duration of the box in hours minutes and seconds since the last reboot Time Zone When using SNTP NTP time servers to up...

Страница 41: ...request timed out without receiving a response from the SNTP server Bad Date Encoded The time provided by the SNTP server is not valid Version Not Supported The SNTP version supported by the server i...

Страница 42: ...s take effect immediately SNTP Server Configuration Use the SNTP Server Configuration page to view and modify information for adding and modifying Simple Network Time Protocol SNTP servers To display...

Страница 43: ...ely SNTP Server Status The SNTP Server Status page displays status information about the SNTP servers configured on your switch To access the SNTP Server Status page Table 2 5 SNTP Server Configuratio...

Страница 44: ...of the last SNTP request to this server If no packet has been received from this server a status of Other is displayed Other None of the following enumeration values Success The SNTP operation was su...

Страница 45: ...dress First Fragment TCP Header size is smaller than the configured value TCP Fragment IP Fragment Offset 1 TCP Flag TCP Flag SYN set and Source Port 1024 or TCP Control Flags 0 and TCP Sequence Numbe...

Страница 46: ...disable this option by selecting the corresponding line on the pulldown entry field Enabling First Fragment DoS prevention causes the switch to drop packets that have a TCP header smaller than the co...

Страница 47: ...gs SYN and FIN set The factory default is disabled Denial of Service L4 Port Enable or disable this option by selecting the corresponding line on the pulldown entry field Enabling L4 Port DoS preventi...

Страница 48: ...to the following pages Community Configuration on page 2 17 Trap Configuration on page 2 19 Trap Flags on page 2 20 Figure 2 8 Table 2 8 Green Ethernet Configuration Fields Field Description Auto Pow...

Страница 49: ...vileges and status set to Enable Public with Read Only privileges and status set to Enable These are well known communities Use this page to change the defaults or to add other communities Only the co...

Страница 50: ...MP clients may use that community to access this device If either Management Station IP or Management Station IP Mask value is 0 0 0 0 access is allowed from any IP address Otherwise every client s ad...

Страница 51: ...lete the currently selected receiver configuration Cancel Cancel the configuration on the screen Reset the data on the screen to the latest value of the switch Apply Sends the updated configuration to...

Страница 52: ...MP V1 V2 Trap Flags Community String Enter the community string for the SNMP trap packet to be sent to the trap manager This may be up to 16 characters and is case sensitive Status Select the receiver...

Страница 53: ...n and reset the data on the screen to the latest value of the switch SNMP v3 User Configuration This is the configuration for SNMP v3 To access this page 1 Click System SNMP SNMP V3 User Configuration...

Страница 54: ...ou select None The user will be unable to access the SNMP data from an SNMP browser MD5 or SHA The user login password will be used as SNMPv3 authentication password and you must therefore specify a p...

Страница 55: ...cessed by stations implementing the receive function The transmit and receive functions can be enabled disabled separately per port By default both transmit and receive are disabled on all ports The a...

Страница 56: ...tree Figure 2 13 Table 2 15 LLDP Configuration Fields Field Description LLDP Properties TLV Advertised Interval Specifies the interval at which frames are transmitted The default is 30 seconds and the...

Страница 57: ...ransmitting LLDP PDUs on the selected ports Rx Only Enable only receiving LLDP PDUs on the selected ports Tx and Rx Enable both transmitting and receiving LLDP PDUs on the selected ports Disabled Do n...

Страница 58: ...er to notify subscribers of remote data change statistics The default is disabled Optional TLV s Enable or disable the transmission of optional type length value TLV information from the interface The...

Страница 59: ...btype Identifies the type of data displayed in the Chassis ID field Chassis ID Identifies the 802 LAN device s chassis System Name Identifies the system name associated with the remote device To confi...

Страница 60: ...ame of the port in the Interface column of the Port Information table A popup window displays information for the selected port Port Description Identifies the user defined description of the port To...

Страница 61: ...ies Displays the port speed auto negotiation capabilities such as 1000BASE T half duplex mode or 100BASE TX full duplex mode Operational MAU Type Displays the Medium Attachment Unit MAU type The MAU p...

Страница 62: ...Field Description MSAP Entry Displays the Media Service Access Point MSAP entry number for the remote device Local Port Shows the interface on the local system that received LLDP information from a r...

Страница 63: ...Information 2 31 v1 0 July 2009 3 To view more information about the remote device click the link in the MSAP Entry field A popup window displays information for the selected port 4 Click Refresh to...

Страница 64: ...GS716Tv2 and GS724Tv3 Software Administration Manual 2 32 Configuring System Information v1 0 July 2009...

Страница 65: ...n page 3 42 Searching and Configuring the Forwarding Database on page 3 47 Configuring and Viewing Device Port Information The pages on the Ports tab allows you to view and monitor the physical port i...

Страница 66: ...port For additional information about port monitoring see Chapter 6 Monitoring the System LAG Indicates that the port is a member of a Link Aggregation trunk For more information see LAG Membership o...

Страница 67: ...an 10m PHYs are placed in low power mode nominal power Disable The port is administratively down and does not participate in Green Ethernet mode Physical Status Indicates the physical port s speed and...

Страница 68: ...ng that the higher speed switch refrains from sending packets Transmissions are temporarily halted to prevent buffer overflows To display the Flow Control page 1 Click Switching Ports and then click t...

Страница 69: ...s A static port channel interface does not require a partner system to be able to aggregate its member ports Static LAGs are supported When a port is added to a LAG as a static member it neither trans...

Страница 70: ...efault is Disable Admin Mode Select Enable or Disable from the menu When the LAG port channel is disabled no traffic will flow and LAGPDUs will be dropped but the links that form the LAG port channel...

Страница 71: ...onfiguration to the switch Configuration changes take effect immediately LAG Membership Use the LAG Membership page to group one or more full duplex Ethernet links to be aggregated together to form a...

Страница 72: ...figuration in the navigation tree 2 Click Refresh to reload the page and display the most current information Port Selection Table Select the ports as members of this LAG Current Members Displays the...

Страница 73: ...uration in the navigation tree 2 Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch 3 If you make any changes to this page click...

Страница 74: ...it is connected both belong to the same VLAN Each VLAN in a network has an associated VLAN ID which appears in the IEEE 802 1Q tag in the Layer 2 header of packets transmitted on a VLAN An end station...

Страница 75: ...new VLAN You can only enter data in this field when you are creating a new VLAN The range of the VLAN ID is 1 4093 VLAN Name Use this optional field to specify a name for the VLAN It can be up to 32 a...

Страница 76: ...tion changes take effect immediately VLAN Membership Configuration Use this page to configure VLAN Port Membership for a particular VLAN You can select the Group operation through this page To display...

Страница 77: ...e this field to select all the ports and configure them Possible values are Untag All Select all the ports on which all frames transmitted from this VLAN will be untagged All the ports will be include...

Страница 78: ...onfiguration in the navigation tree Untagged Tagged Port Members Click Untagged Port Members or Tagged Port Members to see the port list and use it to add the ports you selected to this VLAN Each port...

Страница 79: ...ntagged or priority tagged frames received on this port The factory default is 1 Acceptable Frame Types Specify how you want the port to handle untagged and priority tagged frames Whichever you select...

Страница 80: ...slight modifications in the working but not the end effect chief among the effects is the rapid transitioning of the port to Forwarding The difference between the RSTP and the traditional STP IEEE 80...

Страница 81: ...Port Configuration on page 3 27 STP Statistics on page 3 31 STP Switch Configuration Status The Spanning Tree Switch Configuration Status page contains fields for enabling STP on the switch To display...

Страница 82: ...Protocol IEEE 802 1s Configuration Name Name used to identify the configuration currently being used It may be up to 32 alphanumeric characters Configuration Revision Level Number used to identify th...

Страница 83: ...number of times the topology has changed for the CST Topology Change The value of the topology change parameter for the switch indicating if a topology change is in progress on any port assigned to t...

Страница 84: ...ally set to the next lowest priority that is a multiple of 4096 For example if the priority is attempted to be set to any value between 0 and 4095 it will be set to 0 The default priority is 32768 Bri...

Страница 85: ...d CST Port Configuration in the navigation tree Bridge Forward Delay secs Specifies the switch forward delay time which indicates the amount of time in seconds a bridge remains in a listening and lear...

Страница 86: ...is Disable Port State The Forwarding state of this port Path Cost Set the Path Cost to a new value for the specified port in the common and internal spanning tree It takes a value in the range of 1 20...

Страница 87: ...tus Use the Spanning Tree CST Port Status page to display Common Spanning Tree CST and Internal Spanning Tree on a specific port on the switch To display the Spanning Tree CST Port Status page 1 Click...

Страница 88: ...base MAC address of the bridge Designated Cost Displays cost of the port participating in the STP topology Ports with a lower cost are less likely to be blocked if STP detects loops Designated Bridge...

Страница 89: ...rface The physical or port channel interfaces associated with VLANs associated with the CST Role Each MST Bridge Port that is enabled is assigned a Port Role for each spanning tree The port role will...

Страница 90: ...ID This is only visible when the select option of the MST ID select box is selected The ID of the MST being created Valid values for this are between 1 and 4094 Priority Specifies the bridge priority...

Страница 91: ...e selected or unselected for reconfiguring the association of VLANs to MST instances Bridge Identifier The bridge identifier for the selected MST instance It is made up using the bridge priority and t...

Страница 92: ...Advanced MST Port Configuration in the navigation tree Figure 3 17 and Figure 3 18 show the left and right portions of the Web page Figure 3 17 Figure 3 18 Note If no MST instances have been configur...

Страница 93: ...e of 16 For example if you set a value between 0 and 15 the priority is set to 0 If you specify a number between 16 and 31 the priority is set to 16 Port Path Cost Set the Path Cost to a new value for...

Страница 94: ...port is currently in the learning mode The port cannot forward traffic however it can learn new MAC addresses Forwarding The port is currently in the forwarding mode The port can forward traffic and...

Страница 95: ...the latest STP statistics information Figure 3 20 Table 3 18 Spanning Tree Statistics Fields Field Description Interface Select a physical or port channel interface to view its statistics STP BPDUs R...

Страница 96: ...well for broadcast packets that are intended to be seen or processed by all connected nodes In the case of multicast packets however this approach could lead to less efficient use of network bandwidth...

Страница 97: ...Shows the number of multicast control frames that have been processed by the CPU Interfaces Enabled for IGMP Snooping Lists the interfaces currently enabled for IGMP Snooping To enable interfaces for...

Страница 98: ...figuration Use the IGMP Snooping Interface Configuration page to configure IGMP snooping settings on specific interfaces To access the IGMP Snooping Interface Configuration page 1 Click Switching Mult...

Страница 99: ...rwarded only to the ports that are members of that multicast group The Switching Multicast folder contains links to the following pages Host Timeout Specify the amount of time you want the switch to w...

Страница 100: ...Forwarding Database that were created for IGMP snooping To access the IGMP Snooping Table page 1 Click Switching Multicast IGMP Snooping IGMP Snooping Table in the navigation tree Figure 3 23 Table 3...

Страница 101: ...try consists of a MAC address Entries may contain data for more than one protocol To access the MFDB Table page 1 Click Switching Multicast IGMP Snooping MFDB Table in the navigation tree Type This di...

Страница 102: ...If the address exists that entry will be displayed An exact match is required VLAN ID The VLAN ID to which the multicast MAC address is related Component This is the component that is responsible for...

Страница 103: ...e MFDB table To access the MFDB Statistics page 1 Click Switching Multicast IGMP Snooping MFDB Statistics in the navigation tree Interface The list of interfaces that are designated for forwarding Fwd...

Страница 104: ...on the system Table 3 23 Multicast Forwarding Database Statistics Fields Field Description Max MFDB Table Entries Shows the maximum number of entries that the Multicast Forwarding Database table can h...

Страница 105: ...immediately remove the layer 2 LAN interface from its forwarding table entry upon receiving an IGMP leave message for that multicast group without first sending out MAC based general queries to the i...

Страница 106: ...rt where the end device is located These pages enable you to configure and display information on IGMP snooping queriers on the network and separately on VLANs The IGMP Snooping Querier folder contain...

Страница 107: ...r Admin Mode Select the administrative mode for IGMP Snooping for the switch from the menu The default is Disable Snooping Querier Address Specify the Snooping Querier Address to be used as source add...

Страница 108: ...take effect immediately IGMP Snooping Querier VLAN Configuration Use this page to configure IGMP queriers for use with VLANs on the network To access this page 1 Click Switching Multicast IGMP Snoopin...

Страница 109: ...s Use this page to view the operational state and other information for IGMP snooping queriers for VLANs on the network To access this page Querier Election Participate Mode Enable or disable Querier...

Страница 110: ...end out periodic queries with a time interval equal to the configured querier query interval If the snooping switch sees a better querier numerically lower in the VLAN it moves to non querier mode Non...

Страница 111: ...has forwarding and or filtering information This information is used by the transparent bridging function in determining how to propagate a received frame To access this page 1 Click Switching Addres...

Страница 112: ...and for which VLAN exists in the VLAN database MAC Address A unicast MAC address for which the switch has forwarding and or filtering information The format is a six byte MAC address with each byte s...

Страница 113: ...ng database The forwarding database contains static entries which are never aged out and dynamically learned entries which are removed if they are not updated within a given time To access the Configu...

Страница 114: ...Switching Address Table Advanced Address Table in the navigation tree You can search for MAC Addresses by VLAN ID MAC Address or interface Search by VLAN ID Select VLAN ID from the menu and enter the...

Страница 115: ...e switch has forwarding and or filtering information The MAC address is in the format of 6 two digit hexadecimal numbers that are separated by colons For example 00 0f 5e 45 67 89 is the MAC Address I...

Страница 116: ...tatic MAC Address in the navigation tree 2 Click Refresh to reload the page and display the latest MAC address learned on a specific port 3 Enter a new static MAC address in the field select the VLAN...

Страница 117: ...from the port and apply the new settings to the system The screen refreshes and the MAC address no longer appears in the table on the page 5 Click Cancel to cancel the configuration on the screen and...

Страница 118: ...GS716Tv2 and GS724Tv3 Software Administration Manual 3 54 Configuring Switching Information v1 0 July 2009...

Страница 119: ...by the switch QoS is a means of providing consistent predictable data delivery by distinguishing between packets that have strict timing requirements from those that are more tolerant of delay Packets...

Страница 120: ...the mapping table to be of any use so there are default actions performed when this is not the case These actions involve directing the packet to a specific CoS level configured for the ingress port a...

Страница 121: ...Field Description Global Select the Global option to apply the same trust mode to all CoS configurable interfaces Global Trust Mode Specifies whether or not all interfaces trust a particular packet m...

Страница 122: ...check box next to an individual port to apply a trust mode or rate to a specific interface Interface Trust Mode Specifies whether or not an interface or all interfaces if all interfaces are selected t...

Страница 123: ...The configuration process is simplified by allowing each CoS queue parameter to be configured globally or per port A global configuration change is automatically applied to all ports in the system To...

Страница 124: ...s of 1 Scheduler Type Selects the type of queue processing from the drop down menu Options are Weighted and Strict Defining on a per queue basis allows the user to create the desired service character...

Страница 125: ...CoS configurable interfaces Select an individual interface from the menu to override the global settings for 802 1p priority mapping on a per interface basis 802 1p Priority This row contains traffic...

Страница 126: ...e switch 3 If you make changes to the page click Apply to apply the changes to the system Figure 4 5 Table 4 5 IP DSCP Mapping Configuration Fields Field Description DSCP Lists the DSCP values to whic...

Страница 127: ...s Control Lists Management Security Settings From the Management Security Settings page you can configure the login password Remote Authorization Dial In User Service RADIUS settings Terminal Access C...

Страница 128: ...nt created by the user The entered password will be displayed in asterisks Passwords are one to 20 alphanumeric characters in length and are case sensitive New Password Enter the optional new or chang...

Страница 129: ...hentication method for Web Access Access Control Port 802 1X The RADIUS folder contains links to the following features Global Configuration on page 5 3 Server Configuration on page 5 5 Accounting Ser...

Страница 130: ...ore the next server is attempted A retransmit will not occur until the configured timeout value on that server has passed without a response from the RADIUS server Therefore the maximum delay in recei...

Страница 131: ...he RADIUS server to add To modify settings for a RADIUS server that is already configured on the switch select the check box next to the server address Authentication Port Identifies the authenticatio...

Страница 132: ...a second between the most recent Access Reply Access Challenge and the Access Request that matched it from this RADIUS authentication server Access Requests The number of RADIUS Access Request packet...

Страница 133: ...ver Configuration page Bad Authenticators The number of RADIUS Access Response packets containing invalid authenticators or signature attributes received from this server Pending Requests The number o...

Страница 134: ...able 5 5 RADIUS Accounting Server Configuration Fields Field Description Accounting Server Address Enter the IP address of the RADIUS accounting server to add Port Identifies the authentication port t...

Страница 135: ...ns The number of RADIUS Accounting Request packets retransmitted to this server Accounting Responses Displays the number of RADIUS packets received on the accounting port from this server Malformed Ac...

Страница 136: ...orization session starts using the authenticated user name The TACACS server checks the user privileges The TACACS protocol ensures network security through encrypted protocol exchanges between the de...

Страница 137: ...ith which the switch can communicate To display the TACACS Server Configuration page 1 Click Security Management Security and then click the TACACS Server Configuration link Table 5 7 TACACS Configura...

Страница 138: ...S Configuration Fields Field Description TACACS Server Use the list to select the IP address of the TACACS server to view or configure If fewer than five RADIUS servers are configured on the system th...

Страница 139: ...drop down menu and then click Delete Authentication List Configuration Use the Authentication List page to configure the default login list A login list specifies one or more authentication methods t...

Страница 140: ...red ID and password will be used for authentication Since the local method does not time out if you select this option as the first method no other method will be tried even if you have specified more...

Страница 141: ...The Security Access tab contains the following folders HTTP Configuration on page 5 15 Secure HTTP Configuration on page 5 16 Certificate Download on page 5 18 Access Profile Configuration on page 5 1...

Страница 142: ...ration Fields Field Description Java Mode This select field is used to Enable or Disable the Web Java Mode This applies to both secure and un secure HTTP connections The currently configured value is...

Страница 143: ...rsion 3 0 The currently configured value is shown when the Web page is displayed The default value is Enable TLS Version 1 Enables or Disables Transport Layer Security Version 1 0 The currently config...

Страница 144: ...be true The file to download from the TFTP server is on the server in the appropriate directory The file is in the correct format The switch has a path to the TFTP server HTTPS Session Hard Timeout Se...

Страница 145: ...ption File Type Select the type of SSL certificate to download which can be one of the following SSL Trusted Root Certificate PEM File SSL Trusted Root Certificate File PEM Encoded SSL Server Certific...

Страница 146: ...e added Maximum length is 32 characters Activate Profile Select the check box to activate an access profile DeActivate Profile Select the check box to deactivate an access profile Remove Profile Selec...

Страница 147: ...o configure the rules about what systems can access the GS716T and GS724T Web interface and what protocols are allowed To access the Access Rule Configuration page 1 Click Security Access and then cli...

Страница 148: ...on Rule Type Select Permit to allow access to the switch administrative pages for traffic that meets the criteria you configure for the rule Any traffic that does not meet the rules is denied Select D...

Страница 149: ...e the RADIUS server that performs the authentication on behalf of the authenticator and indicates whether the user is authorized to access system services The Port Authentication folder contains links...

Страница 150: ...and then click the Advanced Port Authentication link Table 5 17 Port Access Control Port Configuration Fields Field Description Port Based Authentication State Select Enable or Disable 802 1X adminis...

Страница 151: ...GS716Tv2 and GS724Tv3 Software Administration Manual Managing Device Security 5 25 v1 0 July 2009 Figure 5 15 Figure 5 16...

Страница 152: ...ntication The Guest VLAN timeout must be a value in the range of 1 300 The default value is 90 Periodic Reauthentication Use this field to enable or disable reauthentication of the supplicant for the...

Страница 153: ...trol direction for the specified port The control direction dictates the degree to which protocol exchanges take place between Supplicant and Authenticator This affects whether the unauthorized contro...

Страница 154: ...y for the action to occur 4 Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch 5 Click Apply to send the updated screen to the sw...

Страница 155: ...tomatically detects the mode of the interface Force Authorized Places the interface into an authorized state without being authenticated The interface sends and receives normal traffic without client...

Страница 156: ...urity MAC Address on page 5 37 Protected Ports Membership on page 5 38 MAC Filter Configuration Use the MAC Filter Configuration page to create MAC filters that limit the traffic allowed into and out...

Страница 157: ...Address The MAC address of the filter in the format 00 01 1A B2 53 4D You can only change this field when you have selected the Create Filter option You cannot define filters for these MAC addresses 0...

Страница 158: ...hat are configured on the system To display the MAC Filter Summary page 1 Click Security Traffic Control and then click the MAC Filter MAC Filter Summary link 2 Click Refresh to update the page with t...

Страница 159: ...ge responses can overload network resources and or cause the network to time out The switch measures the incoming broadcast multicast unknown unicast packet rate per port and discards packets when the...

Страница 160: ...L2 unicast destination lookup failure traffic ingressing on an interface increases beyond the configured threshold the traffic will be dropped Multicast If the rate of L2 multicast traffic ingressing...

Страница 161: ...rface Configuration A MAC address can be defined as allowable by one of two methods dynamically or statically Both methods are used concurrently when a port is locked Figure 5 21 Table 5 24 Port Secur...

Страница 162: ...ely disable dynamic locking by setting the number of allowable dynamic entries to zero Static locking allows you to specify a list of MAC addresses that are allowed on a port The behavior of packets i...

Страница 163: ...Use the Security MAC Address page to convert a dynamically learned MAC address to a statically locked address To display the Security MAC Address page 1 Click Security Traffic Control and then click...

Страница 164: ...cted You need read write access privileges to modify the configuration Figure 5 23 Table 5 27 Port Security Settings Fields Field Description Convert Dynamic Address to Static Select the check box to...

Страница 165: ...Lists Access Control Lists ACLs ensure that only authorized users have access to specific resources while blocking off any unwarranted attempts to reach network resources ACLs are used to provide tra...

Страница 166: ...C Binding Table on page 5 45 Advanced IP ACL on page 5 47 IP Rules on page 5 48 IP Extended Rule on page 5 50 IP Binding Configuration on page 5 54 IP Binding Table on page 5 56 MAC ACL A MAC ACL cons...

Страница 167: ...Add 3 To delete a MAC ACL select the check box next to the Name field then click Delete 4 Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value o...

Страница 168: ...lt deny all rule is the last rule of every list To display the MAC Rules page 1 Click Security ACL then click the Basic MAC Rules link Figure 5 26 Table 5 31 MAC ACL Rule Configuration Fields Field De...

Страница 169: ...zero in a bit position means that the data must equal the value given for that bit For example if the MAC address is aa bb cc dd ee ff and the mask is 00 00 ff ff ff ff all MAC addresses with aa bb x...

Страница 170: ...e of the switch 5 To change a rule select the check box associated with the rule change the desired fields and click Apply MAC Binding Configuration When an ACL is bound to an interface all the rules...

Страница 171: ...es are applied to traffic entering the port Sequence Number An optional sequence number may be specified to indicate the order of this access list relative to other access lists already assigned to th...

Страница 172: ...ACL Rule Configuration Fields Field Description Interface Shows the interface to which the MAC ACL is bound Direction Specifies the packet filtering direction for ACL The only valid direction is Inbou...

Страница 173: ...ACL rule that says port number 20 can receive TCP packets However if a UDP packet is received the packet is dropped ACLs are composed of access control entries ACE or rules that consist of the filter...

Страница 174: ...ay the IP Rules page Table 5 34 IP ACL Configuration Fields Field Description IP ACL Enter an ACL ID The ID is an integer in the following range 1 99 Creates an IP Standard ACL which allows you to per...

Страница 175: ...en and reset the data on the screen to the latest value of the switch 5 If you change any of the settings on the page click Apply to send the updated configuration to the switch Configuration changes...

Страница 176: ...d here Enter an IP Address in the appropriate field using dotted decimal notation The address you enter is compared to a packet s source IP Address Source IP Mask Specifies the source IP address wildc...

Страница 177: ...ACL rule select the ACL ID to add the rule to and then click Add The Extended ACL Rules configuration page displays as shown in Figure 5 32 on page 5 52 3 To delete an IP rule select the check box as...

Страница 178: ...a packet matches the rule s criteria Possible values are Permit Forwards packets which meet the ACL criteria Deny Drops packets which meet the ACL criteria Egress Queue Specifies the hardware egress...

Страница 179: ...for the bit positions that are not used In contrast a wildcard mask has 0 s in a bit position that must be checked A 1 in a bit position of the ACL mask indicates the corresponding bit can be ignored...

Страница 180: ...umber If the destination L4 keyword is Other enter a user defined Port ID by which packets are matched to the rule Service Type Select one of the following three Match fields to use in matching packet...

Страница 181: ...may be specified to indicate the order of this access list relative to other access lists already assigned to this interface and direction A lower number indicates higher precedence order If a sequen...

Страница 182: ...reen to the latest value of the switch Figure 5 34 Table 5 38 IP ACL Binding Table Fields Field Description Interface Shows the interface to which the IP ACL is bound Direction Specifies the packet fi...

Страница 183: ...n page 6 1 Viewing Port Statistics on page 6 4 Managing Logs on page 6 14 Configuring Port Mirroring on page 6 23 Switch Statistics The pages in the Switch Statistics folder contain a variety of infor...

Страница 184: ...by the processor Unicast Packets Received The number of subnetwork unicast packets delivered to a higher layer protocol Multicast Packets Received The total number of packets received that were direct...

Страница 185: ...discarded or not sent Transmit Packets Discarded The number of outbound packets which were chosen to be discarded even though no errors had been detected in order to prevent their being delivered to...

Страница 186: ...bout the number and type of traffic transmitted from and received on the switch Port Statistics on page 6 4 Port Detailed Statistics on page 6 5 EAP Statistics on page 6 12 Port Statistics The Port St...

Страница 187: ...tailed Statistics page Table 6 2 Port Statistics Fields Field Description Interface Lists the ports on the system Total Packets Received Without Errors The total number of packets received that were w...

Страница 188: ...s field is blank Otherwise the possible values are Mirrored Indicates that the port has been configured as a monitoring port and is the source port in a port mirroring session For additional informati...

Страница 189: ...defined in IEEE 802 1D Disabled Blocking Listening Learning Forwarding Broken Admin Mode Shows the port control administration state Enable The port can participate in the network default Disable The...

Страница 190: ...octets in length inclusive excluding framing bits but including FCS octets Packets RX and TX 1522 Octets The total number of packets including bad packets received or transmitted that are in excess o...

Страница 191: ...es not include multicast packets Total Packets Received with MAC Errors The total number of inbound packets that contained errors preventing them from being deliverable to a higher layer protocol Jabb...

Страница 192: ...le that tree is being modified Reserved Address Discards The number of frames discarded that are destined to an IEEE 802 1 reserved address and are not supported by the system Broadcast Storm Recovery...

Страница 193: ...smitted by this port to its segment Unicast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to a subnetwork unicast address including those that we...

Страница 194: ...ds The number of frames discarded on egress for this port due to egress filtering being enabled STP BPDUs Received Number of STP BPDUs received at the selected port STP BPDUs Transmitted Number of STP...

Страница 195: ...he number of EAPOL Log off frames that have been received on the port Last Frame Version Displays the protocol version number attached to the most recently received EAPOL frame Last Frame Source Displ...

Страница 196: ...or long term archival storage Local and remote configuration of the logging capability includes filtering of messages logged or forwarded based on severity and generating component The Monitoring Logs...

Страница 197: ...Prevents the system from logging messages Behavior Indicates the behavior of the log when it is full Wrap When the buffer is full the oldest log messages are deleted as the system logs new messages St...

Страница 198: ...he message was generated by component MSTP running in thread id 2110 The message was generated on Aug 24 05 34 05 by line 318 of file mstp_api c This is the 237th message logged Messages logged to a c...

Страница 199: ...er the system startup log or the system operation log stores a message received by the log subsystem that meets the storage criteria but not both In other words on system startup if the startup log is...

Страница 200: ...include Error Critical Alert and Emergency The default severity level is Alert 1 The severity can be one of the following levels Emergency 0 The highest level warning level If the device is down or n...

Страница 201: ...us Specifies whether to send log messages to the remote syslog hosts configured on the switch Enable Messages will be sent to all configured hosts syslog collectors or relays using the values configur...

Страница 202: ...pecify the port in the text field Severity Filter Use the menu to select the severity of the logs to send to the logging host Logs with the selected severity level and all logs of greater severity are...

Страница 203: ...ble 6 11 Trap Log Statistics Field Description Number of Traps Since Last Reset The number of traps that have occurred since the switch last reboot Trap Log Capacity The maximum number of traps stored...

Страница 204: ...ted log is saved in flash memory the switch will be reset The log can hold at least 2 000 entries and is erased when an attempt is made to add an entry after it is full The event log is preserved acro...

Страница 205: ...port The packet that is copied to the destination port is in the same format as the original packet on the wire This means that if the mirror is copying a received packet the copied packet is VLAN ta...

Страница 206: ...estination port field Select Enable from the Session Mode menu and then click Apply Figure 6 10 Table 6 14 Multiple Port Mirroring Fields Field Description Source Port Lists all the ports on the syste...

Страница 207: ...e From Switch on page 7 3 Download File To Switch on page 7 5 File Management on page 7 10 Troubleshooting on page 7 13 Reset The Reset menu contains links to the following options Rebooting the Switc...

Страница 208: ...creen to the latest value of the switch 3 Click Apply to send the updated configuration to the switch Configuration changes take place immediately Reset Configuration to Defaults Use the Factory Defau...

Страница 209: ...Click Cancel to cancel the operation on the screen and reset the data on the screen to the latest value of the switch 3 Click Apply to restore the factory default settings The action occurs immediate...

Страница 210: ...o as the event log Buffered Log Retrieves the system buffered in memory log Trap Log Retrieves the system trap records The default is Error Log Image Name Specify the code image to upload either image...

Страница 211: ...dress fields 4 Click the Start File Transfer check box and then click Apply 5 Click Cancel to cancel the operation on the screen and reset the data on the screen to the latest value of the switch Down...

Страница 212: ...age to download device software the image file the configuration files and SSL files from a TFTP server to the switch You can also download files via HTTP See HTTP File Download on page 7 8 for additi...

Страница 213: ...e change the device name serial number IP address and download it to that device SSL Trusted Root Certificate PEM File SSL Trusted Root Certificate File PEM Encoded SSL Server Certificate PEM File SSL...

Страница 214: ...sure that the software image or other file to be downloaded is available on the TFTP server 4 Complete the Server Address Type TFTP Server IP Address and Remote File Name full path without TFTP server...

Страница 215: ...hoose this option to update the switch s configuration If the file has errors the update will be stopped SSL Trusted Root Certificate PEM File SSL Trusted Root Certificate File PEM Encoded SSL Server...

Страница 216: ...ation on page 7 10 Viewing the Dual Image Status on page 7 12 Dual Image Configuration The system running an older software version will ignore not load a configuration file created by the newer softw...

Страница 217: ...Bootcode 4 Click Refresh to reload the page and display the most current information 5 Click Delete Image to remove the selected image from permanent storage on the switch You cannot delete the active...

Страница 218: ...the device To display the Dual Image Status page 1 Click Maintenance File Management Dual Image Dual Image Status in the navigation menu Figure 7 7 Table 7 5 Dual Image Status Fields Field Descriptio...

Страница 219: ...ks to the following options Ping on page 7 13 TraceRoute on page 7 14 Ping Use the Ping page to tell the switch to send a Ping request to a specified IP address You can use this feature to check wheth...

Страница 220: ...ply to the ping is not received you will see Reply From IP Host Destination Unreachable Tx x Rx 0 Min Max Avg RTT 0 0 0 msec TraceRoute You can use the TraceRoute utility to discover the paths that a...

Страница 221: ...of times each hop should be probed The valid range is 1 10 MaxTTL Enter the maximum time to live for a packet in number of hops The valid range is 1 255 InitTTL Enter the initial time to live for a p...

Страница 222: ...GS716Tv2 and GS724Tv3 Software Administration Manual 7 16 Maintenance v1 0 July 2009...

Страница 223: ...alue Interfaces 14G 2 Combo G ports with SFP on GS716T 22G 2 Combo G ports with SFP on GS724T PoE N A Flash memory size 16 MB SRAM size and type 64 MB DDR Table A 2 Switch Performance Feature Value Sw...

Страница 224: ...Disabled Port trunking aggregation 6 Pre configured 802 1D spanning tree 1 Disabled 802 1w RSTP 1 Disabled 802 1s spanning tree 3 instances Disabled Static 802 1Q tagging 2 Port Trunking on GS716T 4...

Страница 225: ...with 20 rules for HTTP HTTPS SNMP access to allow deny an IP address subnet All IP addresses allowed Port MAC lock down 16 on GS716T 24 on GS724T per port Disabled Table A 6 Traffic Control Feature Se...

Страница 226: ...Features Feature Sets Supported Default IGMP snooping v1 v2 16 on GS716T 24 on GS724T per port Disabled Configurations upload download 1 N A EAPoL flooding 16 on GS716T 24 on GS724T per port Disabled...

Страница 227: ...LAN is a local area network with a definition that maps workstations on some basis other than geographic location for example by department type of user or primary application To enable traffic to flo...

Страница 228: ...rt has a default VLAN ID setting that is user configurable the default setting is 1 The default VLAN ID setting for each port can be changed in the Port PVID Configuration screen See Port VLAN ID Conf...

Страница 229: ...N ID Configuration on page 3 14 specify the PVID for ports g1 and g4 so that packets entering these ports are tagged with the port VLAN ID Port g1 PVID 10 Port g4 PVID 20 4 With the VLAN configuration...

Страница 230: ...e internal network The added packet processing required by the ACL feature does not affect switch performance That is ACL processing occurs at wire speed Access lists are a sequential collection of pe...

Страница 231: ...iple ports as members instead of binding an ACL to each port MAC ACL Example Configuration The following example shows how to create a MAC based ACL that permits Ethernet traffic from the Sales depart...

Страница 232: ...ined in the rule Also the frame must be tagged with VLAN ID 2 which is the Sales department VLAN The CoS value of the frame must be 0 which is the default value for Ethernet frames Frames that match t...

Страница 233: ...Rules screen create a rule for IP ACL 2 with the following settings Rule ID 2 Action Permit Match Every True 5 Click Add 6 From the IP Binding Configuration page assign ACL ID 1 to the interface gigab...

Страница 234: ...g devices attached to a LAN port that has point to point connection characteristics and of preventing access to that port in cases in which the authentication and authorization process fails In this c...

Страница 235: ...s authorized to access services on that controlled port A Port Access Entity PAE is able to adopt one of two distinct roles within an access control interaction 1 Authenticator A Port that enforces au...

Страница 236: ...menu select Unauthorized The Port Control setting for all other ports where authentication is not needed should be Auto or Authorized When the Port Control setting is Authorized the port is unconditi...

Страница 237: ...must be configured to allow access on the Guest VLAN MSTP Spanning Tree Protocol STP runs on bridged networks to help eliminate loops If a bridge loop occurs the network can become flooded with traff...

Страница 238: ...classified as belonging to any given VLAN thus simply and fully connects all LANs and networking devices throughout the network though frames belonging to different VLANs can take different paths with...

Страница 239: ...CIST is also an instance of spanning tree with a MSTID of 0 An instance may occur that has no VIDs allocated to it but every VLAN must be allocated to one of the other instances of spanning tree The p...

Страница 240: ...Spanning Tree State option see STP Switch Configuration Status on page 3 17 Use the default values for the rest of the STP configuration settings By default the STP Operation Mode is MSTP and the Con...

Страница 241: ...Fast Link enabled transition directly to the Forwarding state 8 Click Apply You can use the CST Port Status screen to view spanning tree information about each port 9 From the MST Configuration scree...

Страница 242: ...rom Switch 2 use VLAN 500 MST instance 2 to communicate with the hosts on Switch 3 directly Likewise hosts of Switch 1 use VLAN 300 MST instance 1 to communicate with the hosts on Switch 3 directly Th...

Страница 243: ...CP Port 3 9 LAG 3 5 LLDP 2 23 MAC Filter 5 30 Management Access 5 15 MST Port 3 27 Network Settings on the Administrative System 1 6 password 5 2 Port Security 5 34 Port VLAN ID 3 14 QoS 4 1 RADIUS 5...

Страница 244: ...8 IEEE 802 1w 3 16 3 18 IEEE 802 1X 5 3 IEEE 802 3 flow control 3 4 IEEE 802 3x 3 4 IGMP 3 32 Informational 6 18 6 20 Interface Queue Configuration 4 5 IP DSCP 4 2 Mapping 4 8 ipaddr 1 15 L LACP Port...

Страница 245: ...ddress 5 37 server HTTP 5 15 Simple Network Time Protocol 2 5 slot port 1 16 SmartWizard Discovery in a Network with a DHCP Server 1 3 in a Network without a DHCP Server 1 4 Utilities 1 6 utility 1 2...

Страница 246: ...ly 2009 Local 2 6 UTC 2 7 Zone 2 6 Time Zone 2 8 TraceRoute 7 14 Traffic Control 5 30 Trap Flags 2 20 Manager 2 20 U Unicast 2 5 upload a file 7 5 upload configuration 7 3 V VLAN 3 10 ID 3 10 managing...

Отзывы:

Нет отзывов