manualshive.com logo in svg

SignaMax 065-7910HPOEP, Руководство пользователя, Страница: 42 / 89

Поделиться
Скачать
SignaMax 065-7910HPOEP Скачать руководство пользователя страница 42

                                                 

 

              

8 Security 

42 

 

shared key.   

 

8.2 Port Authentication 

IEEE 802.1x authentication system uses extensible authentication protocol (EAP) to 

exchange information between supplicant systems and the authentication servers. When a 

supplicant system passes the authentication, the authentication server passes the 

information about the supplicant system to the authenticator system. The authenticator 

system in turn determines the state (authorized or unauthorized) of the controlled port 

according to the instructions (accept or reject) received from the RADIUS server. 

802.1x Authentication Procedure

  A supplicant system launches an 802.1x client to initiate an access request by sending 

an EAPoL-start packet to the switch, with its user name and password provided. The 

802.1x client program then forwards the packet to the switch to start the authentication 

process. 

  Upon receiving the authentication request packet, the switch sends an 

EAP-request/identity packet to ask the 802.1x client for the user name. 

  The 802.1x client responds by sending an EAP-response/identity packet to the switch 

with the user name contained in it. The switch then encapsulates the packet in a RADIUS 

Access-Request packet and forwards it to the RADIUS server.   

  Upon receiving the packet from the switch, the RADIUS server retrieves the user name 

from the packet, finds the corresponding password by matching the user name in its 

database, encrypts the password using a randomly-generated key, and sends the key to 

the switch through an RADIUS access-challenge packet. The switch then sends the key 

to the 802.1x client. 

  Upon receiving the key (encapsulated in an EAP-request/MD5 challenge  packet) from 

the switch, the client program encrypts the password of the supplicant system with the 

key and sends the encrypted password (contained in an EAP-response/MD5 challenge 

packet) to the RADIUS server through the switch. (Normally, the encryption  is 

irreversible.) 

  The RADIUS server compares the received encrypted password (contained in a RADIUS 

access-request packet) with the locally-encrypted password. If the two match, it will then 

Содержание 065-7910HPOEP

Страница 1: ...065 7910HPOEP SIGNAMAX POE Series Industrial Ethernet Switches User Manual May 6 2014 Version V 1 0...

Страница 2: ...SIGNAMAX POE Series Industrial Ethernet Switch 2 Revision History Revision Date Reason for change V1 0 2014 5 6 Initial release...

Страница 3: ...4 2 Port Aggregation 14 4 2 1 Aggregate Groups 14 4 2 2 LACP Port Setting 15 4 2 3 Aggregate Basic Setting 16 4 2 4 LACP Status Setting 16 4 3 Port Bandwidth 17 4 4 Port Mirroring 17 4 5 POE 19 5 VLAN...

Страница 4: ...9 1 1 Configuration 48 9 1 2 TLVs 51 9 1 3 LLDP Parameters 51 9 2 Neighbor Information 52 9 3 LLDP Statistics 52 10 Statistics 54 10 1 Port Status 54 10 2 Port Statistics 54 10 3 VLAN List 55 10 4 MAC...

Страница 5: ...14 4 Event Configuration 77 14 4 1 Event 78 14 4 2 Event Log 78 15 Administration 79 15 1 Language 79 15 2 IP Configuration 79 15 3 SNTP 79 15 4 SMTP 80 15 5 E mail Alarm 80 15 5 1 System Event 80 15...

Страница 6: ...nt AP network cameras etc It is designed to apply dual power supplies for redundancy with wide DC input range and support DIN rail and wall mounting for installation in industrial environments Recover...

Страница 7: ...covery time 20ms RSTP STP for network redundancy 1 2 3 Port Introduction Model Ethernet Port Console port Power supply SIGNAMAX 065 7910HPOEP 8 X10 100BaseTX port 2X1000BaseX SFP slots 1X RS232 48VDC...

Страница 8: ...r Status Description Power status indicator PWR Green On Power on Yellow Off Power off System status indicator Green On The system starts up successfully Green Off The system doesn t start up successf...

Страница 9: ...the same subnet addresses of the switch For the first time set your PC IP address as 192 168 0 x x is any number from 1 to 254 except 253 subnet mask as 255 255 255 0 And then a login window will appe...

Страница 10: ...ntrol LLDP Configures port LLDP and neighbor information and checks LLDP statistics information Statistics Checks Port Status Port Statistics VLAN List MAC Address Table IGMP Snooping Group Link Aggre...

Страница 11: ...Information 11 2 System Information The device system information is shown as follows Through SNMP you can configure the corresponding system name and system location for each switch for convenient ma...

Страница 12: ...3 Advanced Configuration 12 3 Advanced Configuration IGMP Snooping GVRP STP LACP LLDP 802 1X RecoverRing II and Modbus can be enabled or disabled globally on this page...

Страница 13: ...ly use the best operating mode while is Force is selected it needs to configure the speed and duplex manually Speed Duplex There are four choices 10M Half 10M Full 100M Half and 100M Full Flow Control...

Страница 14: ...k ID There are 13 groups T1 T13 Step 2 Specify the trunk name Step 3 Specify the trunk type Manual a manual trunk can only be manually set or deleted LACP can be disabled Static a static LACP trunk ca...

Страница 15: ...ority and MAC address of this system priority number and operation key of the port Upon receiving the information the peer compares the information with the information of other ports on the peer devi...

Страница 16: ...ximum member port number supported by the device the system will choose the ports with lower port numbers as the member ports Set LACP system priority from 1 to 65535 4 2 4 LACP Status Setting Set LAC...

Страница 17: ...ss rate limit which means the port will run in full speed for egress traffic You can also select a specific egress rate from the drop down list for a port When completing the configuration click apply...

Страница 18: ...ring state Step 2 If mirroring state is enabled choose a port as the monitoring port Caution Monitoring port cannot be link aggregration port Only one port can be selected as monitoring port Monitorin...

Страница 19: ...gy for such equipments This page has three tabs to configure various parameters POE 1 POE configuration Power management mode Allocation Class Allocation mode can be directly assigned to the PD power...

Страница 20: ...transmission provide up to 30W power supply for each POE port Off by default Priority You can select the Optional of important high or low by default the priority is low Maximun Power According to the...

Страница 21: ...host in the network receives a lot of packets whose destination is not the host itself Thus plenty of bandwidth resources are wasted causing potential serious security problems The traditional way to...

Страница 22: ...1 Advanced page so that you can enter the Port based VLAN configuration page On its page the user can create a new VLAN group with specific VID and VLAN group name Up to 255 VLAN groups can be created...

Страница 23: ...rce MAC address as shown in the follow figure of Encapsulation format of traditional Ethernet frames DA refers to the destination MAC address SA refers to the source MAC address and Type refers to the...

Страница 24: ...o the default VLAN of the inbound port for transmission Note Select 802 1Q VLAN from the VLAN Mode in 5 1 Advanced so that you can enter the 802 1Q VLAN configuration page 5 3 1 802 1Q VLAN Setting On...

Страница 25: ...port from the VLAN group However the port can be added to the VLAN group through GVRP Forbidden Does not allow the port to be added to the VLAN group even if GVRP indicates so 5 3 3 802 1Q Port This t...

Страница 26: ...ile Admit Only Tagged accepts only tagged packages and discards untagged ones VLAN Ingress Filter When enabled an Ethernet package is discarded if this port is not a member of the VLAN with which this...

Страница 27: ...be registered can be propagated to all the switches in the same switched network GARP uses the following timers Join Timer To transmit the Join messages reliably to other entities a GARP entity sends...

Страница 28: ...mically It only propagates static VLAN information That is a trunk port only permits the packets of manually configured VLANs in this mode even if you configure the port to permit the packets of all t...

Страница 29: ...5 VLAN 29...

Страница 30: ...telemedicine video telephone video conference and Video on Demand VoD The enterprise users expect to connect their regional branches together through VPN technologies to carry out operational applica...

Страница 31: ...queue with lower priority are sent You can put critical service packets into the queues with higher priority and put non critical service such as e mail packets into the queues with lower priority In...

Страница 32: ...1p priority and the local precedence cannot satisfy the user s need you can modify the map from 802 1p priority to local precedence to change the relationship between 802 1p priority and transmit que...

Страница 33: ...6 QoS 33...

Страница 34: ...cast MAC Address Specifies the destination MAC address Port Specifies the port of the outbound interface Type Choose among Dynamic Static and Blackhole Static MAC address entry Also known as permanent...

Страница 35: ...point data transmission By allowing high efficiency point to multipoint data transmission over a network multicast greatly saves network bandwidth and reduces network load With the multicast technolog...

Страница 36: ...ast group Typically a multicast source does not need to join a multicast group An information sender is referred to as a multicast source A multicast source can send data to multiple multicast groups...

Страница 37: ...packets to the multicast address 01 ac 2b 4e 32 55 Caution Multicast MAC address cannot configured on Link aggregation ports 7 3 IGMP Snooping Configuration Note Before configuring IGMP Snooping firs...

Страница 38: ...is used more and more It adds the multicast source filtering function which enabled the receiver be able to specify the multicast group to join in as well as specify the multicast source to receive m...

Страница 39: ...ly connected to multicast devices which is the IGMP Querier The lower part of this page lists static router ports of all VLANs Caution the router port should be within the VLAN Please refer to 5 VLAN...

Страница 40: ...query packets to all the hosts and router ports After it times out it will delete the port form the group It is in the range of 1 to 255 by default the value is 125 seconds Max Response Time The maxi...

Страница 41: ...ver IP IP address of the radius server to be used a valid unicast address in dotted decimal notation the default value is 192 168 0 234 Authentication Port UDP port number of the radius server ranging...

Страница 42: ...packet to ask the 802 1x client for the user name The 802 1x client responds by sending an EAP response identity packet to the switch with the user name contained in it The switch then encapsulates th...

Страница 43: ...1x is enabled you can further configure port control re authentication and Guest VLAN Auto Specify to operate in auto access control mode When one port operates in this mode all the unauthenticated h...

Страница 44: ...orderly way Quiet Period Set the quiet period when a supplicant system fails to pass the authentication the switch quiets for the set period before it processes another authentication request re init...

Страница 45: ...range of 1 to 300 the default value is 30 seconds Max Request Count Set the maximum number of times that a switch sends authentication request packets to a user It is in the range of 1 to 10 and the...

Страница 46: ...rocess is affected by the following timers Offline detect time Sets the time interval for a switch to test whether a user goes offline Upon detecting a user is offline a switch notifies the RADIUS ser...

Страница 47: ...lead to traffic congestion If the transmission rate of the three kind packets exceeds the set bandwidth the packets will be automatically discarded to avoid network broadcast storm This page sets thre...

Страница 48: ...bors in a standard management information base MIB It allows a network management system to fast detect Layer 2 network topology change and identify what the change is 9 1 Management LLDP 9 1 1 Config...

Страница 49: ...2 SNAP encapsulated LLDPDU format Field Description Destination MAC address The MAC address to which the LLDPDU is advertised It is fixed to 0x0180 C200 000E a multicast MAC address Source MAC addres...

Страница 50: ...ng in Tx and Rx mode or Tx Only mode sends LLDPDUs to its directly connected devices both periodically and when the local configuration changes To prevent the network from being overwhelmed by LLDPDUs...

Страница 51: ...t name and the version of the interface hardware software System Name Identifies the administratively assigned name for the device System Description A textual description of the device this value typ...

Страница 52: ...umber of fast sending packets It is in the range of 1 to 10 and the default value is 3 Caution Tx Interval and Tx Delay both should be smaller than TTL otherwise it will cause the neighbor device be u...

Страница 53: ...9 LLDP 53...

Страница 54: ...ts TxBadPkts RxGoodPkts RxBadPkts TxAbort Collision and DropPkt of each Ethernet port TxGoodPkts The total number of outgoing normal packets on the port including outgoing normal packets and normal pa...

Страница 55: ...des Static and Dynamic Tagged lists all ports from which packets are sent tagged Untagged lists all ports from which packets are sent untagged and Forbidden lists all ports that cannot be added to the...

Страница 56: ...fixed to Manual 10 6 2 Static Trunking Group This page shows static trunk information including Trunk ID Trunk Name Type and Port List Type is fixed to Static 10 6 3 LACP Trunking Group This page sho...

Страница 57: ...rs BPDUs contain sufficient information for the network devices to complete the spanning tree calculation 3 Basic concepts in STP 1 Root bridge A tree network must have a root hence the concept of roo...

Страница 58: ...signated port is the port AP1 on Device A Two devices are connected to the LAN Device B and Device C If Device B forwards BPDUs to the LAN the designated bridge for the LAN is Device B and the designa...

Страница 59: ...s by default Forward Delay Time This value is in the range of 4 to 30 seconds and is 15 seconds by default To prevent the occurrence of a temporary loop when a port changes its state from discarding t...

Страница 60: ...IP address While enabling port fast can avoid this problem Root protection By default the root protection function is disabled Due to configuration error or malicious attack the root bridge in the net...

Страница 61: ...DUs received on the port and ignores the protocol type If the switch receives an 802 1d BPDU after the port s migration delay timer is expired it assumes that it is connected to an 802 1d switch and s...

Страница 62: ...tection function is disabled on an edge port configuration BPDUs sent deliberately by a malicious user may reach the port If an edge port receives a BPDU it changes itself to be a non edge port Cautio...

Страница 63: ...ime is in second while RecoverRing II can cover the communication more quickly and the nodes in the ring don t affect the recovery time of RecoverRing II so it can used in large diameter network Recov...

Страница 64: ...rotocol packets within the RecoverRing II Protect VLAN It is used for transferring data packets When a VLAN is created in a ring this VLAN must be configured as a Protect VLAN or Control VLAN Fast det...

Страница 65: ...pling function of the selected ring To enable this function the associated ring must be enabled first Coupling Mode There are four coupling modes Dual homing Coupling Primary Coupling Backup and Peer...

Страница 66: ...switch It is in the range of 1 to 10 seconds The default value is 1 second FailTime Sets fail time of the switch It is in the range of 3 to 30 seconds and the default value is 3 seconds FastHelloTime...

Страница 67: ...12 RecoverRing II Configuration 67 To set those parameters the following rules shall be met 3 HelloTime FailTime and 3 FastHelloTime FastFailTime...

Страница 68: ...es data types and error codes SNMPv3 uses a user based security model USM to secure SNMP communication You can configure authentication and privacy mechanisms to authenticate access and encrypt SNMP N...

Страница 69: ...o 16 characters Select the privilege RW and RO RO Specifies the community that has been created has read only permission to access MIB objects Communities of this type can only query MIBs for device i...

Страница 70: ...ecimal number in cipher text if MD5 algorithm is used or a 40 bit hexadecimal number in cipher text if SHA algorithm is used Privacy Algorithm Select the Privacy Algorithm for the SNMP v3 User Disable...

Страница 71: ...ost to receive the traps The bottom part of this page lists all existing trap host IP addresses They can be deleted 13 2 3 Trap Port Enable or disable the trap function for each port The trap informat...

Страница 72: ...ged devices operate normally and the change of physical status of interfaces Traps in RMON and those in SNMP have different monitored targets triggering conditions and report contents RMON provides an...

Страница 73: ...ets that are longer than 1518 octets excluding framing bits but including FCS octets and has either a bad FCS with an integral number of octets FCS Error or a bad FCS with a non integral number of oct...

Страница 74: ...er about its transmitting situation Port The Ethernet port for collecting statistics Owner The entity that configured this entry and is therefore using the resources assigned to it Sampling interval s...

Страница 75: ...n None Unicast Pks In Discarded Pks In Error Pks In Unknown Protocol Pks Out Octets Out Unicast Pks Out None Unicast Pks Out Discarded Pks Out Error Pks RMON Drop Events RMON Received Octets RMON Rece...

Страница 76: ...compared directly with the thresholds at the end of the sampling interval If the value of this object is deltaValue 2 the value of the selected variable at the last sample will be subtracted from the...

Страница 77: ...Select Startup Alarm rising alarm falling alarm and rising or falling alarm Startup Alarm The alarm that is sent when this entry is set to be valid for the first time If the first sample after this en...

Страница 78: ...pe of notification that the probe makes about this event None No action Log The result will be shown in Event Log Trap The switch will send trap to the specified trap host refer to 13 2 2 Trap Host IP...

Страница 79: ...rvers and clients to ensure high clock accuracy SNTP Mode Select Service mode or Client mode If you select Client mode you need to specify the IP address of the NTP server A client sends a clock synch...

Страница 80: ...password for source e mail account Click Test to check whether the configuration is correct If it is correct the destination mail will receive an e mail 15 5 E mail Alarm This page sets the events th...

Страница 81: ...mentioned in 14 RMON of this manual 15 5 2 Port Event This page sets port event alarm configuration including Port Alarm Type Traffic Overload Traffic Threshold and Traffic Duration Port Specify the...

Страница 82: ...figuration including Power A Failure Power B Failure and RecoverRing II Broken Power A Failure Enable or disable to trigger relay alarm when power A is off Power B Failure Enable or disable to trigger...

Страница 83: ...tatistics duration time for calculating port traffic Note Traffic Overload Traffic Threshold and Traffic Duration are interrelated When Traffic Overload is enabled Traffic Threshold shall be set with...

Страница 84: ...rname Password and Privilege for the new account are set on this page Username Username a string of 3 to 16 characters Password Password a string of 1 to 16 characters Privilege Choose user or admin U...

Страница 85: ...the TFTP server and receives acknowledgement packets from the TFTP server The TFTP service mentioned in this section refers to TFTP client function of switch When an SIGNAMAX POE series Ethernet indus...

Страница 86: ...n file will be uploaded to TFTP server with the specified File Name after Apply button is clicked 15 10 3 Restore Configuration This page sets a TFTP Server IP and File Name Before restoring a configu...

Страница 87: ...5 12 Reset There are two tab pages Reset and Reset To Default Reset The switch will be reset to the factory default setting except that the IP address and user accounts are kept unchanged Reset To Def...

Страница 88: ...16 Logout 88 16 Logout Click Logout on the left menu to log out from the switch and close the browser...

Страница 89: ...ch MIB List RFC1213 MIB RFC1643 EtherLike MIB RFC1573 IF MIB RFC1493 BRIDGE MIB RFC2674 P BRIDGE MIB FMC SWITCH MIB RFC1757 RMON MIB RFC2674 Q BRIDGE MIB FMC IGMP SNOOPING MIB RSTP MIB FMC SWITCH MAC...

Отзывы:

Нет отзывов