Switch User Manual
Table Of Contents
- 00-1Cover.pdf
- 01-CLI Operation.pdf
- 02-Login Operation.pdf
- 1 Logging In to the Switching Engine
- 2 Logging In Through OAP
- 3 Logging In Through Telnet
- 4 Logging In from the Web-Based Network Management System
- 5 Logging In from NMS
- 6 Configuring Source IP Address for Telnet Service Packets
- 7 User Control
- 03-Configuration File Management Operation.pdf
- 04-VLAN Operation.pdf
- 1 VLAN Overview
- 2 VLAN Configuration
- 05-Auto Detect Operation.pdf
- 06-Voice VLAN Operation.pdf
- 07-GVRP Operation.pdf
- 08-Basic Port Configuration Operation.pdf
- 1 Basic Port Configuration
- Ethernet Port Overview
- Configuring Ethernet Ports
- Making Basic Port Configuration
- Configuring Port Auto-Negotiation Speed
- Setting the Ethernet Port Broadcast Suppression Ratio
- Enabling Flow Control on a Port
- Configuring Access Port Attribute
- Configuring Hybrid Port Attribute
- Configuring Trunk Port Attribute
- Disabling Up/Down Log Output on a Port
- Copying Port Configuration to Other Ports
- Configuring a Port Group
- Setting Loopback Detection for an Ethernet Port
- Configuring the Ethernet Port to Run Loopback Test
- Enabling the System to Test Connected Cable
- Configuring the Interval to Perform Statistical Analysis on Port Traffic
- Displaying and Maintaining Ethernet Ports
- Ethernet Port Configuration Example
- Troubleshooting Ethernet Port Configuration
- 1 Basic Port Configuration
- 09-Link Aggregation Operation.pdf
- 1 Link Aggregation Configuration
- 10-Port Isolation Operation.pdf
- 11-Port Security-Port Binding Operation.pdf
- 1 Port Security Configuration
- Port Security Overview
- Port Security Configuration
- Displaying and Maintaining Port Security Configuration
- Port Security Configuration Example
- 2 Port Binding Configuration
- 1 Port Security Configuration
- 12-DLDP Operation.pdf
- 13-MAC Address Table Management Operation.pdf
- 14-MSTP Operation.pdf
- 1 MSTP Configuration
- STP Overview
- MSTP Overview
- Configuring Root Bridge
- Configuration Prerequisites
- Configuring an MST Region
- Specifying the Current Device as a Root Bridge/Secondary Root Bridge
- Configuring the Bridge Priority of the Current Device
- Configuring the Mode a Port Recognizes and Sends MSTP Packets
- Configuring the MSTP Operation Mode
- Configuring the Maximum Hop Count of an MST Region
- Configuring the Network Diameter of the Switched Network
- Configuring the MSTP Time-related Parameters
- Configuring the Timeout Time Factor
- Configuring the Maximum Transmitting Speed on the Current Port
- Configuring the Current Port as an Edge Port
- Specifying Whether the Link Connected to a Port Is Point-to-point Link
- Enabling MSTP
- Configuring Leaf Nodes
- Configuration Prerequisites
- Configuring the MST Region
- Configuring the Mode a Port Recognizes and Sends MSTP Packets
- Configuring the Timeout Time Factor
- Configuring the Maximum Transmitting Speed on the Current Port
- Configuring a Port as an Edge Port
- Configuring the Path Cost for a Port
- Configuring Port Priority
- Specifying Whether the Link Connected to a Port Is a Point-to-point Link
- Enabling MSTP
- Performing mCheck Operation
- Configuring Guard Functions
- Configuring Digest Snooping
- Configuring Rapid Transition
- Configuring VLAN-VPN Tunnel
- STP Maintenance Configuration
- Enabling Trap Messages Conforming to 802.1d Standard
- Displaying and Maintaining MSTP
- MSTP Configuration Example
- VLAN-VPN tunnel Configuration Example
- 1 MSTP Configuration
- 15-802.1x and System Guard Operation.pdf
- 1 802.1x Configuration
- Introduction to 802.1x
- Introduction to 802.1x Configuration
- Basic 802.1x Configuration
- Advanced 802.1x Configuration
- Displaying and Maintaining 802.1x
- Configuration Example
- 2 Quick EAD Deployment Configuration
- 3 System-Guard Configuration
- 1 802.1x Configuration
- 16-AAA Operation.pdf
- 1 AAA Overview
- 2 AAA Configuration
- AAA Configuration Task List
- RADIUS Configuration Task List
- Creating a RADIUS Scheme
- Configuring RADIUS Authentication/Authorization Servers
- Configuring RADIUS Accounting Servers
- Configuring Shared Keys for RADIUS Messages
- Configuring the Maximum Number of RADIUS Request Transmission Attempts
- Configuring the Type of RADIUS Servers to be Supported
- Configuring the Status of RADIUS Servers
- Configuring the Attributes of Data to be Sent to RADIUS Servers
- Configuring the Local RADIUS Authentication Server Function
- Configuring Timers for RADIUS Servers
- Enabling Sending Trap Message when a RADIUS Server Goes Down
- Enabling the User Re-Authentication at Restart Function
- HWTACACS Configuration Task List
- Displaying and Maintaining AAA
- AAA Configuration Examples
- Troubleshooting AAA
- 3 EAD Configuration
- 17-MAC Address Authentication Operation.pdf
- 18-IP Address and Performance Operation.pdf
- 19-DHCP Operation.pdf
- 1 DHCP Overview
- 2 DHCP Relay Agent Configuration
- Introduction to DHCP Relay Agent
- Configuring the DHCP Relay Agent
- Displaying and Maintaining DHCP Relay Agent Configuration
- DHCP Relay Agent Configuration Example
- Troubleshooting DHCP Relay Agent Configuration
- 3 DHCP Snooping Configuration
- DHCP Snooping Overview
- DHCP Snooping Configuration
- Configuring DHCP Snooping
- Configuring DHCP Snooping to Support Option 82
- DHCP-Snooping Option 82 Support Configuration Task List
- Enable DHCP-snooping Option 82 support
- Configure a handling policy for DHCP packets with Option 82
- Configure the storage format of Option 82
- Configure the circuit ID sub-option
- Configure the remote ID sub-option
- Configure the padding format for Option 82
- Configuring IP Filtering
- DHCP Snooping Configuration Example
- Displaying and Maintaining DHCP Snooping Configuration
- 4 DHCP/BOOTP Client Configuration
- 20-ACL Operation.pdf
- 1 ACL Configuration
- ACL Overview
- ACL Configuration
- ACL Assignment
- Displaying and Maintaining ACL
- Examples for Upper-layer Software Referencing ACLs
- Examples for Applying ACLs to Hardware
- 1 ACL Configuration
- 21-QoS-QoS Profile Operation.pdf
- 1 QoS Configuration
- Overview
- QoS Supported by Devices
- QoS Configuration
- QoS Configuration Task List
- Configuring Priority Trust Mode
- Configuring Priority Mapping
- Setting the Priority of Protocol Packets
- Marking Packet Priority
- Configuring Traffic Policing
- Configuring Traffic Shaping
- Configuring Traffic Redirecting
- Configuring VLAN Mapping
- Configuring Queue Scheduling
- Collecting/Clearing Traffic Statistics
- Enabling the Burst Function
- Configuring Traffic Mirroring
- Displaying and Maintaining QoS
- QoS Configuration Example
- 2 QoS Profile Configuration
- 1 QoS Configuration
- 22-Mirroring Operation.pdf
- 23-ARP Operation.pdf
- 24-SNMP-RMON Operation.pdf
- 25-Multicast Operation.pdf
- 1 Multicast Overview
- 2 IGMP Snooping Configuration
- IGMP Snooping Overview
- IGMP Snooping Configuration
- IGMP Snooping Configuration Task List
- Enabling IGMP Snooping
- Configuring the Version of IGMP Snooping
- Configuring Timers
- Configuring Fast Leave Processing
- Configuring a Multicast Group Filter
- Configuring the Maximum Number of Multicast Groups on a Port
- Configuring IGMP Querier
- Suppressing Flooding of Unknown Multicast Traffic in a VLAN
- Configuring Static Member Port for a Multicast Group
- Configuring a Static Router Port
- Configuring a Port as a Simulated Group Member
- Configuring a VLAN Tag for Query Messages
- Configuring Multicast VLAN
- Displaying and Maintaining IGMP Snooping
- IGMP Snooping Configuration Examples
- Troubleshooting IGMP Snooping
- 3 Common Multicast Configuration
- 26-NTP Operation.pdf
- 1 NTP Configuration
- Introduction to NTP
- NTP Configuration Task List
- Configuring NTP Implementation Modes
- Configuring Access Control Right
- Configuring NTP Authentication
- Configuring Optional NTP Parameters
- Displaying and Maintaining NTP Configuration
- NTP Configuration Examples
- 1 NTP Configuration
- 27-SSH Operation.pdf
- 1 SSH Configuration
- SSH Overview
- Configuring the SSH Server
- SSH Server Configuration Tasks
- Configuring the Protocol Support for the User Interface
- Generating/Destroying a RSA or DSA Key Pair
- Exporting the RSA or DSA Public Key
- Creating an SSH User and Specify an Authentication Type
- Specifying a Service Type for an SSH User
- Configuring SSH Management
- Configuring the Client Public Key on the Server
- Assigning a Public Key to an SSH User
- Specifying a Source IP Address/Interface for the SSH Server
- Configuring the SSH Client
- Displaying and Maintaining SSH Configuration
- SSH Configuration Examples
- When the Device Acts as the SSH Server and the Authentication Type is Password
- When the Device Acts as an SSH Server and the Authentication Type is Publickey
- When the Switch Acts as an SSH Client and the Authentication Type is Password
- When the Device Acts as an SSH Client and the Authentication Type is Publickey
- When the Device Acts as an SSH Client and First-time authentication is not Supported
- 1 SSH Configuration
- 28-File System Management Operation.pdf
- 29-FTP-SFTP-TFTP Operation.pdf
- 1 FTP and SFTP Configuration
- Introduction to FTP and SFTP
- FTP Configuration
- SFTP Configuration
- 2 TFTP Configuration
- 1 FTP and SFTP Configuration
- 30-Information Center Operation.pdf
- 1 Information Center
- Information Center Overview
- Information Center Configuration
- Introduction to the Information Center Configuration Tasks
- Configuring Synchronous Information Output
- Configuring to Display the Time Stamp with the UTC Time Zone
- Setting to Output System Information to the Console
- Setting to Output System Information to a Monitor Terminal
- Setting to Output System Information to a Log Host
- Setting to Output System Information to the Trap Buffer
- Setting to Output System Information to the Log Buffer
- Setting to Output System Information to the SNMP NMS
- Displaying and Maintaining Information Center
- Information Center Configuration Examples
- 1 Information Center
- 31-System Maintenance and Debugging Operation.pdf
- 1 Host Configuration File Loading
- 2 Basic System Configuration and Debugging
- 3 Network Connectivity Test
- 4 Device Management
- Introduction to Device Management
- Device Management Configuration
- Displaying and Maintaining the Device Management Configuration
- 32-VLAN-VPN Operation.pdf
- 33-HWPing Operation.pdf
- 34-DNS Operation.pdf
- 35-Smart Link-Monitor Link Operation.pdf
- 36-PoE-PoE Profile Operation.pdf
- 1 PoE Configuration
- PoE Overview
- PoE Configuration
- PoE Configuration Task List
- Enabling the PoE Feature on a Port
- Setting the Maximum Output Power on a Port
- Setting PoE Management Mode and PoE Priority of a Port
- Setting the PoE Mode on a Port
- Configuring the PD Compatibility Detection Function
- Upgrading the PSE Processing Software Online
- Displaying and Maintaining PoE Configuration
- PoE Configuration Example
- 2 PoE Profile Configuration
- 1 PoE Configuration
- 37-Routing Protocol Operation.pdf
- 1 IP Routing Protocol Overview
- 2 Static Route Configuration
- 3 RIP Configuration
- 4 IP Route Policy Configuration
- 38-UDP Helper Operation.pdf
- 39-Appendix.pdf
1-2
z Local authorization: Users are authorized according to the related attributes configured for their
local accounts on this device.
z RADIUS authorization: Users are authorized after they pass RADIUS authentication. In RADIUS
protocol, authentication and authorization are combined together, and authorization cannot be
performed alone without authentication.
z HWTACACS authorization: Users are authorized by a TACACS server.
Accounting
AAA supports the following accounting methods:
z None accounting: No accounting is performed for users.
z Remote accounting: User accounting is performed on a remote RADIUS or TACACS server.
Introduction to ISP Domain
An Internet service provider (ISP) domain is a group of users who belong to the same ISP. For a user
name in the format of userid@isp-name or userid.isp-name, the isp-name following the "@" or “.”
character is the ISP domain name. The access device uses userid as the user name for authentication,
and isp-name as the domain name.
In a multi-ISP environment, the users connected to the same access device may belong to different
domains. Since the users of different ISPs may have different attributes (such as different forms of user
name and password, different service types/access rights), it is necessary to distinguish the users by
setting ISP domains.
You can configure a set of ISP domain attributes (including AAA policy, RADIUS scheme, and so on) for
each ISP domain independently in ISP domain view.
Introduction to AAA Services
Introduction to RADIUS
AAA is a management framework. It can be implemented by not only one protocol. But in practice, the
most commonly used service for AAA is RADIUS.
What is RADIUS
RADIUS (remote authentication dial-in user service) is a distributed service based on client/server
structure. It can prevent unauthorized access to your network and is commonly used in network
environments where both high security and remote user access service are required.
The RADIUS service involves three components:
z Protocol: Based on the UDP/IP layer, RFC 2865 and 2866 define the message format and
message transfer mechanism of RADIUS, and define 1812 as the authentication port and 1813 as
the accounting port.
z Server: RADIUS Server runs on a computer or workstation at the center. It stores and maintains
user authentication information and network service access information.
z Client: RADIUS Client runs on network access servers throughout the network.
RADIUS operates in the client/server model.
z A device acting as a RADIUS client passes user information to a specified RADIUS server, and
takes appropriate action (such as establishing/terminating user connection) depending on the
responses returned from the server.