Switch User Manual
Table Of Contents
- 00-1Cover.pdf
- 01-CLI Operation.pdf
- 02-Login Operation.pdf
- 1 Logging In to the Switching Engine
- 2 Logging In Through OAP
- 3 Logging In Through Telnet
- 4 Logging In from the Web-Based Network Management System
- 5 Logging In from NMS
- 6 Configuring Source IP Address for Telnet Service Packets
- 7 User Control
- 03-Configuration File Management Operation.pdf
- 04-VLAN Operation.pdf
- 1 VLAN Overview
- 2 VLAN Configuration
- 05-Auto Detect Operation.pdf
- 06-Voice VLAN Operation.pdf
- 07-GVRP Operation.pdf
- 08-Basic Port Configuration Operation.pdf
- 1 Basic Port Configuration
- Ethernet Port Overview
- Configuring Ethernet Ports
- Making Basic Port Configuration
- Configuring Port Auto-Negotiation Speed
- Setting the Ethernet Port Broadcast Suppression Ratio
- Enabling Flow Control on a Port
- Configuring Access Port Attribute
- Configuring Hybrid Port Attribute
- Configuring Trunk Port Attribute
- Disabling Up/Down Log Output on a Port
- Copying Port Configuration to Other Ports
- Configuring a Port Group
- Setting Loopback Detection for an Ethernet Port
- Configuring the Ethernet Port to Run Loopback Test
- Enabling the System to Test Connected Cable
- Configuring the Interval to Perform Statistical Analysis on Port Traffic
- Displaying and Maintaining Ethernet Ports
- Ethernet Port Configuration Example
- Troubleshooting Ethernet Port Configuration
- 1 Basic Port Configuration
- 09-Link Aggregation Operation.pdf
- 1 Link Aggregation Configuration
- 10-Port Isolation Operation.pdf
- 11-Port Security-Port Binding Operation.pdf
- 1 Port Security Configuration
- Port Security Overview
- Port Security Configuration
- Displaying and Maintaining Port Security Configuration
- Port Security Configuration Example
- 2 Port Binding Configuration
- 1 Port Security Configuration
- 12-DLDP Operation.pdf
- 13-MAC Address Table Management Operation.pdf
- 14-MSTP Operation.pdf
- 1 MSTP Configuration
- STP Overview
- MSTP Overview
- Configuring Root Bridge
- Configuration Prerequisites
- Configuring an MST Region
- Specifying the Current Device as a Root Bridge/Secondary Root Bridge
- Configuring the Bridge Priority of the Current Device
- Configuring the Mode a Port Recognizes and Sends MSTP Packets
- Configuring the MSTP Operation Mode
- Configuring the Maximum Hop Count of an MST Region
- Configuring the Network Diameter of the Switched Network
- Configuring the MSTP Time-related Parameters
- Configuring the Timeout Time Factor
- Configuring the Maximum Transmitting Speed on the Current Port
- Configuring the Current Port as an Edge Port
- Specifying Whether the Link Connected to a Port Is Point-to-point Link
- Enabling MSTP
- Configuring Leaf Nodes
- Configuration Prerequisites
- Configuring the MST Region
- Configuring the Mode a Port Recognizes and Sends MSTP Packets
- Configuring the Timeout Time Factor
- Configuring the Maximum Transmitting Speed on the Current Port
- Configuring a Port as an Edge Port
- Configuring the Path Cost for a Port
- Configuring Port Priority
- Specifying Whether the Link Connected to a Port Is a Point-to-point Link
- Enabling MSTP
- Performing mCheck Operation
- Configuring Guard Functions
- Configuring Digest Snooping
- Configuring Rapid Transition
- Configuring VLAN-VPN Tunnel
- STP Maintenance Configuration
- Enabling Trap Messages Conforming to 802.1d Standard
- Displaying and Maintaining MSTP
- MSTP Configuration Example
- VLAN-VPN tunnel Configuration Example
- 1 MSTP Configuration
- 15-802.1x and System Guard Operation.pdf
- 1 802.1x Configuration
- Introduction to 802.1x
- Introduction to 802.1x Configuration
- Basic 802.1x Configuration
- Advanced 802.1x Configuration
- Displaying and Maintaining 802.1x
- Configuration Example
- 2 Quick EAD Deployment Configuration
- 3 System-Guard Configuration
- 1 802.1x Configuration
- 16-AAA Operation.pdf
- 1 AAA Overview
- 2 AAA Configuration
- AAA Configuration Task List
- RADIUS Configuration Task List
- Creating a RADIUS Scheme
- Configuring RADIUS Authentication/Authorization Servers
- Configuring RADIUS Accounting Servers
- Configuring Shared Keys for RADIUS Messages
- Configuring the Maximum Number of RADIUS Request Transmission Attempts
- Configuring the Type of RADIUS Servers to be Supported
- Configuring the Status of RADIUS Servers
- Configuring the Attributes of Data to be Sent to RADIUS Servers
- Configuring the Local RADIUS Authentication Server Function
- Configuring Timers for RADIUS Servers
- Enabling Sending Trap Message when a RADIUS Server Goes Down
- Enabling the User Re-Authentication at Restart Function
- HWTACACS Configuration Task List
- Displaying and Maintaining AAA
- AAA Configuration Examples
- Troubleshooting AAA
- 3 EAD Configuration
- 17-MAC Address Authentication Operation.pdf
- 18-IP Address and Performance Operation.pdf
- 19-DHCP Operation.pdf
- 1 DHCP Overview
- 2 DHCP Relay Agent Configuration
- Introduction to DHCP Relay Agent
- Configuring the DHCP Relay Agent
- Displaying and Maintaining DHCP Relay Agent Configuration
- DHCP Relay Agent Configuration Example
- Troubleshooting DHCP Relay Agent Configuration
- 3 DHCP Snooping Configuration
- DHCP Snooping Overview
- DHCP Snooping Configuration
- Configuring DHCP Snooping
- Configuring DHCP Snooping to Support Option 82
- DHCP-Snooping Option 82 Support Configuration Task List
- Enable DHCP-snooping Option 82 support
- Configure a handling policy for DHCP packets with Option 82
- Configure the storage format of Option 82
- Configure the circuit ID sub-option
- Configure the remote ID sub-option
- Configure the padding format for Option 82
- Configuring IP Filtering
- DHCP Snooping Configuration Example
- Displaying and Maintaining DHCP Snooping Configuration
- 4 DHCP/BOOTP Client Configuration
- 20-ACL Operation.pdf
- 1 ACL Configuration
- ACL Overview
- ACL Configuration
- ACL Assignment
- Displaying and Maintaining ACL
- Examples for Upper-layer Software Referencing ACLs
- Examples for Applying ACLs to Hardware
- 1 ACL Configuration
- 21-QoS-QoS Profile Operation.pdf
- 1 QoS Configuration
- Overview
- QoS Supported by Devices
- QoS Configuration
- QoS Configuration Task List
- Configuring Priority Trust Mode
- Configuring Priority Mapping
- Setting the Priority of Protocol Packets
- Marking Packet Priority
- Configuring Traffic Policing
- Configuring Traffic Shaping
- Configuring Traffic Redirecting
- Configuring VLAN Mapping
- Configuring Queue Scheduling
- Collecting/Clearing Traffic Statistics
- Enabling the Burst Function
- Configuring Traffic Mirroring
- Displaying and Maintaining QoS
- QoS Configuration Example
- 2 QoS Profile Configuration
- 1 QoS Configuration
- 22-Mirroring Operation.pdf
- 23-ARP Operation.pdf
- 24-SNMP-RMON Operation.pdf
- 25-Multicast Operation.pdf
- 1 Multicast Overview
- 2 IGMP Snooping Configuration
- IGMP Snooping Overview
- IGMP Snooping Configuration
- IGMP Snooping Configuration Task List
- Enabling IGMP Snooping
- Configuring the Version of IGMP Snooping
- Configuring Timers
- Configuring Fast Leave Processing
- Configuring a Multicast Group Filter
- Configuring the Maximum Number of Multicast Groups on a Port
- Configuring IGMP Querier
- Suppressing Flooding of Unknown Multicast Traffic in a VLAN
- Configuring Static Member Port for a Multicast Group
- Configuring a Static Router Port
- Configuring a Port as a Simulated Group Member
- Configuring a VLAN Tag for Query Messages
- Configuring Multicast VLAN
- Displaying and Maintaining IGMP Snooping
- IGMP Snooping Configuration Examples
- Troubleshooting IGMP Snooping
- 3 Common Multicast Configuration
- 26-NTP Operation.pdf
- 1 NTP Configuration
- Introduction to NTP
- NTP Configuration Task List
- Configuring NTP Implementation Modes
- Configuring Access Control Right
- Configuring NTP Authentication
- Configuring Optional NTP Parameters
- Displaying and Maintaining NTP Configuration
- NTP Configuration Examples
- 1 NTP Configuration
- 27-SSH Operation.pdf
- 1 SSH Configuration
- SSH Overview
- Configuring the SSH Server
- SSH Server Configuration Tasks
- Configuring the Protocol Support for the User Interface
- Generating/Destroying a RSA or DSA Key Pair
- Exporting the RSA or DSA Public Key
- Creating an SSH User and Specify an Authentication Type
- Specifying a Service Type for an SSH User
- Configuring SSH Management
- Configuring the Client Public Key on the Server
- Assigning a Public Key to an SSH User
- Specifying a Source IP Address/Interface for the SSH Server
- Configuring the SSH Client
- Displaying and Maintaining SSH Configuration
- SSH Configuration Examples
- When the Device Acts as the SSH Server and the Authentication Type is Password
- When the Device Acts as an SSH Server and the Authentication Type is Publickey
- When the Switch Acts as an SSH Client and the Authentication Type is Password
- When the Device Acts as an SSH Client and the Authentication Type is Publickey
- When the Device Acts as an SSH Client and First-time authentication is not Supported
- 1 SSH Configuration
- 28-File System Management Operation.pdf
- 29-FTP-SFTP-TFTP Operation.pdf
- 1 FTP and SFTP Configuration
- Introduction to FTP and SFTP
- FTP Configuration
- SFTP Configuration
- 2 TFTP Configuration
- 1 FTP and SFTP Configuration
- 30-Information Center Operation.pdf
- 1 Information Center
- Information Center Overview
- Information Center Configuration
- Introduction to the Information Center Configuration Tasks
- Configuring Synchronous Information Output
- Configuring to Display the Time Stamp with the UTC Time Zone
- Setting to Output System Information to the Console
- Setting to Output System Information to a Monitor Terminal
- Setting to Output System Information to a Log Host
- Setting to Output System Information to the Trap Buffer
- Setting to Output System Information to the Log Buffer
- Setting to Output System Information to the SNMP NMS
- Displaying and Maintaining Information Center
- Information Center Configuration Examples
- 1 Information Center
- 31-System Maintenance and Debugging Operation.pdf
- 1 Host Configuration File Loading
- 2 Basic System Configuration and Debugging
- 3 Network Connectivity Test
- 4 Device Management
- Introduction to Device Management
- Device Management Configuration
- Displaying and Maintaining the Device Management Configuration
- 32-VLAN-VPN Operation.pdf
- 33-HWPing Operation.pdf
- 34-DNS Operation.pdf
- 35-Smart Link-Monitor Link Operation.pdf
- 36-PoE-PoE Profile Operation.pdf
- 1 PoE Configuration
- PoE Overview
- PoE Configuration
- PoE Configuration Task List
- Enabling the PoE Feature on a Port
- Setting the Maximum Output Power on a Port
- Setting PoE Management Mode and PoE Priority of a Port
- Setting the PoE Mode on a Port
- Configuring the PD Compatibility Detection Function
- Upgrading the PSE Processing Software Online
- Displaying and Maintaining PoE Configuration
- PoE Configuration Example
- 2 PoE Profile Configuration
- 1 PoE Configuration
- 37-Routing Protocol Operation.pdf
- 1 IP Routing Protocol Overview
- 2 Static Route Configuration
- 3 RIP Configuration
- 4 IP Route Policy Configuration
- 38-UDP Helper Operation.pdf
- 39-Appendix.pdf
1-3
Version negotiation
z The server opens port 22 to listen to connection requests from clients.
z The client sends a TCP connection request to the server. After the TCP connection is established,
the server sends the first packet to the client, which includes a version identification string in the
format of “SSH-<primary protocol version number>.<secondary protocol version
number>-<software version number>”. The primary and secondary protocol version numbers
constitute the protocol version number, while the software version number is used for debugging.
z The client receives and resolves the packet. If the protocol version of the server is lower but
supportable, the client uses the protocol version of the server; otherwise, the client uses its own
protocol version.
z The client sends to the server a packet that contains the number of the protocol version it decides
to use. The server compares the version carried in the packet with that of its own to determine
whether it can cooperate with the client.
z If the negotiation is successful, the server and the client go on to the key and algorithm negotiation.
If not, the server breaks the TCP connection.
All the packets above are transferred in plain text.
Key negotiation
z The server and the client send algorithm negotiation packets to each other, which contain public
key algorithm lists supported by the server and the client, encrypted algorithm list, message
authentication code (MAC) algorithm list, and compressed algorithm list.
z The server and the client calculate the final algorithm according to the algorithm lists supported.
z The server and the client generate the session key and session ID based on the Diffie-Hellman (DH)
exchange algorithm and the host key pair.
z Then, the server and the client get the same session key and use it for data encryption and
decryption to secure data communication.
Authentication negotiation
The negotiation steps are as follows:
z The client sends an authentication request to the server. The authentication request contains
username, authentication type, and authentication-related information. For example, if the
authentication type is password, the content is the password.
z The server starts to authenticate the user. If authentication fails, the server sends an authentication
failure message to the client, which contains the list of methods used for a new authentication
process.
z The client selects an authentication type from the method list to perform authentication again.
z The above process repeats until the authentication succeeds, or the connection is torn down when
the authentication times reach the upper limit.
SSH provides two authentication methods: password authentication and publickey authentication.