Web Management Guide-R04
Table Of Contents
- How to Use This Guide
- Contents
- Figures
- Tables
- Getting Started
- Web Configuration
- Using the Web Interface
- Basic Management Tasks
- Displaying System Information
- Displaying Hardware/Software Versions
- Configuring Support for Jumbo Frames
- Displaying Bridge Extension Capabilities
- Managing System Files
- Setting the System Clock
- Configuring the Console Port
- Configuring Telnet Settings
- Displaying CPU Utilization
- Configuring CPU Guard
- Displaying Memory Utilization
- Resetting the System
- Interface Configuration
- VLAN Configuration
- Address Table Settings
- Spanning Tree Algorithm
- Congestion Control
- Class of Service
- Layer 2 Queue Settings
- Layer 3/4 Priority Settings
- Setting Priority Processing to IP Precedence/DSCP or CoS
- Mapping Ingress DSCP Values to Internal DSCP Values
- Mapping CoS Priorities to Internal DSCP Values
- Mapping Internal DSCP Values to Egress CoS Values
- Mapping IP Precedence Values to Internal DSCP Values
- Mapping IP Port Priority to Internal DSCP Values
- Quality of Service
- VoIP Traffic Configuration
- Security Measures
- AAA Authentication, Authorization and Accounting
- Configuring User Accounts
- Web Authentication
- Network Access (MAC Address Authentication)
- Configuring HTTPS
- Configuring the Secure Shell
- Access Control Lists
- Filtering IP Addresses for Management Access
- Configuring Port Security
- Configuring 802.1X Port Authentication
- DoS Protection
- DHCPv4 Snooping
- DHCPv6 Snooping
- IPv4 Source Guard
- IPv6 Source Guard
- ARP Inspection
- Application Filter
- Basic Administration Protocols
- Configuring Event Logging
- Link Layer Discovery Protocol
- Simple Network Management Protocol
- Configuring Global Settings for SNMP
- Setting Community Access Strings
- Setting the Local Engine ID
- Specifying a Remote Engine ID
- Setting SNMPv3 Views
- Configuring SNMPv3 Groups
- Configuring Local SNMPv3 Users
- Configuring Remote SNMPv3 Users
- Specifying Trap Managers
- Creating SNMP Notification Logs
- Showing SNMP Statistics
- Remote Monitoring
- Switch Clustering
- Setting a Time Range
- Ethernet Ring Protection Switching
- OAM Configuration
- Connectivity Fault Management
- Configuring Global Settings for CFM
- Configuring Interfaces for CFM
- Configuring CFM Maintenance Domains
- Configuring CFM Maintenance Associations
- Configuring Maintenance End Points
- Configuring Remote Maintenance End Points
- Transmitting Link Trace Messages
- Transmitting Loop Back Messages
- Transmitting Delay-Measure Requests
- Displaying Local MEPs
- Displaying Details for Local MEPs
- Displaying Local MIPs
- Displaying Remote MEPs
- Displaying Details for Remote MEPs
- Displaying the Link Trace Cache
- Displaying Fault Notification Settings
- Displaying Continuity Check Errors
- OAM Configuration
- UDLD Configuration
- LBD Configuration
- Smart Pair Configuration
- Multicast Filtering
- Overview
- Layer 2 IGMP (Snooping and Query for IPv4)
- Configuring IGMP Snooping and Query Parameters
- Specifying Static Interfaces for a Multicast Router
- Assigning Interfaces to Multicast Services
- Setting IGMP Snooping Status per Interface
- Filtering IGMP Query Packets and Multicast Data
- Displaying Multicast Groups Discovered by IGMP Snooping
- Displaying IGMP Snooping Statistics
- Filtering and Throttling IGMP Groups
- MLD Snooping (Snooping and Query for IPv6)
- Multicast VLAN Registration for IPv4
- Multicast VLAN Registration for IPv6
- Basic IP Functions
- IP Configuration
- General IP Routing
- IP Services
- Appendices
- Glossary
Chapter 12
| Security Measures
Network Access (MAC Address Authentication)
– 316 –
(attribute 11) can be configured on the RADIUS server to pass the following
QoS information:
◆ Multiple profiles can be specified in the Filter-ID attribute by using a semicolon
to separate each profile.
For example, the attribute “service-policy-in=pp1;rate-limit-input=100”
specifies that the diffserv profile name is “pp1,” and the ingress rate limit profile
value is 100 kbps.
◆ If duplicate profiles are passed in the Filter-ID attribute, then only the first
profile is used.
For example, if the attribute is “service-policy-in=p1;service-policy-in=p2”, then
the switch applies only the DiffServ profile “p1.”
◆ Any unsupported profiles in the Filter-ID attribute are ignored.
For example, if the attribute is “map-ip-dscp=2:3;service-policy-in=p1,” then
the switch ignores the “map-ip-dscp” profile.
◆ When authentication is successful, the dynamic QoS information may not be
passed from the RADIUS server due to one of the following conditions
(authentication result remains unchanged):
■
The Filter-ID attribute cannot be found to carry the user profile.
■
The Filter-ID attribute is empty.
■
The Filter-ID attribute format for dynamic QoS assignment is
unrecognizable (can not recognize the whole Filter-ID attribute).
◆ Dynamic QoS assignment fails and the authentication result changes from
success to failure when the following conditions occur:
■
Illegal characters found in a profile value (for example, a non-digital
character in an 802.1p profile value).
■
Failure to configure the received profiles on the authenticated port.
Table 21: Dynamic QoS Profiles
Profile Attribute Syntax Example
DiffServ service-policy-in=policy-map-name service-policy-in=p1
Rate Limit rate-limit-input=rate rate-limit-input=100
(in units of Kbps)
802.1p switchport-priority-default=value switchport-priority-default=2
IP ACL ip-access-group-in=ip-acl-name ip-access-group-in=ipv4acl
IPv6 ACL ipv6-access-group-in=ipv6-acl-name ipv6-access-group-in=ipv6acl
MAC ACL mac-access-group-in=mac-acl-name mac-access-group-in=macAcl