Web Management Guide-R06
Table Of Contents
- How to Use This Guide
- Contents
- Figures
- Tables
- Getting Started
- Web Configuration
- Using the Web Interface
- Basic Management Tasks
- Displaying System Information
- Displaying Hardware/Software Versions
- Configuring Support for Jumbo Frames
- Displaying Bridge Extension Capabilities
- Managing System Files
- Setting the System Clock
- Configuring the Console Port
- Configuring Telnet Settings
- Displaying CPU Utilization
- Displaying Memory Utilization
- Stacking
- Resetting the System
- Interface Configuration
- VLAN Configuration
- Address Table Settings
- Spanning Tree Algorithm
- Congestion Control
- Class of Service
- Quality of Service
- VoIP Traffic Configuration
- Security Measures
- AAA (Authentication, Authorization and Accounting)
- Configuring User Accounts
- Web Authentication
- Network Access (MAC Address Authentication)
- Configuring HTTPS
- Configuring the Secure Shell
- Access Control Lists
- Setting a Time Range
- Showing TCAM Utilization
- Setting the ACL Name and Type
- Configuring a Standard IPv4 ACL
- Configuring an Extended IPv4 ACL
- Configuring a Standard IPv6 ACL
- Configuring an Extended IPv6 ACL
- Configuring a MAC ACL
- Configuring an ARP ACL
- Binding a Port to an Access Control List
- Configuring ACL Mirroring
- Showing ACL Hardware Counters
- ARP Inspection
- Filtering IP Addresses for Management Access
- Configuring Port Security
- Configuring 802.1X Port Authentication
- DoS Protection
- IPv4 Source Guard
- IPv6 Source Guard
- DHCP Snooping
- Basic Administration Protocols
- Configuring Event Logging
- Link Layer Discovery Protocol
- Power over Ethernet
- Simple Network Management Protocol
- Configuring Global Settings for SNMP
- Setting the Local Engine ID
- Specifying a Remote Engine ID
- Setting SNMPv3 Views
- Configuring SNMPv3 Groups
- Setting Community Access Strings
- Configuring Local SNMPv3 Users
- Configuring Remote SNMPv3 Users
- Specifying Trap Managers
- Creating SNMP Notification Logs
- Showing SNMP Statistics
- Remote Monitoring
- Switch Clustering
- Ethernet Ring Protection Switching
- Connectivity Fault Management
- Configuring Global Settings for CFM
- Configuring Interfaces for CFM
- Configuring CFM Maintenance Domains
- Configuring CFM Maintenance Associations
- Configuring Maintenance End Points
- Configuring Remote Maintenance End Points
- Transmitting Link Trace Messages
- Transmitting Loop Back Messages
- Transmitting Delay-Measure Requests
- Displaying Local MEPs
- Displaying Details for Local MEPs
- Displaying Local MIPs
- Displaying Remote MEPs
- Displaying Details for Remote MEPs
- Displaying the Link Trace Cache
- Displaying Fault Notification Settings
- Displaying Continuity Check Errors
- OAM Configuration
- UDLD Configuration
- Multicast Filtering
- Overview
- Layer 2 IGMP (Snooping and Query for IPv4)
- Configuring IGMP Snooping and Query Parameters
- Specifying Static Interfaces for a Multicast Router
- Assigning Interfaces to Multicast Services
- Setting IGMP Snooping Status per Interface
- Filtering IGMP Query Packets and Multicast Data
- Displaying Multicast Groups Discovered by IGMP Snooping
- Displaying IGMP Snooping Statistics
- Filtering and Throttling IGMP Groups
- MLD Snooping (Snooping and Query for IPv6)
- Layer 3 IGMP (Query used with Multicast Routing)
- Multicast VLAN Registration for IPv4
- Multicast VLAN Registration for IPv6
- IP Configuration
- IP Services
- General IP Routing
- Configuring Router Redundancy
- Unicast Routing
- Overview
- Configuring the Routing Information Protocol
- Configuring General Protocol Settings
- Clearing Entries from the Routing Table
- Specifying Network Interfaces
- Specifying Passive Interfaces
- Specifying Static Neighbors
- Configuring Route Redistribution
- Specifying an Administrative Distance
- Configuring Network Interfaces for RIP
- Displaying RIP Interface Settings
- Displaying Peer Router Information
- Resetting RIP Statistics
- Configuring the Open Shortest Path First Protocol (Version 2)
- Defining Network Areas Based on Addresses
- Configuring General Protocol Settings
- Displaying Administrative Settings and Statistics
- Adding an NSSA or Stub
- Configuring NSSA Settings
- Configuring Stub Settings
- Displaying Information on NSSA and Stub Areas
- Configuring Area Ranges (Route Summarization for ABRs)
- Redistributing External Routes
- Configuring Summary Addresses (for External AS Routes)
- Configuring OSPF Interfaces
- Configuring Virtual Links
- Displaying Link State Database Information
- Displaying Information on Neighboring Routers
- Multicast Routing
- Appendices
- Glossary
- Index
Chapter 1
| Introduction
Description of Software Features
– 45 –
Description of Software Features
The switch provides a wide range of advanced performance enhancing features.
Flow control eliminates the loss of packets due to bottlenecks caused by port
saturation. Storm suppression prevents broadcast, multicast, and unknown unicast
traffic storms from engulfing the network. Untagged (port-based), tagged, and
protocol-based VLANs, plus support for automatic GVRP VLAN registration provide
traffic security and efficient use of network bandwidth. CoS priority queueing
ensures the minimum delay for moving real-time multimedia data across the
network. While multicast filtering and routing provides support for real-time
network applications.
Some of the management features are briefly described below.
Configuration Backup
and Restore
You can save the current configuration settings to a file on the management station
(using the web interface) or an FTP/TFTP server (using the web or console
interface), and later download this file to restore the switch configuration settings.
Authentication This switch authenticates management access via the console port, Telnet, or a web
browser. User names and passwords can be configured locally or can be verified via
a remote authentication server (i.e., RADIUS or TACACS+). Port-based
authentication is also supported via the IEEE 802.1X protocol. This protocol uses
Extensible Authentication Protocol over LANs (EAPOL) to request user credentials
from the 802.1X client, and then uses the EAP between the switch and the
authentication server to verify the client’s right to access the network via an
authentication server (i.e., RADIUS or TACACS+ server).
Other authentication options include HTTPS for secure management access via the
web, SSH for secure management access over a Telnet-equivalent connection,
SNMP Version 3, IP address filtering for SNMP/Telnet/web management access.
MAC address filtering and IP source guard also provide authenticated port access.
While DHCP snooping is provided to prevent malicious attacks from insecure ports.
While PPPoE Intermediate Agent supports authentication of a client for a service
provider.
Access Control Lists ACLs provide packet filtering for IP frames (based on address, protocol, TCP/UDP
port number or TCP control code) or any frames (based on MAC address or Ethernet
type). ACLs can be used to improve performance by blocking unnecessary network
traffic or to implement security controls by restricting access to specific network
resources or protocols.
DHCP A DHCP server is provided to assign IP addresses to host devices. Since DHCP uses a
broadcast mechanism, a DHCP server and its client must physically reside on the
same subnet. Since it is not practical to have a DHCP server on every subnet, DHCP
Relay is also supported to allow dynamic configuration of local clients from a DHCP