User`s guide
Table Of Contents
- User’s Guide
- Introduction and Hardware
- Basic Configuration
- Advanced
- VLAN
- Static MAC Forward Setup
- Filtering
- Spanning Tree Protocol
- 11.1 STP/RSTP Overview
- 11.1.1 STP Terminology
- 11.1.2 How STP Works
- 11.1.3 STP Port States
- 11.1.4 Multiple RSTP
- 11.2 Spanning Tree Protocol Main Screen
- 11.3 Configure Rapid Spanning Tree Protocol
- 11.4 Rapid Spanning Tree Protocol Status
- 11.5 Configure Multiple Rapid Spanning Tree Protocol
- 11.6 Multiple Rapid Spanning Tree Protocol Status
- Bandwidth Control
- Broadcast Storm Control
- Mirroring
- Link Aggregation
- Port Authentication
- Port Security
- Classifier
- Policy Rule
- Queuing Method
- VLAN Stacking
- Multicast
- 22.1 Multicast Overview
- 22.1.1 IP Multicast Addresses
- 22.1.2 IGMP Filtering
- 22.1.3 IGMP Snooping
- 22.2 Multicast Status
- 22.3 Multicast Setting
- 22.4 IGMP Filtering Profile
- 22.5 MVR Overview
- 22.5.1 Types of MVR Ports
- 22.5.2 MVR Modes
- 22.5.3 How MVR Works
- 22.6 General MVR Configuration
- 22.7 MVR Group Configuration
- 22.7.1 MVR Configuration Example
- IP Application
- Management
- Maintenance
- 28.1 The Maintenance Screen
- 28.2 Firmware Upgrade
- 28.3 Restore a Configuration File
- 28.4 Backup a Configuration File
- 28.5 Load Factory Default
- 28.6 Save Configuration
- 28.7 Reboot System
- 28.8 FTP Command Line
- 28.8.1 Filename Conventions
- 28.8.2 FTP Command Line Procedure
- 28.8.3 GUI-based FTP Clients
- 28.8.4 FTP Restrictions
- Access Control
- 29.1 Access Control Overview
- 29.2 The Access Control Main Screen
- 29.3 About SNMP
- 29.3.1 Supported MIBs
- 29.3.2 SNMP Traps
- 29.3.3 Configuring SNMP
- 29.4 SSH Overview
- 29.5 How SSH works
- 29.6 SSH Implementation on the Switch
- 29.6.1 Requirements for Using SSH
- 29.7 Introduction to HTTPS
- 29.8 HTTPS Example
- 29.8.1 Internet Explorer Warning Messages
- 29.8.2 Netscape Navigator Warning Messages
- 29.8.3 The Main Screen
- 29.9 Service Port Access Control
- 29.10 Remote Management
- Diagnostic
- Syslog
- Cluster Management
- MAC Table
- IP Table
- ARP Table
- Routing Table
- Configure Clone
- Maintenance
- CLI and Troubleshooting
- Introducing Commands
- 38.1 Overview
- 38.2 Accessing the CLI
- 38.2.1 The Console Port
- 38.3 The Login Screen
- 38.4 Command Syntax Conventions
- 38.5 Changing the Password
- 38.6 Privilege Levels
- 38.7 Command Modes
- 38.8 Getting Help
- 38.8.1 List of Available Commands
- 38.9 Using Command History
- 38.10 Saving Your Configuration
- 38.10.1 Configuration File
- 38.10.2 Logging Out
- 38.11 Command Summary
- 38.11.1 User Mode
- 38.11.2 Enable Mode
- 38.11.3 General Configuration Mode
- 38.11.4 interface port-channel Commands
- 38.11.5 interface route-domain Commands
- 38.11.6 config-vlan Commands
- 38.12 mvr Commands
- User and Enable Mode Commands
- 39.1 Overview
- 39.2 show Commands
- 39.2.1 show system-information
- 39.2.2 show ip
- 39.2.3 show logging
- 39.2.4 show interface
- 39.2.5 show mac address-table
- 39.3 ping
- 39.4 traceroute
- 39.5 Copy Port Attributes
- 39.6 Configuration File Maintenance
- 39.6.1 Using a Different Configuration File
- 39.6.2 Resetting to the Factory Default
- Configuration Mode Commands
- 40.1 Change the Out of Band Management IP Address
- 40.2 Enabling IGMP Snooping
- 40.3 Configure IGMP Filter
- 40.4 Enabling STP
- 40.5 no Command Examples
- 40.5.1 Disable Commands
- 40.5.2 Resetting Commands
- 40.5.3 Re-enable commands
- 40.5.4 Other Examples of no Commands
- 40.6 Static Route Commands
- 40.7 Enabling MAC Filtering
- 40.8 Enabling Trunking
- 40.9 Enabling Port Authentication
- 40.9.1 RADIUS Server Settings
- 40.9.2 Port Authentication Settings
- Interface Commands
- 41.1 Overview
- 41.2 Interface Command Examples
- 41.2.1 interface port-channel
- 41.2.2 bpdu-control
- 41.2.3 broadcast-limit
- 41.2.4 bandwidth-limit
- 41.2.5 mirror
- 41.2.6 gvrp
- 41.2.7 ingress-check
- 41.2.8 frame-type
- 41.2.9 weight
- 41.2.10 egress set
- 41.2.11 qos priority
- 41.2.12 name
- 41.2.13 speed-duplex
- 41.2.14 test
- 41.3 Interface no Command Examples
- 41.3.1 no bandwidth-limit
- IEEE 802.1Q Tagged VLAN Commands
- 42.1 Configuring Tagged VLAN
- 42.2 Global VLAN1Q Tagged VLAN Configuration Commands
- 42.2.1 GARP Status
- 42.2.2 GARP Timer
- 42.2.3 GVRP Timer
- 42.2.4 Enable GVRP
- 42.2.5 Disable GVRP
- 42.3 Port VLAN Commands
- 42.3.1 Set Port VID
- 42.3.2 Set Acceptable Frame Type
- 42.3.3 Enable or Disable Port GVRP
- 42.3.4 Modify Static VLAN
- 42.3.5 Delete VLAN ID
- 42.4 Enable VLAN
- 42.5 Disable VLAN
- 42.6 Show VLAN Setting
- Multicast VLAN Registration Commands
- Routing Domain Command Examples
- Troubleshooting
- Introducing Commands
- Appendices and Index
Chapter 29 Access Control
GS-2724 User’s Guide
199
The client automatically saves any new server public keys. In subsequent connections,
the server public key is checked against the saved version on the client computer.
2 Encryption Method
Once the identification is verified, both the client and server must agree on the type of
encryption method to use.
3 Authentication and Data Transmission
After the identification is verified and data encryption activated, a secure tunnel is
established between the client and the server. The client then sends its authentication
information (user name and password) to the server to log in to the server.
29.6 SSH Implementation on the Switch
Your Switch supports SSH version 2 using RSA authentication and three encryption methods
(DES, 3DES and Blowfish). The SSH server is implemented on the Switch for remote
management and file transfer on port 22. Only one SSH connection is allowed at a time.
29.6.1 Requirements for Using SSH
You must install an SSH client program on a client computer (Windows or Linux operating
system) that is used to connect to the Switch over SSH.
29.7 Introduction to HTTPS
HTTPS (HyperText Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a web
protocol that encrypts and decrypts web pages. Secure Socket Layer (SSL) is an application-
level protocol that enables secure transactions of data by ensuring confidentiality (an
unauthorized party cannot read the transferred data), authentication (one party can identify the
other party) and data integrity (you know if data has been changed).
It relies upon certificates, public keys, and private keys.
HTTPS on the Switch is used so that you may securely access the Switch using the web
configurator. The SSL protocol specifies that the SSL server (the Switch) must always
authenticate itself to the SSL client (the computer which requests the HTTPS connection with
the Switch), whereas the SSL client only should authenticate itself when the SSL server
requires it to do so. Authenticating client certificates is optional and if selected means the SSL-
client must send the Switch a certificate. You must apply for a certificate for the browser from
a CA that is a trusted CA on the Switch.
Please refer to the following figure.
1 HTTPS connection requests from an SSL-aware web browser go to port 443 (by default)
on the Switch’s WS (web server).
2 HTTP connection requests from a web browser go to port 80 (by default) on the Switch’s
WS (web server).