Home » Dell Manuals » Hubs & Switches » Dell PowerConnect 5448 » Manual Viewer

Dell PowerConnect 5448 User's Guide - Page 22

Locked Port Support - enable ssh

View all Dell PowerConnect 5448 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 22 highlights

Port Based Authentication (802.1x) Port based authentication enables authenticating system users on a per-port basis via an external server. Only authenticated and approved system users can transmit and receive data. Ports are authenticated via the Remote Authentication Dial In User Service (RADIUS) server using the Extensible Authentication Protocol (EAP). Dynamic VLAN Assignment (DVA) allows network administrators to automatically assign users to VLANs during the RADIUS server authentication. For more information, see "Configuring Port Based Authentication" on page 243. Locked Port Support Locked Port increases network security by limiting access on a specific port only to users with specific MAC addresses. These addresses are either manually defined or learned on that port. When a frame is seen on a locked port, and the frame source MAC address is not tied to that port, the protection mechanism is invoked. For more information, see "Configuring Port Security" on page 252. RADIUS Client RADIUS is a client/server-based protocol. A RADIUS server maintains a user database, which contains per-user authentication information, such as user name, password and accounting information. For more information, see "Configuring RADIUS Global Parameters" on page 176. SSH Secure Shell (SSH) is a protocol that provides a secure, remote connection to a device. SSH version 1 is currently available. The SSH server feature enables an SSH client to establish a secure, encrypted connection with a device. This connection provides functionality that is similar to an inbound telnet connection. SSH uses RSA Public Key cryptography for device connections and authentication. TACACS+ TACACS+ provides centralized security for validation of users accessing the device. TACACS+ provides a centralized user management system, while still retaining consistency with RADIUS and other authentication processes. For more information, see "Defining TACACS+ Settings" on page 171. Access Control Lists (ACL) Access Control Lists (ACL) allow network managers to define classification actions and rules for specific ingress ports. Packets entering an ingress port, with an active ACL, are either admitted or denied entry and the ingress port is disabled. If they are denied entry, the user can disable the port. For more information, see "ACL Overview" on page 256. 22 Introduction

Section	Page
User Guide	1
Introduction	13
PowerConnect 54xx Series Systems	13
Features	14
General Features	14
MAC Address Supported Features	15
Layer 2 Features	16
VLAN Supported Features	17
Spanning Tree Protocol Features	18
Link Aggregation	18
Layer 3 Features	19
Quality of Service Features	19
Device Management Features	20
Security Features	21
Locked Port Support	22
Additional CLI Documentation	23
Hardware Description	25
Device Port Configurations	25
PowerConnect 54xx Series Systems Front Panel Port Description	25
PowerConnect Back Panel Port Description	26
Device Ports	26
Physical Dimensions	27
LED Definitions	27
Port LEDs	27
System LEDs	28
Hardware Components	29
Power Supplies	29
Reset Button	30
Ventilation System	30
Installing the PowerConnect Device	31
Installation Precautions	31
Site Requirements	32
Unpacking	32
Package Contents	32
Unpacking the Device	32
Mounting the Device	33
Overview	33
Mounting the System	33
Installing the Device without a Rack	34
Connecting the Device	34
Connecting a Device to a Terminal	34
Connecting a Device to a Power Supply	36
Port Connections, Cables, and Pinout Information	36
RJ-45 Connections for 10/100/1000BaseT Ports	36
Port Default Settings	37
Auto-Negotiation	37
MDI/MDIX	38
Flow Control	38
Back Pressure	38
Switching Port Default Settings	38
Starting and Configuring the Device	39
Configure the Terminal	40
Booting the Device	40
Initial Configuration	43
Advanced Configuration	47
Retrieving an IP Address From a DHCP Server	47
Receiving an IP Address From a BOOTP Server	49
Security Management and Password Configuration	49
Configuring Security Passwords	50
Configuring an Initial Terminal Password	50
Configuring an Initial Telnet Password	50
Configuring an Initial SSH Password	51
Configuring an Initial HTTP Password	51
Configuring an Initial HTTPS Password	51
Configuring Login Banners	52
Startup Procedures	52
Startup Menu Procedures	52
Software Download	54
Erase FLASH File	54
Erasing the Device Configuration	54
Password Recovery	54
Software Download Through TFTP Server	55
Using Dell OpenManage Switch Administrator	59
Understanding the Interface	59
Device Representation	60
Using the Switch Administrator Buttons	61
Information Buttons	61
Device Management Buttons	61
Starting the Application	62
Accessing the Device Through the CLI	62
Console Connection	62
Telnet Connection	62
Using the CLI	63
Command Mode Overview	63
User EXEC Mode	63
Privileged EXEC Mode	64
Global Configuration Mode	64
Interface Configuration Mode	65
CLI Examples	66
Configuring System Information	67
Defining General Device Information	67
Viewing Device Information	67
Defining System Time Settings	71
Viewing System Health Information	77
Viewing the Versions Page	79
Resetting the Device	80
Configuring SNTP Settings	81
Defining SNTP Global Parameters	82
Defining SNTP Authentication Methods	84
Defining SNTP Servers	86
Defining SNTP Interfaces	91
Managing Logs	93
Defining Global Log Parameters	93
Displaying RAM Log Table	97
Displaying the Log File Table	99
Viewing the Device Login History	101
Configuring the Remote Log Server Settings Page	102
Defining Device IP Addresses	107
Configuring the Internet Protocol Version 6 (IPv6)	107
Defining IPv4 Default Gateways	108
Defining IPv4 Interfaces	109
Defining DHCP IPv4 Interface Parameters	113
Defining IPv6 Interfaces	115
Defining IPv6 Default Gateway	120
Defining IPv6 ISATAP Tunnels	123
Defining IPv6 Neighbors	125
Viewing the IPv6 Routes Table	129
Configuring Domain Name Systems	132
Defining Default Domains	135
Mapping Domain Host	136
Configuring ARP	139
Running Cable Diagnostics	142
Viewing Copper Cable Diagnostics	142
Viewing Optical Transceiver Diagnostics	145
Managing Device Security	147
Defining Access Profiles	147
Adding an Access Profile	149
Defining Authentication Profiles	154
Assigning Authentication Profiles	157
Managing Passwords	161
Viewing Active Users	164
Defining the Local User Databases	165
Defining Line Passwords	168
Defining Enable Passwords	170
Defining TACACS+ Settings	171
Configuring RADIUS Global Parameters	176
Configuring LLDP and LLDP-MED	181
Defining LLDP Properties	182
Configuring LLDP Using CLI Commands	183
Defining LLDP Port Settings	183
Defining LLDP MED Network Policy	186
Defining LLDP MED Port Settings	188
Viewing the LLDP Neighbors Information	192
Defining SNMP Parameters	194
Defining SNMP Global Parameters	194
Defining SNMP View Settings	197
Adding a View	199
Defining SNMP Views Using CLI Commands	200
Defining SNMP Access Control	200
Defining SNMP Groups	202
Displaying the Access Table	202
Removing SNMP Groups	203
Defining SNMP Access Control Using CLI Commands	203
Assigning SNMP User Security	203
Adding Users to a Group	205
Displaying the User Security Model Table	206
Deleting an User Security Model Table Entry	206
Defining Communities	207
Defining Notification Filters	212
Defining SNMP Notification Recipients	214
Managing Files	220
File Management Overview	220
Downloading Files	221
Uploading Files	224
Copying Files	227
Managing Device Files	229
Defining Advanced Settings	230
Configuring General Device Tuning Parameters	231
Optimizing iSCSI	232
Configuring iSCSI Global Parameters	232
Defining iSCSI Global Parameters Using CLI Commands	234
Managing iSCSI Targets	236
Defining iSCSI Targets Using CLI Commands	237
Monitoring iSCSI Sessions	238
Defining iSCSI Sessions Using CLI Commands	239
Configuring Device Information	241
Configuring Network Security	241
Configuring Advanced Port Based Authentication	248
Authenticating Users	251
Configuring Port Security	252
ACL Overview	256
Defining MAC Based Access Control Lists	263
Defining ACL Binding	267
Configuring DHCP Snooping	269
Defining DHCP Snooping on VLANs	272
Defining Trusted Interfaces	273
Adding Interfaces to the DHCP Snooping Database	275
Configuring Ports	278
Defining Port Parameters	278
Configuring Load Balancing	284
Enabling Storm Control	289
Defining Port Mirroring Sessions	292
Configuring Address Tables	295
Viewing Dynamic Addresses	298
Configuring GARP	301
Configuring the Spanning Tree Protocol	303
Defining STP Port Settings	308
Defining STP LAG Settings	312
Configuring Rapid Spanning Tree	314
Configuring Multiple Spanning Tree	317
Defining MSTP Interface Settings	321
Configuring VLANs	323
Defining VLAN Ports Settings	331
Defining VLAN LAG Settings	334
Defining VLAN Protocol Groups	337
Adding Protocol Ports	339
Configuring GVRP	340
Configuring Voice VLANs	343
Defining Voice VLAN Port Settings	347
Defining OUIs	349
Aggregating Ports	351
Defining LAG Membership	354
Multicast Forwarding Support	355
Adding Bridge Multicast Address Members	358
Assigning Multicast Forward All Parameters	362
IGMP Snooping	366
Unregistered Multicast	371
Viewing Statistics	375
Viewing Tables	375
Viewing Utilization Summary	375
Viewing Counter Summary	376
Viewing Interface Statistics	377
Viewing Etherlike Statistics	380
Viewing GVRP Statistics	383
Viewing EAP Statistics	387
Viewing RMON Statistics	389
Viewing RMON Statistics Group	389
Viewing RMON History Control Statistics	392
Viewing the RMON History Table	394
Defining Device RMON Events	396
Viewing the RMON Events Log	399
Defining RMON Device Alarms	401
Viewing Charts	404
Viewing Port Statistics	404
Viewing LAG Statistics	406
Viewing the CPU Utilization	409
Viewing CPU Utilization Using CLI Commands	410
Configuring Quality of Service	411
Defining CoS Global Parameters	413
Defining QoS Interface Settings	414
Defining Bandwidth Settings	416
Defining Queue Settings	419
Mapping CoS Values to Queues	422
Mapping DSCP Values to Queues	423
Device Specifications	427
Port and Cable Specifications	427
Port Specifications	427
Operating Conditions	428
Physical Device Specifications	428
Device Memory Specifications	428
Feature Specifications	429
VLAN	429
Quality of Service	429
Layer 2 Multicast	429
Device Security	429
Additional Switching Features	430
Device Management	430

Match case Limit results 1 per page

Introduction

Port Based Authentication (802.1x)

Port based authentication enables authenticating system users on a per-port basis via an external server.

Only authenticated and approved system users can transmit and receive data. Ports are authenticated via

the Remote Authentication Dial In User Service (RADIUS) server using the Extensible Authentication

Protocol (EAP). Dynamic VLAN Assignment (DVA) allows network administrators to automatically

assign users to VLANs during the RADIUS server authentication.

For more information, see "Configuring Port Based Authentication" on page 243.

Locked Port Support

Locked Port increases network security by limiting access on a specific port only to users with specific

MAC addresses. These addresses are either manually defined or learned on that port. When a frame is

seen on a locked port, and the frame source MAC address is not tied to that port, the protection

mechanism is invoked.

For more information, see "Configuring Port Security" on page 252.

RADIUS Client

RADIUS is a client/server-based protocol. A RADIUS server maintains a user database, which contains

per-user authentication information, such as user name, password and accounting information.

For more information, see "Configuring RADIUS Global Parameters" on page 176.

SSH

Secure Shell (SSH) is a protocol that provides a secure, remote connection to a device. SSH version 1 is

currently available. The SSH server feature enables an SSH client to establish a secure, encrypted

connection with a device. This connection provides functionality that is similar to an inbound telnet

connection. SSH uses RSA Public Key cryptography for device connections and authentication.

TACACS+

TACACS+ provides centralized security for validation of users accessing the device. TACACS+ provides

a centralized user management system, while still retaining consistency with RADIUS and other

authentication processes.

For more information, see "Defining TACACS+ Settings" on page 171.

Access Control Lists (ACL)

Access Control Lists

(ACL) allow network managers to define classification actions and rules for specific

ingress ports. Packets entering an ingress port, with an active ACL, are either admitted or denied entry

and the ingress port is disabled. If they are denied entry, the user can disable the port.

For more information, see "ACL Overview" on page 256.