Home » ZyXEL Manuals » Networking » ZyXEL VES1724-56B2 » Manual Viewer

ZyXEL VES1724-56B2 User Guide - Page 243

Table 104, Label, Description

Add to My Manuals
Save this manual to your list of manuals

Page 243 highlights

Chapter 25 Authentication and Accounting Table 104 Advanced Application > Auth and Acct > Authentication Setup (continued) LABEL Login Accounting Update Period Type Active Broadcast Mode Method DESCRIPTION These fields specify which database the Switch should use (first, second and third) to authenticate administrator accounts (users for Switch management). Configure the local user accounts in the Access Control > Logins screen. The TACACS+ and RADIUS are external servers. Before you specify the priority, make sure you have set up the corresponding database correctly first. You can specify up to three methods for the Switch to authenticate administrator accounts. The Switch checks the methods in the order you configure them (first Method 1, then Method 2 and finally Method 3). You must configure the settings in the Method 1 field. If you want the Switch to check other sources for administrator accounts, specify them in Method 2 and Method 3 fields. Select local to have the Switch check the administrator accounts configured in the Access Control > Logins screen. Select radius to have the Switch check the administrator accounts configured via your RADIUS server. Select tacacs+ to have the Switch check the administrator accounts configured via your TACACS+ server. Use this section to configure accounting settings on the Switch. This is the amount of time in minutes before the Switch sends an update to the accounting server. This is only valid if you select the start-stop option for the Exec or Dot1x entries. The Switch supports the following types of events to be sent to the accounting server(s): System: Configure the Switch to send information when the following system events occur: system boots up, system shuts down, system accounting is enabled, system accounting is disabled Exec: Configure the Switch to send information when an administrator logs in and logs out via the console port, Telnet or SSH. Dot1x: Configure the Switch to send information when an IEEE 802.1x client begins a session (authenticates via the Switch), ends a session as well as interim updates of a session. Commands: Configure the Switch to send information when commands of specified privilege level and higher are executed on the Switch. Select this to activate accounting for a specified event types. Select this to have the Switch send accounting information to all configured accounting servers at the same time. If you don't select this and you have two accounting servers set up, then the Switch sends information to the first accounting server and if it doesn't get a response from the accounting server then it tries the second accounting server. The Switch supports two modes of recording login events. Select: start-stop: to have the Switch send information to the accounting server when a user begins a session, during a user's session (if it lasts past the Update Period), and when a user ends a session. stop-only: to have the Switch send information to the accounting server only when a user ends a session. Select whether you want to use RADIUS or TACACS+ for accounting of specific types of events. TACACS+ is the only method for recording Commands type of event. VES1724-56 User's Guide 243

Section	Page
VES1724-56	1
Contents Overview	3
Table of Contents	5
User’s Guide	17
Getting to Know Your Switch	19
1.1 Introduction	19
1.2 Applications	19
1.2.1 MTU Application	19
1.2.2 Curbside Application	20
1.3 Ways to Manage the Switch	21
1.4 Good Habits for Managing the Switch	21
Hardware Installation and Connection	23
2.1 Installation Scenarios	23
2.2 Desktop Installation Procedure	23
2.3 Mounting the Switch on a Rack	24
2.3.1 Rack-mounted Installation Requirements	24
2.3.2 Attaching the Mounting Brackets to the Switch	24
2.3.3 Mounting the Switch on a Rack	25
2.4 Connecting the Frame Ground	25
Hardware Overview	26
3.1 Front Panel	26
3.1.1 Power Connector	26
3.1.2 Gigabit Ethernet Ports	27
3.1.3 Mini-GBIC Slots	28
3.1.4 Management Port	29
3.1.5 Console Port	30
3.1.6 ALARM Slot	30
3.2 LEDs	31
The Web Configurator	33
4.1 Introduction	33
4.2 System Login	33
4.3 The Port Status Screen	34
4.3.1 Change Your Password	39
4.4 Saving Your Configuration	39
4.5 Switch Lockout	39
4.6 Resetting the Switch	40
4.6.1 Reload the Configuration File	40
4.7 Logging Out of the Web Configurator	41
4.8 Help	41
Initial Setup Example	42
5.1 Overview	42
5.2 Configuring Switch Management IP Address	42
5.2.1 Creating a VLAN	43
5.2.2 Setting Port VID	44
Tutorials	46
6.1 How to Use DHCP Relay Per VLAN on the Switch	46
6.1.1 DHCP Relay Tutorial Introduction	46
6.1.2 Creating a VLAN	46
6.1.3 Configuring Management IP Address	48
6.1.4 Configuring DHCP VLAN Settings	49
6.1.5 Testing the Connection	50
Technical Reference	51
System Status and Port Statistics	53
7.1 Overview	53
7.2 Port Status Summary	53
7.2.1 VDSL Port Status Change	54
7.2.2 VDSL Port Details	55
7.2.3 Bonding Group Details	65
7.2.4 VDSL Summary	66
7.2.5 Port Details	67
Basic Setting	70
8.1 Overview	70
8.2 System Information	70
8.3 General Setup	72
8.4 Introduction to VLANs	74
8.5 Switch Setup Screen	75
8.6 IPv6 Introduction	76
8.6.1 IPv6 Addressing	76
8.6.2 IPv6 Prefix and Prefix Length	77
8.6.3 IPv6 Subnet Masking	77
8.6.4 Interface ID	77
8.6.5 Link-local Address	77
8.6.6 Global Address	77
8.6.7 Unspecified	78
8.6.8 EUI-64	78
8.6.9 Stateless Autoconfiguration	78
8.7 IP Setup	79
8.7.1 Management IP Addresses	79
8.8 External Alarm Switch	81
8.9 Port Setup	82
8.10 Rate Limit Profile Setup	84
8.10.1 Per Queue Ratelimit Profile	85
8.11 Hardware Alarm Profile	87
8.12 CPE Port Status	87
8.13 IPv6 Setup	88
8.13.1 IPv6 Setup: Configuration	90
8.13.2 IPv6 ND Setup	91
8.13.3 IPv6 Neighbor Setup	91
8.14 SFP Threshold Setup	93
VDSL Setup	97
9.1 VDSL Overview	97
9.1.1 VDSL Profile Example	101
9.1.2 Primary and Fallback VDSL Templates Example	102
9.2 VDSL Line Setup	103
9.3 VDSL Template Setup	104
9.3.1 VDSL Line Profile Setup	106
9.3.2 VDSL Line Profile Setup > Rate Adaptive	109
9.3.3 VDSL Line Profile Setup > MIB PSD Mask	111
9.3.4 VDSL Line Profile Setup > DPBO	112
9.3.5 VDSL Line Profile Setup > RFI Band	113
9.3.6 VDSL Line Profile Setup > Virtual Noise	115
9.3.7 VDSL Channel Profile Setup	116
9.3.8 VDSL G.INP Setup	118
9.3.9 VDSL INM Profile Setup	119
9.4 VDSL Alarm Template Setup	121
9.4.1 VDSL Line Alarm Profile Setup	122
9.4.2 VDSL Channel Alarm Profile Setup	124
9.5 VDSL Bonding Setup	125
VLAN	129
10.1 Introduction to IEEE 802.1Q Tagged VLANs	129
10.1.1 Forwarding Tagged and Untagged Frames	129
10.1.2 VLAN Tagging Priority	130
10.2 Automatic VLAN Registration	130
10.2.1 GARP	130
10.2.2 GVRP	130
10.3 Port VLAN Trunking	131
10.4 Select the VLAN Type	131
10.5 Static VLAN	132
10.5.1 Static VLAN Status	132
10.5.2 VLAN Details	133
10.5.3 Configure a Static VLAN	134
10.5.4 Configure a VLAN Profile	135
10.5.5 Configure VLAN Port Settings	137
10.6 Subnet Based VLANs	138
10.7 Configuring Subnet Based VLAN	139
10.8 Protocol Based VLANs	141
10.9 Configuring Protocol Based VLAN	142
10.10 Create an IP-based VLAN Example	143
10.11 Configuring MAC Based VLAN	144
10.12 Port Based VLAN Setup	146
10.12.1 Configure a Port Based VLAN	147
10.13 VLAN Counter	150
Static MAC Forward Setup	152
11.1 Overview	152
11.2 Configuring Static MAC Forwarding	152
Static Multicast Forward Setup	154
12.1 Static Multicast Forwarding Overview	154
12.2 Configuring Static Multicast Forwarding	155
Filtering	158
13.1 Configure a Filtering Rule	158
Spanning Tree Protocol	160
14.1 STP/RSTP Overview	160
14.1.1 STP Terminology	160
14.1.2 How STP Works	161
14.1.3 STP Port States	161
14.1.4 Multiple RSTP	162
14.1.5 Multiple STP	162
14.2 Spanning Tree Protocol Status Screen	165
14.3 Spanning Tree Configuration	165
14.4 Configure Rapid Spanning Tree Protocol	166
14.5 Rapid Spanning Tree Protocol Status	167
14.6 Configure Multiple Rapid Spanning Tree Protocol	168
14.7 Multiple Rapid Spanning Tree Protocol Status	170
14.8 Configure Multiple Spanning Tree Protocol	171
14.9 Multiple Spanning Tree Protocol Status	173
Broadcast Storm Control	176
15.1 Broadcast Storm Control Setup	176
Mirroring	178
16.1 Port Mirroring Setup	178
Link Aggregation	180
17.1 Link Aggregation Overview	180
17.2 Dynamic Link Aggregation	180
17.2.1 Link Aggregation ID	181
17.3 Link Aggregation Status	181
17.4 Link Aggregation Setting	182
17.5 Link Aggregation Control Protocol	183
17.6 Static Trunking Example	184
Port Authentication	186
18.1 Port Authentication Overview	186
18.1.1 IEEE 802.1x Authentication	186
18.1.2 MAC Authentication	187
18.2 Port Authentication Configuration	188
18.2.1 Activate IEEE 802.1x Security	188
18.2.2 Activate MAC Authentication	189
MAC Limit	191
19.1 MAC Limit Overview	191
19.2 MAC Limit	191
19.2.1 MAC Limit: VLAN Security	192
Classifier	194
20.1 About the Classifier and QoS	194
20.2 Configuring the Classifier	194
20.3 Viewing and Editing Classifier Configuration	197
20.4 Classifier Example	199
Policy Rule	200
21.1 Policy Rules Overview	200
21.1.1 DiffServ	200
21.1.2 DSCP and Per-Hop Behavior	200
21.2 Configuring Policy Rules	200
21.3 Policy Example	204
Queuing Method	205
22.1 Queuing Method Overview	205
22.1.1 Strictly Priority Queuing	205
22.1.2 Weighted Fair Queuing	205
22.1.3 Weighted Round Robin Scheduling (WRR)	205
22.2 Configuring Queuing	206
VLAN Stacking	208
23.1 VLAN Stacking Overview	208
23.1.1 VLAN Stacking Example	208
23.2 VLAN Stacking Port Roles	209
23.3 VLAN Tag Format	210
23.3.1 Frame Format	210
23.4 Configuring VLAN Stacking	211
23.4.1 Port-based Q-in-Q	212
23.4.2 Selective Q-in-Q	214
23.4.3 Port-based InnerQ	215
Multicast	217
24.1 Multicast Overview	217
24.1.1 IP Multicast Addresses	217
24.1.2 IGMP Filtering	217
24.1.3 IGMP Snooping	217
24.1.4 IGMP Snooping and VLANs	218
24.1.5 IGMP Proxy	218
24.1.6 Multicast Listener Discovery	218
24.1.7 MLD Messages	218
24.2 Multicast Status	219
24.3 Multicast Setting	224
24.4 IGMP Snooping VLAN	226
24.5 IGMP Filtering Profile	227
24.6 MVR Overview	229
24.6.1 Types of MVR Ports	229
24.6.2 MVR Modes	229
24.6.3 How MVR Works	229
24.7 General MVR Configuration	230
24.8 MVR Group Configuration	232
24.8.1 MVR Configuration Example	234
Authentication and Accounting	236
25.1 Authentication, Authorization and Accounting	236
25.1.1 Local User Accounts	236
25.1.2 RADIUS and TACACS+	237
25.2 Authentication and Accounting Screens	237
25.2.1 RADIUS Server Setup	237
25.2.2 TACACS+ Server Setup	240
25.2.3 Authentication and Accounting Setup	242
25.2.4 Vendor Specific Attribute	244
25.3 Supported RADIUS Attributes	245
25.3.1 Attributes Used for Authentication	245
25.3.2 Attributes Used for Accounting	246
IP Source Guard	249
26.1 IP Source Guard Overview	249
26.1.1 DHCP Snooping Overview	249
26.1.2 ARP Inspection Overview	251
26.2 IP Source Guard	253
26.3 IP Source Guard Static Binding	253
26.4 DHCP Snooping	255
26.5 DHCP Snooping Configure	257
26.5.1 DHCP Snooping Port Configure	259
26.5.2 DHCP Snooping VLAN Configure	260
26.6 ARP Inspection Status	261
26.6.1 ARP Inspection VLAN Status	263
26.6.2 ARP Inspection Log Status	264
26.7 ARP Inspection Configure	265
26.7.1 ARP Inspection Port Configure	266
26.7.2 ARP Inspection VLAN Configure	268
Loop Guard	270
27.1 Loop Guard Overview	270
27.2 Loop Guard Setup	272
CFM	274
28.1 CFM Overview	274
28.1.1 How CFM Works	274
28.2 CFM MA	275
28.3 CFM MD	277
VLAN Mapping	278
29.1 VLAN Mapping Overview	278
29.1.1 VLAN Mapping Example	278
29.2 Enabling VLAN Mapping	279
29.3 Configuring VLAN Mapping	280
Layer 2 Protocol Tunneling	282
30.1 Layer 2 Protocol Tunneling Overview	282
30.1.1 Layer 2 Protocol Tunneling Mode	283
30.2 Configuring Layer 2 Protocol Tunneling	284
DoS Prevention	286
31.1 DoS Prevention Overview	286
31.2 Configuring DoS Prevention	286
PPPoE IA	288
32.1 PPPoE Intermediate Agent Overview	288
32.1.1 PPPoE Intermediate Agent Tag Format	288
32.1.2 Sub-Option Format	289
32.1.3 PPPoE IA Configuration Options	289
32.2 The PPPoE IA Status Screen	290
32.3 PPPoE IA Port Tel Configuration	290
32.4 PPPoE IA Global Configuration	291
32.5 PPPoE IA VLAN Configuration	293
32.6 ADSL Fallback	295
32.6.1 PVC Configuration	295
32.6.2 IPPVC Configuration	297
32.6.3 PAEPVC Configuration	299
Static Route	301
33.1 Static Routing Overview	301
33.2 Configuring Static Routing	302
Differentiated Services	304
34.1 DiffServ Overview	304
34.1.1 DSCP and Per-Hop Behavior	304
34.1.2 DiffServ Network Example	304
34.2 Two Rate Three Color Marker Traffic Policing	305
34.2.1 TRTCM-Color-blind Mode	306
34.2.2 TRTCM-Color-aware Mode	306
34.3 Activating DiffServ	306
34.3.1 Configuring 2-Rate 3 Color Marker Settings	307
34.4 DSCP-to-IEEE 802.1p Priority Settings	309
34.4.1 Configuring DSCP Settings	309
DHCP	311
35.1 DHCP Overview	311
35.1.1 DHCP Modes	311
35.1.2 DHCP Configuration Options	311
35.2 DHCP Status	311
35.3 DHCP Port Tel	312
35.4 DHCP Relay	313
35.4.1 DHCP Relay Agent Information	313
35.4.2 DHCP Relay Agent Information Format	313
35.4.3 Sub-Option Format	313
35.4.4 Configuring DHCP Global Relay	314
35.4.5 Global DHCP Relay Configuration Example	317
35.5 Configuring DHCP VLAN Settings	318
35.5.1 Example: DHCP Relay for Two VLANs	320
35.6 DHCPv6 LDRA	321
35.6.1 DHCPv6 Counter	324
35.6.2 Snooping Configure	324
Maintenance	327
36.1 The Maintenance Screen	327
36.2 Firmware Upgrade	328
36.2.1 Dual Firmware Image	328
36.3 Restore a Configuration File	329
36.4 Backup a Configuration File	330
36.5 Load Factory Default	330
36.6 Save Configuration	331
36.7 Reboot System	331
36.8 FTP Command Line	331
36.8.1 Filename Conventions	331
36.8.2 FTP Command Line Procedure	332
36.8.3 GUI-based FTP Clients	333
36.8.4 FTP Restrictions	333
Access Control	334
37.1 Access Control Overview	334
37.2 The Access Control Main Screen	334
37.3 About SNMP	334
37.3.1 SNMP v3 and Security	335
37.3.2 Supported MIBs	336
37.3.3 SNMP Traps	336
37.3.4 Configuring SNMP	342
37.3.5 Configuring SNMP Trap Group	344
37.3.6 Setting Up Login Accounts	344
37.4 SSH Overview	346
37.5 How SSH works	346
37.6 SSH Implementation on the Switch	347
37.6.1 Requirements for Using SSH	347
37.7 Introduction to HTTPS	347
37.8 HTTPS Example	348
37.8.1 Internet Explorer Warning Messages	348
37.8.2 Mozilla Firefox Warning Messages	351
37.8.3 The Main Screen	352
37.9 Service Port Access Control	353
37.10 Remote Management	354
Diagnostic	356
38.1 Diagnostic	356
Syslog	358
39.1 Syslog Overview	358
39.2 Syslog Setup	359
39.3 Syslog Server Setup	360
Loop Diagnostic	361
40.1 Dual-End Loop Test	361
40.2 Single-End Loop Test (SELT)	363
MAC Table	365
41.1 MAC Table Overview	365
41.2 Viewing the MAC Table	366
ARP Table	367
42.1 ARP Table Overview	367
42.1.1 How ARP Works	367
42.2 Viewing the ARP Table	367
Hardware Information	369
43.1 Hardware Information	369
CFM Action	370
44.1 CFM Action	370
IPv6 Cache	372
45.1 Overview	372
45.2 Neighbor Cache	373
45.3 Router	374
45.4 Path MTU	375
Troubleshooting	377
46.1 Power, Hardware Connections, and LEDs	377
46.2 Switch Access and Login	378
46.3 Switch Configuration	380
Product Specifications	381
Common Services	397
Legal Information	401

Match case Limit results 1 per page

Chapter 25 Authentication and Accounting

VES1724-56 User’s Guide

243

These fields specify which database the Switch should use (first, second and third) to

authenticate administrator accounts (users for Switch management).

Configure the local user accounts in the

Access Control > Logins

screen. The TACACS+

and RADIUS are external servers. Before you specify the priority, make sure you have set

up the corresponding database correctly first.

You can specify up to three methods for the Switch to authenticate administrator accounts.

The Switch checks the methods in the order you configure them (first

Method 1

, then

Method 2

and finally

Method 3

). You must configure the settings in the

Method 1

field. If

you want the Switch to check other sources for administrator accounts, specify them in

Method 2

and

Method 3

fields.

Select

local

to have the Switch check the administrator accounts configured in the

Access

Control > Logins

screen.

Select

radius

to have the Switch check the administrator accounts configured via your

RADIUS server.

Select

tacacs+

to have the Switch check the administrator accounts configured via your

TACACS+ server.

Accounting

Use this section to configure accounting settings on the Switch.

Update Period

This is the amount of time in minutes before the Switch sends an update to the accounting

server. This is only valid if you select the

start-stop

option for the

Exec

Dot1x

entries.

Type

The Switch supports the following types of events to be sent to the accounting server(s):

System

: Configure the Switch to send information when the following system events

occur: system boots up, system shuts down, system accounting is enabled, system

accounting is disabled

Exec

: Configure the Switch to send information when an administrator logs in and logs out

via the console port, Telnet or SSH.

Dot1x

: Configure the Switch to send information when an IEEE 802.1x client begins a

session (authenticates via the Switch), ends a session as well as interim updates of a

session.

Commands

: Configure the Switch to send information when commands of specified

privilege level and higher are executed on the Switch.

Active

Select this to activate accounting for a specified event types.

Broadcast

Select this to have the Switch send accounting information to all configured accounting

servers at the same time.

If you don’t select this and you have two accounting servers set up, then the Switch sends

information to the first accounting server and if it doesn’t get a response from the

accounting server then it tries the second accounting server.

Mode

The Switch supports two modes of recording login events. Select:

start-stop

: to have the Switch send information to the accounting server when a user

begins a session, during a user’s session (if it lasts past the

Update Period

), and when a

user ends a session.

stop-only

: to have the Switch send information to the accounting server only when a user

ends a session.

Method

Select whether you want to use RADIUS or TACACS+ for accounting of specific types of

events.

TACACS+ is the only method for recording

Commands

type of event.

Table 104

Advanced Application > Auth and Acct > Authentication Setup

(continued)

LABEL

DESCRIPTION