Home » ZyXEL Manuals » Networking » ZyXEL VES1724-56B2 » Manual Viewer

ZyXEL VES1724-56B2 User Guide - Page 343

Management, Access Control, Logins, Table 162, LABEL, DESCRIPTION

Add to My Manuals
Save this manual to your list of manuals

Page 343 highlights

Chapter 37 Access Control Table 162 Management > Access Control > SNMP (continued) LABEL Get Community DESCRIPTION Enter the Get Community string, which is the password for the incoming Get- and GetNext- requests from the management station. Set Community The Get Community string is only used by SNMP managers using SNMP version 2c or lower. Enter the Set Community, which is the password for incoming Set- requests from the management station. Trap Community The Set Community string is only used by SNMP managers using SNMP version 2c or lower. Enter the Trap Community string, which is the password sent with each trap to the SNMP manager. Trap Destination Version IP Port Username The Trap Community string is only used by SNMP managers using SNMP version 2c or lower. Use this section to configure where to send SNMP traps from the Switch. Specify the version of the SNMP trap messages. Enter the IPv4 or IPv6 addresses of up to four managers to send your SNMP traps to. Enter the port number upon which the manager listens for SNMP traps. Enter the username to be sent to the SNMP manager along with the SNMP v3 trap. User Information Note: This username must match an existing account on the Switch (configured in the Management > Access Control > Logins screen). Use this section to configure users for authentication with managers using SNMP v3. Index Username Security Level Note: Use the username and password of the login accounts you specify in this section to create accounts on the SNMP v3 manager. This is a read-only number identifying a login account on the Switch. This field displays the username of a login account on the Switch. Select whether you want to implement authentication and/or encryption for SNMP communication from this user. Choose: • noauth: to use the username as the password string to send to the SNMP manager. This is equivalent to the Get, Set and Trap Community in SNMP v2c. This is the lowest security level. • auth: to implement an authentication algorithm for SNMP messages sent by this user. • priv: to implement authentication and encryption for SNMP messages sent by this user. This is the highest security level. Note: The settings on the SNMP manager must be set at the same security level or higher than the security level settings on the Switch. Authentication Select an authentication algorithm. MD5 (Message Digest 5) and SHA (Secure Hash Algorithm) are hash algorithms used to authenticate SNMP data. SHA authentication is generally considered stronger than MD5, but is slower. Privacy Specify the encryption method for SNMP communication from this user. You can choose one of the following: Apply Cancel • DES - Data Encryption Standard is a widely used (but breakable) method of data encryption. It applies a 56-bit key to each 64-bit block of data. • AES - Advanced Encryption Standard is another method for data encryption that also uses a secret key. AES applies a 128-bit key to 128-bit blocks of data. Click Apply to save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. VES1724-56 User's Guide 343

Section	Page
VES1724-56	1
Contents Overview	3
Table of Contents	5
User’s Guide	17
Getting to Know Your Switch	19
1.1 Introduction	19
1.2 Applications	19
1.2.1 MTU Application	19
1.2.2 Curbside Application	20
1.3 Ways to Manage the Switch	21
1.4 Good Habits for Managing the Switch	21
Hardware Installation and Connection	23
2.1 Installation Scenarios	23
2.2 Desktop Installation Procedure	23
2.3 Mounting the Switch on a Rack	24
2.3.1 Rack-mounted Installation Requirements	24
2.3.2 Attaching the Mounting Brackets to the Switch	24
2.3.3 Mounting the Switch on a Rack	25
2.4 Connecting the Frame Ground	25
Hardware Overview	26
3.1 Front Panel	26
3.1.1 Power Connector	26
3.1.2 Gigabit Ethernet Ports	27
3.1.3 Mini-GBIC Slots	28
3.1.4 Management Port	29
3.1.5 Console Port	30
3.1.6 ALARM Slot	30
3.2 LEDs	31
The Web Configurator	33
4.1 Introduction	33
4.2 System Login	33
4.3 The Port Status Screen	34
4.3.1 Change Your Password	39
4.4 Saving Your Configuration	39
4.5 Switch Lockout	39
4.6 Resetting the Switch	40
4.6.1 Reload the Configuration File	40
4.7 Logging Out of the Web Configurator	41
4.8 Help	41
Initial Setup Example	42
5.1 Overview	42
5.2 Configuring Switch Management IP Address	42
5.2.1 Creating a VLAN	43
5.2.2 Setting Port VID	44
Tutorials	46
6.1 How to Use DHCP Relay Per VLAN on the Switch	46
6.1.1 DHCP Relay Tutorial Introduction	46
6.1.2 Creating a VLAN	46
6.1.3 Configuring Management IP Address	48
6.1.4 Configuring DHCP VLAN Settings	49
6.1.5 Testing the Connection	50
Technical Reference	51
System Status and Port Statistics	53
7.1 Overview	53
7.2 Port Status Summary	53
7.2.1 VDSL Port Status Change	54
7.2.2 VDSL Port Details	55
7.2.3 Bonding Group Details	65
7.2.4 VDSL Summary	66
7.2.5 Port Details	67
Basic Setting	70
8.1 Overview	70
8.2 System Information	70
8.3 General Setup	72
8.4 Introduction to VLANs	74
8.5 Switch Setup Screen	75
8.6 IPv6 Introduction	76
8.6.1 IPv6 Addressing	76
8.6.2 IPv6 Prefix and Prefix Length	77
8.6.3 IPv6 Subnet Masking	77
8.6.4 Interface ID	77
8.6.5 Link-local Address	77
8.6.6 Global Address	77
8.6.7 Unspecified	78
8.6.8 EUI-64	78
8.6.9 Stateless Autoconfiguration	78
8.7 IP Setup	79
8.7.1 Management IP Addresses	79
8.8 External Alarm Switch	81
8.9 Port Setup	82
8.10 Rate Limit Profile Setup	84
8.10.1 Per Queue Ratelimit Profile	85
8.11 Hardware Alarm Profile	87
8.12 CPE Port Status	87
8.13 IPv6 Setup	88
8.13.1 IPv6 Setup: Configuration	90
8.13.2 IPv6 ND Setup	91
8.13.3 IPv6 Neighbor Setup	91
8.14 SFP Threshold Setup	93
VDSL Setup	97
9.1 VDSL Overview	97
9.1.1 VDSL Profile Example	101
9.1.2 Primary and Fallback VDSL Templates Example	102
9.2 VDSL Line Setup	103
9.3 VDSL Template Setup	104
9.3.1 VDSL Line Profile Setup	106
9.3.2 VDSL Line Profile Setup > Rate Adaptive	109
9.3.3 VDSL Line Profile Setup > MIB PSD Mask	111
9.3.4 VDSL Line Profile Setup > DPBO	112
9.3.5 VDSL Line Profile Setup > RFI Band	113
9.3.6 VDSL Line Profile Setup > Virtual Noise	115
9.3.7 VDSL Channel Profile Setup	116
9.3.8 VDSL G.INP Setup	118
9.3.9 VDSL INM Profile Setup	119
9.4 VDSL Alarm Template Setup	121
9.4.1 VDSL Line Alarm Profile Setup	122
9.4.2 VDSL Channel Alarm Profile Setup	124
9.5 VDSL Bonding Setup	125
VLAN	129
10.1 Introduction to IEEE 802.1Q Tagged VLANs	129
10.1.1 Forwarding Tagged and Untagged Frames	129
10.1.2 VLAN Tagging Priority	130
10.2 Automatic VLAN Registration	130
10.2.1 GARP	130
10.2.2 GVRP	130
10.3 Port VLAN Trunking	131
10.4 Select the VLAN Type	131
10.5 Static VLAN	132
10.5.1 Static VLAN Status	132
10.5.2 VLAN Details	133
10.5.3 Configure a Static VLAN	134
10.5.4 Configure a VLAN Profile	135
10.5.5 Configure VLAN Port Settings	137
10.6 Subnet Based VLANs	138
10.7 Configuring Subnet Based VLAN	139
10.8 Protocol Based VLANs	141
10.9 Configuring Protocol Based VLAN	142
10.10 Create an IP-based VLAN Example	143
10.11 Configuring MAC Based VLAN	144
10.12 Port Based VLAN Setup	146
10.12.1 Configure a Port Based VLAN	147
10.13 VLAN Counter	150
Static MAC Forward Setup	152
11.1 Overview	152
11.2 Configuring Static MAC Forwarding	152
Static Multicast Forward Setup	154
12.1 Static Multicast Forwarding Overview	154
12.2 Configuring Static Multicast Forwarding	155
Filtering	158
13.1 Configure a Filtering Rule	158
Spanning Tree Protocol	160
14.1 STP/RSTP Overview	160
14.1.1 STP Terminology	160
14.1.2 How STP Works	161
14.1.3 STP Port States	161
14.1.4 Multiple RSTP	162
14.1.5 Multiple STP	162
14.2 Spanning Tree Protocol Status Screen	165
14.3 Spanning Tree Configuration	165
14.4 Configure Rapid Spanning Tree Protocol	166
14.5 Rapid Spanning Tree Protocol Status	167
14.6 Configure Multiple Rapid Spanning Tree Protocol	168
14.7 Multiple Rapid Spanning Tree Protocol Status	170
14.8 Configure Multiple Spanning Tree Protocol	171
14.9 Multiple Spanning Tree Protocol Status	173
Broadcast Storm Control	176
15.1 Broadcast Storm Control Setup	176
Mirroring	178
16.1 Port Mirroring Setup	178
Link Aggregation	180
17.1 Link Aggregation Overview	180
17.2 Dynamic Link Aggregation	180
17.2.1 Link Aggregation ID	181
17.3 Link Aggregation Status	181
17.4 Link Aggregation Setting	182
17.5 Link Aggregation Control Protocol	183
17.6 Static Trunking Example	184
Port Authentication	186
18.1 Port Authentication Overview	186
18.1.1 IEEE 802.1x Authentication	186
18.1.2 MAC Authentication	187
18.2 Port Authentication Configuration	188
18.2.1 Activate IEEE 802.1x Security	188
18.2.2 Activate MAC Authentication	189
MAC Limit	191
19.1 MAC Limit Overview	191
19.2 MAC Limit	191
19.2.1 MAC Limit: VLAN Security	192
Classifier	194
20.1 About the Classifier and QoS	194
20.2 Configuring the Classifier	194
20.3 Viewing and Editing Classifier Configuration	197
20.4 Classifier Example	199
Policy Rule	200
21.1 Policy Rules Overview	200
21.1.1 DiffServ	200
21.1.2 DSCP and Per-Hop Behavior	200
21.2 Configuring Policy Rules	200
21.3 Policy Example	204
Queuing Method	205
22.1 Queuing Method Overview	205
22.1.1 Strictly Priority Queuing	205
22.1.2 Weighted Fair Queuing	205
22.1.3 Weighted Round Robin Scheduling (WRR)	205
22.2 Configuring Queuing	206
VLAN Stacking	208
23.1 VLAN Stacking Overview	208
23.1.1 VLAN Stacking Example	208
23.2 VLAN Stacking Port Roles	209
23.3 VLAN Tag Format	210
23.3.1 Frame Format	210
23.4 Configuring VLAN Stacking	211
23.4.1 Port-based Q-in-Q	212
23.4.2 Selective Q-in-Q	214
23.4.3 Port-based InnerQ	215
Multicast	217
24.1 Multicast Overview	217
24.1.1 IP Multicast Addresses	217
24.1.2 IGMP Filtering	217
24.1.3 IGMP Snooping	217
24.1.4 IGMP Snooping and VLANs	218
24.1.5 IGMP Proxy	218
24.1.6 Multicast Listener Discovery	218
24.1.7 MLD Messages	218
24.2 Multicast Status	219
24.3 Multicast Setting	224
24.4 IGMP Snooping VLAN	226
24.5 IGMP Filtering Profile	227
24.6 MVR Overview	229
24.6.1 Types of MVR Ports	229
24.6.2 MVR Modes	229
24.6.3 How MVR Works	229
24.7 General MVR Configuration	230
24.8 MVR Group Configuration	232
24.8.1 MVR Configuration Example	234
Authentication and Accounting	236
25.1 Authentication, Authorization and Accounting	236
25.1.1 Local User Accounts	236
25.1.2 RADIUS and TACACS+	237
25.2 Authentication and Accounting Screens	237
25.2.1 RADIUS Server Setup	237
25.2.2 TACACS+ Server Setup	240
25.2.3 Authentication and Accounting Setup	242
25.2.4 Vendor Specific Attribute	244
25.3 Supported RADIUS Attributes	245
25.3.1 Attributes Used for Authentication	245
25.3.2 Attributes Used for Accounting	246
IP Source Guard	249
26.1 IP Source Guard Overview	249
26.1.1 DHCP Snooping Overview	249
26.1.2 ARP Inspection Overview	251
26.2 IP Source Guard	253
26.3 IP Source Guard Static Binding	253
26.4 DHCP Snooping	255
26.5 DHCP Snooping Configure	257
26.5.1 DHCP Snooping Port Configure	259
26.5.2 DHCP Snooping VLAN Configure	260
26.6 ARP Inspection Status	261
26.6.1 ARP Inspection VLAN Status	263
26.6.2 ARP Inspection Log Status	264
26.7 ARP Inspection Configure	265
26.7.1 ARP Inspection Port Configure	266
26.7.2 ARP Inspection VLAN Configure	268
Loop Guard	270
27.1 Loop Guard Overview	270
27.2 Loop Guard Setup	272
CFM	274
28.1 CFM Overview	274
28.1.1 How CFM Works	274
28.2 CFM MA	275
28.3 CFM MD	277
VLAN Mapping	278
29.1 VLAN Mapping Overview	278
29.1.1 VLAN Mapping Example	278
29.2 Enabling VLAN Mapping	279
29.3 Configuring VLAN Mapping	280
Layer 2 Protocol Tunneling	282
30.1 Layer 2 Protocol Tunneling Overview	282
30.1.1 Layer 2 Protocol Tunneling Mode	283
30.2 Configuring Layer 2 Protocol Tunneling	284
DoS Prevention	286
31.1 DoS Prevention Overview	286
31.2 Configuring DoS Prevention	286
PPPoE IA	288
32.1 PPPoE Intermediate Agent Overview	288
32.1.1 PPPoE Intermediate Agent Tag Format	288
32.1.2 Sub-Option Format	289
32.1.3 PPPoE IA Configuration Options	289
32.2 The PPPoE IA Status Screen	290
32.3 PPPoE IA Port Tel Configuration	290
32.4 PPPoE IA Global Configuration	291
32.5 PPPoE IA VLAN Configuration	293
32.6 ADSL Fallback	295
32.6.1 PVC Configuration	295
32.6.2 IPPVC Configuration	297
32.6.3 PAEPVC Configuration	299
Static Route	301
33.1 Static Routing Overview	301
33.2 Configuring Static Routing	302
Differentiated Services	304
34.1 DiffServ Overview	304
34.1.1 DSCP and Per-Hop Behavior	304
34.1.2 DiffServ Network Example	304
34.2 Two Rate Three Color Marker Traffic Policing	305
34.2.1 TRTCM-Color-blind Mode	306
34.2.2 TRTCM-Color-aware Mode	306
34.3 Activating DiffServ	306
34.3.1 Configuring 2-Rate 3 Color Marker Settings	307
34.4 DSCP-to-IEEE 802.1p Priority Settings	309
34.4.1 Configuring DSCP Settings	309
DHCP	311
35.1 DHCP Overview	311
35.1.1 DHCP Modes	311
35.1.2 DHCP Configuration Options	311
35.2 DHCP Status	311
35.3 DHCP Port Tel	312
35.4 DHCP Relay	313
35.4.1 DHCP Relay Agent Information	313
35.4.2 DHCP Relay Agent Information Format	313
35.4.3 Sub-Option Format	313
35.4.4 Configuring DHCP Global Relay	314
35.4.5 Global DHCP Relay Configuration Example	317
35.5 Configuring DHCP VLAN Settings	318
35.5.1 Example: DHCP Relay for Two VLANs	320
35.6 DHCPv6 LDRA	321
35.6.1 DHCPv6 Counter	324
35.6.2 Snooping Configure	324
Maintenance	327
36.1 The Maintenance Screen	327
36.2 Firmware Upgrade	328
36.2.1 Dual Firmware Image	328
36.3 Restore a Configuration File	329
36.4 Backup a Configuration File	330
36.5 Load Factory Default	330
36.6 Save Configuration	331
36.7 Reboot System	331
36.8 FTP Command Line	331
36.8.1 Filename Conventions	331
36.8.2 FTP Command Line Procedure	332
36.8.3 GUI-based FTP Clients	333
36.8.4 FTP Restrictions	333
Access Control	334
37.1 Access Control Overview	334
37.2 The Access Control Main Screen	334
37.3 About SNMP	334
37.3.1 SNMP v3 and Security	335
37.3.2 Supported MIBs	336
37.3.3 SNMP Traps	336
37.3.4 Configuring SNMP	342
37.3.5 Configuring SNMP Trap Group	344
37.3.6 Setting Up Login Accounts	344
37.4 SSH Overview	346
37.5 How SSH works	346
37.6 SSH Implementation on the Switch	347
37.6.1 Requirements for Using SSH	347
37.7 Introduction to HTTPS	347
37.8 HTTPS Example	348
37.8.1 Internet Explorer Warning Messages	348
37.8.2 Mozilla Firefox Warning Messages	351
37.8.3 The Main Screen	352
37.9 Service Port Access Control	353
37.10 Remote Management	354
Diagnostic	356
38.1 Diagnostic	356
Syslog	358
39.1 Syslog Overview	358
39.2 Syslog Setup	359
39.3 Syslog Server Setup	360
Loop Diagnostic	361
40.1 Dual-End Loop Test	361
40.2 Single-End Loop Test (SELT)	363
MAC Table	365
41.1 MAC Table Overview	365
41.2 Viewing the MAC Table	366
ARP Table	367
42.1 ARP Table Overview	367
42.1.1 How ARP Works	367
42.2 Viewing the ARP Table	367
Hardware Information	369
43.1 Hardware Information	369
CFM Action	370
44.1 CFM Action	370
IPv6 Cache	372
45.1 Overview	372
45.2 Neighbor Cache	373
45.3 Router	374
45.4 Path MTU	375
Troubleshooting	377
46.1 Power, Hardware Connections, and LEDs	377
46.2 Switch Access and Login	378
46.3 Switch Configuration	380
Product Specifications	381
Common Services	397
Legal Information	401

Match case Limit results 1 per page

Chapter 37 Access Control

VES1724-56 User’s Guide

343

Get Community

Enter the

Get Community

string, which is the password for the incoming Get- and

GetNext- requests from the management station.

The

Get Community

string is only used by SNMP managers using SNMP version 2c or

lower.

Set Community

Enter the

Set Community

, which is the password for incoming Set- requests from the

management station.

The

Set Community

string is only used by SNMP managers using SNMP version 2c or

lower.

Trap Community

Enter the

Trap Community

string, which is the password sent with each trap to the

SNMP manager.

The

Trap Community

string is only used by SNMP managers using SNMP version 2c or

lower.

Trap Destination

Use this section to configure where to send SNMP traps from the Switch.

Version

Specify the version of the SNMP trap messages.

Enter the IPv4 or IPv6 addresses of up to four managers to send your SNMP traps to.

Port

Enter the port number upon which the manager listens for SNMP traps.

Username

Enter the username to be sent to the SNMP manager along with the SNMP v3 trap.

Note: This username must match an existing account on the Switch (configured in the

Management

Access Control

Logins

screen).

User Information

Use this section to configure users for authentication with managers using SNMP v3.

Note: Use the username and password of the login accounts you specify in this section to

create accounts on the SNMP v3 manager.

Index

This is a read-only number identifying a login account on the Switch.

Username

This field displays the username of a login account on the Switch.

Security Level

Select whether you want to implement authentication and/or encryption for SNMP

communication from this user. Choose:

•

noauth

: to use the username as the password string to send to the SNMP manager.

This is equivalent to the Get, Set and Trap Community in SNMP v2c. This is the lowest

security level.

•

auth

: to implement an authentication algorithm for SNMP messages sent by this user.

•

priv

: to implement authentication and encryption for SNMP messages sent by this

user. This is the highest security level.

Note: The settings on the SNMP manager must be set at the same security level or higher

than the security level settings on the Switch.

Authentication

Select an authentication algorithm.

MD5

(Message Digest 5) and

SHA

(Secure Hash

Algorithm) are hash algorithms used to authenticate SNMP data.

SHA

authentication is

generally considered stronger than

MD5

, but is slower.

Privacy

Specify the encryption method for SNMP communication from this user. You can choose

one of the following:

•

DES

- Data Encryption Standard is a widely used (but breakable) method of data

encryption. It applies a 56-bit key to each 64-bit block of data.

•

AES

- Advanced Encryption Standard is another method for data encryption that also

uses a secret key. AES applies a 128-bit key to 128-bit blocks of data.

Apply

Click

Apply

to save your changes to the Switch’s run-time memory. The Switch loses

these changes if it is turned off or loses power, so use the

Save

link on the top navigation

panel to save your changes to the non-volatile memory when you are done configuring.

Cancel

Click

Cancel

to begin configuring this screen afresh.

Table 162

Management > Access Control > SNMP

(continued)

LABEL

DESCRIPTION