Home » Dell Manuals » Hubs & Switches » Dell PowerConnect 3424 » Manual Viewer

Dell PowerConnect 3424 User's Guide (.htm) - Page 35

Security Features, SSL, Port Based Authentication (802.1x), Locked Port Support, RADIUS Client, SSH

View all Dell PowerConnect 3424 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 35 highlights

Security Features SSL Secure Socket Layer (SSL) is an application-level protocol that enables secure transactions of data through privacy, authentication, and data integrity. It relies upon certificates and public and private keys. Port Based Authentication (802.1x) Port based authentication enables authenticating system users on a per-port basis via an external server. Only authenticated and approved system users can transmit and receive data. Ports are authenticated via the Remote Authentication Dial In User Service (RADIUS) server using the Extensible Authentication Protocol (EAP). For more information, see "Configuring Port Based Authentication." Locked Port Support Locked Port increases network security by limiting access on a specific port only to users with specific MAC addresses. These addresses are either manually defined or learned on that port. When a frame is seen on a locked port, and the frame source MAC address is not tied to that port, the protection mechanism is invoked. For more information, see "Configuring Port Security." RADIUS Client RADIUS is a client/server-based protocol. A RADIUS server maintains a user database, which contains per-user authentication information, such as user name, password and accounting information. For more information, see "Configuring RADIUS Settings." SSH Secure Shell (SSH) is a protocol that provides a secure, remote connection to a device. SSH version 2 is currently supported. The SSH server feature enables an SSH client to establish a secure, encrypted connection with a device. This connection provides functionality that is similar to an inbound telnet connection. SSH uses RSA and DSA Public Key cryptography for device connections and authentication. TACACS+ TACACS+ provides centralized security for validation of users accessing the device. TACACS+ provides a centralized user management system, while still retaining consistency with RADIUS and other authentication processes. For more information, see "Defining TACACS+ Settings." Introduction 35

Section	Page
Dell™ PowerConnect™ 34XX Systems	1
User’s Guide	1
Introduction	21
System Description	21
PowerConnect 3424	21
PowerConnect 3424P	21
PowerConnect 3448	22
PowerConnect 3448P	22
Stacking Overview	22
Understanding the Stack Topology	23
Stacking Failover Topology	23
Stacking Members and Unit ID	23
Removing and Replacing Stacking Members	24
Exchanging Stacking Members	25
Switching from the Stack Master to the Backup Stack Master	27
Features Overview	28
Power over Ethernet	28
Head of Line Blocking	28
Flow Control Support (IEEE 802.3X)	28
Back Pressure Support	28
Virtual Cable Testing (VCT)	28
MDI/MDIX Support	29
Auto Negotiation	29
MAC Address Supported Features	29
MAC Address Capacity Support	29
Static MAC Entries	29
Self-Learning MAC Addresses	29
Automatic Aging for MAC Addresses	29
VLAN-aware MAC-based Switching	30
MAC Multicast Support	30
Layer 2 Features	30
IGMP Snooping	30
Port Mirroring	30
Broadcast Storm Control	30
VLAN Supported Features	31
VLAN Support	31
Port Based Virtual LANs (VLANs)	31
Full 802.1Q VLAN Tagging Compliance	31
GVRP Support	31
Private VLANs	31
Spanning Tree Protocol Features	31
Spanning Tree Protocol (STP)	31
Fast Link	32
IEEE 802.1w Rapid Spanning Tree	32
IEEE 802.1s Multiple Spanning Tree	32
Link Aggregation	32
Link Aggregation	32
Link Aggregation and LACP	32
BootP and DHCP Clients	33
Quality of Service Features	33
Class Of Service 802.1p Support	33
Device Management Features	33
SNMP Alarms and Trap Logs	33
SNMP Versions 1, 2 and 3	33
Web Based Management	33
Configuration File Download and Upload	33
TFTP Trivial File Transfer Protocol	34
Remote Monitoring	34
Command Line Interface	34
Syslog	34
SNTP	34
Domain Name System	34
Traceroute	34
Security Features	35
SSL	35
Port Based Authentication (802.1x)	35
Locked Port Support	35
RADIUS Client	35
SSH	35
TACACS+	35
Password Management	36
Additional CLI Documentation	36
Hardware Description	37
Port Description	37
PowerConnect 3424 Port Description	37
PowerConnect 3448 Port Description	38
SFP Ports	39
RS-232 Console Port	39
Physical Dimensions	40
LED Definitions	40
Port LEDs	40
Gigabit Port LEDs	43
SFP LEDs	43
System LEDs	44
Power Supplies	45
AC Power Supply Unit	45
DC Power Supply Unit	46
Stack ID Button	47
Reset Button	47
Ventilation System	47
Installing the PowerConnect 3424/P and PowerConnect 3448/P	49
Site Preparation	49
Unpacking	49
Package Contents	49
Unpacking the Device	50
Mounting the Device	50
Installing in a Rack	50
Installing on a Flat Surface	51
Installing the Device on a Wall	52
Connecting to a Terminal	53
Connecting a Device to a Power Supply	54
Installing a Stack	54
Overview	54
Stacking PowerConnect 3400 Series Switches	54
Unit ID Selection Process	56
Starting and Configuring the Device	57
Connecting to the Device	57
Connecting the Terminal to the Device	57
Configuring PowerConnect 3424/P and 3448/P	59
Configuration Procedures	59
Booting the Switch	60
Initial Configuration	61
Wizard Step 1	62
Wizard Step 2	63
Wizard Step 3	63
Wizard Step 4	64
Wizard Step 5	64
Wizard Step 6	65
Advanced Configuration	65
Retrieving an IP Address From a DHCP Server	65
Receiving an IP Address From a BOOTP Server	66
Security Management and Password Configuration	67
Configuring Security Passwords	67
Configuring an Initial Terminal Password	68
Configuring an Initial Telnet Password	68
Configuring an Initial SSH password	69
Configuring an Initial HTTP Password	69
Configuring an initial HTTPS password:	69
Startup Procedures	70
Startup Menu Procedures	70
Download Software - option[1]	71
Erase FLASH File - option[2]	72
Password Recovery - option[3]	72
Enter Diagnostic Mode - option[4]	73
Set Terminal Baud-Rate - option[5]	73
Software Download Through TFTP Server	73
System Image Download	73
Boot Image Download	75
Port Default Settings	76
Auto-Negotiation	76
MDI/MDIX	76
Flow Control	76
Back Pressure	76
Switching Port Default Settings	77
Using Dell OpenManage Switch Administrator	79
Starting the Application	79
Understanding the Interface	79
Device Representation	81
Using the Switch Administrator Buttons	82
Information Buttons	82
Device Management Buttons	82
Field Definitions	83
Accessing the Device Through the CLI	83
Terminal Connection	83
Telnet Connection	84
Using the CLI	84
Command Mode Overview	84
User EXEC Mode	85
Privileged EXEC Mode	85
Global Configuration Mode	86
Configuring System Information	87
Defining General Switch Information	88
Viewing Switch Asset Information	88
Defining System Information	89
Initiating a Telnet Session	89
Configuring device Information Using the CLI Commands	89
Defining System Time Settings	93
Clock Source	95
Local Settings	95
Selecting a Clock Source	97
Defining Local Clock Settings	97
Defining Clock Settings Using CLI Commands	97
Viewing System Health Information	98
Viewing System Health Information Using the CLI Commands	100
Managing Power over Ethernet	101
Global	102
Port Settings	103
Defining PoE Settings	104
Managing PoE Using the CLI Commands	104
Viewing Version Information	106
Displaying Device Versions Using the CLI	106
Managing Stack Members	107
Switching Between Stack Masters	108
Configuring Stack Display Order	108
Managing Stacks Using the CLI Commands	108
Resetting the Device	109
Resetting the Device	109
Resetting the Device Using the CLI	109
Configuring SNTP Settings	110
Defining SNTP Global Parameters	112
Selecting a Clock Source	113
Defining Local Clock Settings	113
Defining SNTP Global Parameters Using CLI Commands	113
Defining SNTP Authentication Methods	114
Adding an SNTP Authentication Key	114
Displaying the Authentication Key Table	115
Deleting the Authentication Key	115
Defining SNTP Authentication Settings Using CLI Commands	116
Defining SNTP Servers	116
Adding an SNTP Server	118
Displaying the SNTP Server Table	118
Modifying an SNTP Server	119
Deleting the SNTP Server	119
Defining SNTP Servers Settings Using CLI Commands	119
Defining SNTP Interfaces	120
Adding an SNTP Interface	120
Defining SNTP Interface Settings Using CLI Commands	121
Managing Logs	122
Defining Global Log Parameters	122
Enabling Logs:	125
Enabling Logs Using CLI Commands	125
Viewing the RAM Log Table	126
Removing Log Information:	126
Viewing and Clearing the RAM Log Table Using the CLI Commands	127
Viewing the Log File Table	128
Displaying the Log File Table Using the CLI Commands	129
Viewing the Device Login History	130
Viewing Login History	130
Displaying the Device Login History using CLI Commands	131
Modifying Remote Log Server Definitions	132
Sending Logs to a Server:	133
Defining a New Server:	133
Displaying the Remote Log Servers Table:	133
Removing a Log Server from the Log Servers Table Page:	134
Working with Remote Server Logs Using the CLI Commands	134
Defining IP Addressing	135
Defining Default Gateways	135
Selecting a Device’s Gateway:	136
Removing a Device’s Default Gateway Device:	136
Defining a Device’s Gateway Using the CLI Commands	136
Defining IP Interfaces	137
Adding an IP Interface	137
Modifying IP Address Parameters	138
Deleting IP Addresses	138
Defining IP Interfaces Using CLI Commands	139
Defining DHCP IP Interface Parameters	140
Adding DHCP Clients	140
Modifying a DHCP IP Interface	141
Deleting a DHCP IP Interface	141
Defining DHCP IP Interfaces Using CLI Commands	141
Configuring Domain Name Systems	142
Adding a DNS Server	142
Displaying the DNS Servers Table	143
Removing DNS Servers	143
Configuring DNS Servers Using the CLI Commands	144
Defining Default Domains	145
Defining DNS Domain Names Using the CLI Commands	146
Mapping Domain Host	146
Adding Host Domain Names	147
Displaying the Hosts Name Mapping Table	147
Removing Host Name from IP Address Mapping	148
Mapping IP addresses to Domain Host Names Using the CLI Commands	148
Defining ARP Settings	149
Adding a Static ARP Table Entry:	150
Displaying the ARP Table	150
Deleting ARP Table Entry	150
Configuring ARP Using the CLI Commands	151
Running Cable Diagnostics	152
Viewing Copper Cable Diagnostics	152
Performing a Cable Test	153
Displaying Virtual Cable Test Results Table	153
Performing Copper Cable Tests Using CLI Commands	153
Viewing Optical Transceiver Diagnostics	154
Displaying the Optical Transceiver Diagnostics Test Results Table	155
Performing Fiber Optic Cable Tests Using CLI Commands	155
Managing Switch Security	156
Defining Access Profiles	156
Activating a Profile	157
Adding an Access Profile	157
Defining Rules for an Access Profile:	158
Adding Rules to Access Profile	159
Viewing the Profile Rules Table	159
Removing a Rule	160
Defining Access Profiles Using CLI Commands	160
Defining Authentication Profiles	163
Selecting an Authentication Profile:	164
Adding an Authentication Profile:	164
Displaying the Authentication Profiles Table:	165
Deleting an Authentication Profile:	165
Configuring an Authentication Profile Using CLI Commands	166
Selecting Authentication Profiles	166
Applying an Authentication List to Console Sessions	168
Applying an Authentication Profile to Telnet Sessions	168
Applying an Authentication Profile to Secure Telnet (SSH) Sessions	168
Assigning HTTP Sessions an Authentication Sequence	168
Assigning Secure HTTP Sessions an Authentication Sequence	168
Assigning Access Authentication Profiles or Sequences Using CLI Commands	169
Managing Passwords	170
Defining Password Management	171
Password Management Using CLI Commands	172
Defining the Local User Databases	173
Assigning Access Rights to a User:	174
Defining a New User:	174
Displaying the Local User Table:	175
Reactivating a Suspended User:	175
Deleting Users:	176
Assigning Users Using CLI Commands	176
Defining Line Passwords	177
Defining Line Passwords for Console Sessions	178
Defining Line Passwords for Telnet Sessions	178
Defining Line Passwords for Secure Telnet Sessions	178
Assigning Line Passwords Using CLI Commands	178
The following is an example of the CLI commands:	178
Defining Enable Passwords	179
Defining a New Enable Password:	180
Assigning Enable Passwords Using CLI Commands	180
Defining TACACS+ Settings	180
Adding a TACACS+ Server	182
Displaying the TACACS+ Table	182
Removing a TACACS+ Server	183
Defining TACACS+ Settings Using CLI Commands	183
Configuring RADIUS Settings	184
Defining RADIUS Parameters:	186
Adding a RADIUS Server:	186
Displaying the RADIUS Server List:	187
Removing a RADIUS Server	187
Defining RADIUS Servers Using CLI Commands	187
Defining SNMP Parameters	189
SNMP v1 and v2	189
SNMP v3	189
Defining SNMP Global Parameters	190
Enabling SNMP Notifications	191
Enabling Authentication Notifications	191
Enabling SNMP Notifications Using CLI Commands	191
Defining SNMP View Settings	193
Adding a View	194
Displaying the View Table	194
Defining SNMPv3 Views Using CLI Commands	195
Defining SNMP Access Control	196
Defining SNMP Groups	197
Displaying the Access Table	197
Removing SNMP Groups	198
Defining SNMP Access Control Using CLI Commands	198
Assigning SNMP User Security	199
Adding Users to a Group	200
Displaying the User Security Model Table	201
Deleting an User Security Model Table Entry	201
Defining SNMPv3 Users Using CLI Commands	201
Defining SNMP Communities	202
Defining a New Community	203
Deleting Communities	204
Configuring Communities Using CLI Commands	204
Defining SNMP Notification Filters	205
Adding SNMP Filters	205
Displaying the Filter Table	206
Removing a Filter	206
Configuring Notification Filters Using CLI Commands	207
Defining SNMP Notification Recipients	208
Adding a new Trap Recipients	209
Displaying Notification Recipients Tables	210
Deleting Notification Recipients	211
Configuring SNMP Notification Recipients Using CLI Commands	211
Managing Files	212
Management File Overview	212
Downloading Files	213
Downloading Files	214
Downloading Files Using CLI Commands	215
Uploading Files	215
Uploading Files	217
Uploading Files Using CLI Commands	217
Activating Image Files	218
Selecting an Image File	218
Working with the Active Image File Using CLI Commands	219
Copying Files	219
Copying Files	220
Restoring Company Factory Default Settings	220
Copying and Deleting Files Using CLI Commands	220
Managing Device Files	221
Managing Files Using CLI Commands	222
Configuring General Settings	223
Viewing RAM Log Entries Counter Using the CLI Commands	224
Configuring Switch Information	225
Configuring Network Security	225
Port Based Authentication	225
Advanced Port Based Authentication	225
Configuring Port Based Authentication	227
Displaying the Port Based Authentication Table	229
Copying parameters in the Port Based Authentication Table	229
Enabling Port Based Authentication Using the CLI Commands	230
Configuring Advanced Port Based Authentication	231
Displaying the Multiple Hosts Table	232
Enabling Multiple Hosts Using the CLI Commands	234
Authenticating Users	235
Displaying the Authenticated Users Table	236
Authenticating Users Using the CLI Commands	236
Configuring Port Security	237
Defining a Locked Port	239
Displaying the Port Security Table	239
Configuring Locked Port Security with CLI Commands	240
Defining MAC Based ACLs	241
Adding a MAC-Based ACL:	241
Displaying ACL-Specific ACEs	242
Removing ACLs	242
Assigning MAC based ACEs to ACLs Using the CLI Commands	243
Configuring ACL Binding	244
Assigning an ACL to an Interface	244
Removing an Entry from the ACL Bindings Table	245
Displaying the ACL Bindings Table	245
Copying Parameters in the ACL Bindings Table	245
Assigning ACL Membership Using the CLI Commands	246
Configuring Ports	246
Defining Port Configuration	246
Defining Port Parameters	249
Displaying the Port Table	249
Configuring Ports with CLI Commands	250
Defining LAG Parameters	252
Defining LAG Parameters	254
Modifying LAG Parameters	254
Displaying the LAG Configuration Table:	254
Configuring LAGs with CLI Commands	255
Enabling Storm Control	257
Enabling Storm Control	258
Modifying Storm Control Port Parameters	258
Displaying the Port Parameters Table	258
Copying Parameters in the Storm Control Settings Table	259
Configuring Storm Control with CLI Commands	259
Defining Port Mirroring Sessions	260
Adding a Port Mirroring Session	262
Deleting a Copy Port from a Port Mirroring Session	262
Configuring a Port Mirroring Session Using CLI Commands	262
Configuring Address Tables	263
Defining Static Addresses	263
Adding a Static MAC Address	265
Modifying a Static Address Setting in the Static MAC Address Table	265
Removing a Static Address from the Static Address Table	265
Configuring Static Address Parameters Using CLI Commands	266
Viewing Dynamic Addresses	267
Redefining the Aging Time	268
Querying the Dynamic Address Table	268
Sorting the Dynamic Address Table	268
Querying and Sorting Dynamic Addresses Using CLI Commands	269
Configuring GARP	270
Defining GARP Timers	270
Defining GARP Timers	271
Copying Parameters in the GARP Timers Table	271
Defining GARP Timers Using CLI Commands	272
Configuring the Spanning Tree Protocol	273
Defining STP Global Settings	274
Defining STP Global Parameters	276
Modifying STP Global Parameters	276
Defining STP Global Parameters Using CLI Commands	276
Defining STP Port Settings	280
Enabling STP on a Port	282
Modifying STP Port Properties	282
Displaying the STP Port Table	282
Defining STP Port Settings Using CLI Commands	282
Defining STP LAG Settings	284
Modifying the LAG STP Parameters	286
Defining STP LAG Settings Using CLI Commands	286
Defining Rapid Spanning Tree	288
Defining RSTP parameters	289
Displaying the Rapid Spanning Tree (RSTP) Table	289
Defining Rapid STP Parameters Using CLI Commands	289
Configuring Multiple Spanning Tree	291
Displaying the MSTP Instance Table	292
Defining MST Instances Using CLI Commands	293
Defining MSTP Interface Settings	295
Defining MSTP Interface Settings	296
Viewing the MSTP Interface Table	296
Defining MSTP Interfaces Using CLI Commands	297
Configuring VLANs	299
Defining VLAN Membership	300
Adding New VLANs	301
Modifying VLAN Membership Groups	301
Deleting VLANs	301
Defining VLAN Membership Groups Using CLI Commands	301
VLAN Port Membership Table	302
Assigning Ports to a VLAN Group	302
Deleting a VLAN	303
Assigning Ports to VLAN Groups Using CLI Commands	303
Defining VLAN Ports Settings	305
Assigning Port Settings	306
Displaying the VLAN Port Table	306
Defining VLAN LAGs Settings	307
Assigning VLAN LAG Settings:	308
Displaying the VLAN LAG Table	308
Assigning LAGs to VLAN Groups Using CLI Commands	308
Binding MAC Address to VLANs	310
Displaying the MAC to VLAN table:	310
Binding MAC address to VLAN using CLI commands:	311
Configuring GVRP Parameters	312
Enabling GVRP on the Device	313
Enabling VLAN Registration Through GVRP	313
Configuring GVRP Using CLI Commands	313
Configuring Private VLANs	315
Adding Private VLANs	316
Displaying the PV Ports Table	317
Configuring PVLANs using CLI commands	318
Aggregating Ports	319
Defining LACP Parameters	319
Defining LACP Parameters	320
Defining Link Aggregation Global Parameters	321
Defining Link Aggregation Port Parameters	321
Displaying the LACP Parameters Table	321
Configuring LACP Parameters Using CLI Commands	321
Defining LAG Membership	322
Adding Ports to a LAG or LACP	323
Adding Ports to LAGs Using CLI Commands	323
Multicast Forwarding Support	324
Defining Multicast Global Parameters	324

Match case Limit results 1 per page

Introduction

Security Features

SSL

Secure Socket Layer (SSL) is an application-level protocol that enables secure transactions of data

through privacy, authentication, and data integrity. It relies upon certificates and public and private

keys.

Port Based Authentication (802.1x)

Port based authentication enables authenticating system users on a per-port basis via an external

server. Only authenticated and approved system users can transmit and receive data. Ports are

authenticated via the Remote Authentication Dial In User Service (RADIUS) server using the

Extensible Authentication Protocol (EAP).

For more information, see "Configuring Port Based Authentication."

Locked Port Support

Locked Port increases network security by limiting access on a specific port only to users with

specific MAC addresses. These addresses are either manually defined or learned on that port.

When a frame is seen on a locked port, and the frame source MAC address is not tied to that port,

the protection mechanism is invoked.

For more information, see "Configuring Port Security."

RADIUS Client

RADIUS is a client/server-based protocol. A RADIUS server maintains a user database, which

contains per-user authentication information, such as user name, password and accounting

information.

For more information, see "Configuring RADIUS Settings."

SSH

Secure Shell (SSH) is a protocol that provides a secure, remote connection to a device. SSH version

2 is currently supported. The SSH server feature enables an SSH client to establish a secure,

encrypted connection with a device. This connection provides functionality that is similar to an

inbound telnet connection. SSH uses RSA and DSA Public Key cryptography for device

connections and authentication.

TACACS+

TACACS+ provides centralized security for validation of users accessing the device. TACACS+

provides a centralized user management system, while still retaining consistency with RADIUS and

other authentication processes.

For more information, see "Defining TACACS+ Settings."