Home » Dell Manuals » Hubs & Switches » Dell PowerConnect 6248 » Manual Viewer

Dell PowerConnect 6248 User's Guide - Page 37

Security Features, MLD/MLDv2 RFC2710/RFC3810, Access Control Lists ACL, Dot1x Authentication 802.1x - voip

View all Dell PowerConnect 6248 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 37 highlights

MLD/MLDv2 (RFC2710/RFC3810) MLD is used by IPv6 systems (listeners and routers) to report their IP multicast addresses memberships to any neighboring multicast routers. The implementation of MLD v2 is backward compatible with MLD v1. MLD protocol enables the IPv6 router to discover the presence of multicast listeners, the nodes that want to receive the multicast data packets, on its directly attached interfaces. The protocol specifically discovers which multicast addresses are of interest to its neighboring nodes and provides this information to the multicast routing protocol that make the decision on the flow of the multicast data packets. Security Features Access Control Lists (ACL) Access Control Lists (ACLs) ensure that only authorized users have access to specific resources while blocking off any unwarranted attempts to reach network resources. ACLs are used to provide traffic flow control, restrict contents of routing updates, decide which types of traffic are forwarded or blocked, and above all provide security for the network. For information about defining ACLs, see "IP ACL Configuration" and "MAC ACL Configuration." Dot1x Authentication (802.1x) Dot1x authentication enables the authentication of system users through an external server. Only authenticated and approved system users can transmit and receive data. Supplicants are authenticated through the Remote Authentication Dial In User Service (RADIUS) server using the Extensible Authentication Protocol (EAP). Also supported are PEAP, EAP-TTL, EAP-TTLS, and EAP-TLS. MACbased authentication allows multiple supplicants connected to the same port to each authenticate individually. For example, a system attached to the port might be required to authenticate in order to gain access to the network, while a VoIP phone might not need to authenticate in order to send voice traffic through the port. For information about enabling and configuring 802.1X port authentication, see "Dot1x Authentication." Locked Port Support The locked port feature limits access on a port to users with specific MAC addresses. These addresses are manually defined or learned on that port. When a frame is seen on a locked port, and the frame source MAC address is not tied to that port, the protection mechanism is invoked. For information about enabling locked port security, see "Port Security." Password Management Security Password management provides increased network security and improved password control. Passwords for SSH, Telnet, HTTP, HTTPS, and SNMP access are assigned security features. For more information about password management, see "Password Management." Introduction 37

Section	Page
Introduction	19
System Features	20
Switching Features	23
Port-Based Features	25
Virtual Local Area Network Supported Features	26
Spanning Tree Protocol Features	28
Link Aggregation Features	29
IP Phone and Access Point Support Features	29
Routing Features	31
MAC Address Supported Features	32
IPv4 Routing Features	33
IPv6 Routing Features	33
IPv6	34
OSPFv3	35
Quality of Service Features	35
Multicast Features	36
IPv4 Multicast Features	36
IPv6 Multicast Features	36
Security Features	37
Additional Documentation	38
Using Dell™ OpenManage™ Switch Administrator	39
Setting the IP Address of the Switch	40
Setting DHCP on the Management Interface	40
Setting a Static Address on the Management Interface	40
Starting the Application	41
Understanding the Interface	41
Using the Switch Administrator Buttons	44
Information Buttons	44
Device Management Buttons	44
Check Boxes	45
Defining Fields	45
Accessing the Switch Through the CLI	45
Console Connection	46
Telnet Connection	46
Using the CLI	46
Command Mode Overview	46
User EXEC Mode	47
Privileged EXEC Mode	47
Global Configuration Mode	48
Interface Configuration Mode	48
Cable and Port Information	49
Overview	49
Ethernet Interface	50
SFP Interfaces	51
Bay 1 and Bay 2 Interfaces	52
Serial Cable Connection	52
Connecting the Switch to a Terminal	52
Power Connection	53
Hardware Description	55
Overview	55
Front Panel	56
Rear Panel	59
Console (RS-232) Port	61
Physical Dimensions	61
Power Supplies	62
Ventilation System	62
Stacking	62
Stacking Standby	63
LED Definitions	64
SFP Port LEDs	64
SFP+ Port LEDs	65
XFP Module Port LEDs	65
10/100/1000 Base-T Port LEDs	65
System LEDs	67
Stacking LEDs	68
Configuring Dell PowerConnect	71
Overview	71
Starting the CLI	72
General Configuration Information	74
Terminal Connection Configuration	74
Baud Rate	74
Other Configuration Requirements	74
Booting the Switch	75
Configuration Overview	81
Easy Setup Wizard	81
Advanced Configuration	87
CLI Basics	87
6200 Series CLI Reference Guide	88
Security Management and Password Configuration	91
Software Download and Reboot	94
Software Download Through XModem	94
Software Download Through TFTP Server	94
Update Bootcode	97
Boot Menu Functions	97
Start Operational Code	98
Change the Baud Rate	99
Retrieve Event Log using XMODEM	99
Load New Operational Code Using XMODEM	100
Display Operational Code Vital Product Data	100
Abort Boot Code Update	101
Update Boot Code	101
Delete Backup Image	102
Reset the System	103
Restore Configuration to Factory Defaults	103
Activate Backup Image	103
Password Recovery Procedure	104
Reformat and Restore File System	104
Sample Configuration Process	105
Switch Setup Requirements	105
Initial Connection	105
Device Default Settings	111
Enabling Remote Management	111
Configuring Secure Management Access (HTTPS)	114
Configuring System Information	115
Overview	115
Defining General Device Information	116
Asset	116
System Health	118
Versions	119
System Resources	120
Time Zone Configuration	122
Summer Time Configuration	123
Clock Detail	125
Reset	126
Configuring SNTP Settings	127
SNTP Global Settings	128
SNTP Authentication	129
SNTP Server	132
Managing Logs	135
Global Settings	136
RAM Log Table	138
Log File	139
Remote Log Server Settings	140
Defining IP Addressing	143
Domain Name Server (DNS)	144
Default Domain Name	145
Host Name Mapping	146
Dynamic Host Name Mapping	148
ARP Table	149
IPv6 Management Features	150
Running Cable Diagnostics	152
Integrated Cable Test for Copper Cables	152
Optical Transceiver Diagnostics	154
Managing Device Security	157
Access Profile	157
Authentication Profiles	162
Select Authentication	166
Password Management	169
Local User Database	171
Line Passwords	174
Enable Password	175
TACACS+ Settings	176
RADIUS Global Configuration	180
RADIUS Server Configuration	182
RADIUS Accounting Server Configuration	185
RADIUS Accounting Server Statistics	187
RADIUS Server Statistics	189
Authorization Network RADIUS	191
Telnet Server	191
Denial of Service	193
Captive Portal	195
CP Global Configuration	196
CP Configuration	197
CP Web Customization	200
Local User	203
User Group	205
Interface Association	207
CP Status	208
CP Activation and Activity Status	210
Interface Activation Status	211
Interface Capability Status	212
Client Summary	213
Client Detail	213
CP Interface Client Status	214
CP Client Status	215
Defining SNMP Parameters	218
SNMP v1 and v2	218
SNMP v3	218
SNMP Global Parameters	218
SNMP View Settings	220
Access Control Group	223
SNMPv3 User Security Model (USM)	225
Communities	229
Notification Filter	232
Notification Recipients	234
File Management	238
File System	238
Active Images	239
File Download	240
File Upload	242
Copy Files	244
Defining Advanced Settings	246
Auto Configuration	246
Defining Stacking	249
Overview	249
Synchronizing the Running Configuration between the Master and Standby Units	249
Configuring Stacking	250
Trap Manager	262
Trap Flags	262
OSPFv2 Trap Flags	264
OSPFv3 Trap Flags	267
Trap Log	270
sFlow	271
sFlow Agent Summary	272
sFlow Receiver Configuration	273
sFlow Sampler Configuration	275
sFlow Poll Configuration	277
Industry Standard Discovery Protocol	279
ISDP Global Configuration	279
Cache Table	281
Interface Configuration	282
ISDP Statistics	284
Configuring Switching Information	287
Overview	287
Configuring Network Security	288
Dot1x Authentication	288
Authenticated Users	294
Port Security	295
IP ACL Configuration	298
IP ACL Rule Configuration	300
MAC ACL Configuration	304
MAC ACL Rule Configuration	306
IPv6 Access Control Lists	309
IPv6 ACL Rule Configuration	312
ACL Bind Configuration	314
Configuring Ports	317
Global Parameters	317
Port Configuration	319
Protected Port Configuration	322
LAG Configuration	324
Storm Control	327
Configuring Traffic Mirroring	330
Port Mirroring	330
Flow Based Mirroring	332
Configuring Address Tables	334
Static Address Table	334
Dynamic Address Table	336
Configuring GARP	339
GARP Timers	339
Configuring the Spanning Tree Protocol	342
STP Global Settings	342
STP Port Settings	346
STP LAG Settings	348
Rapid Spanning Tree	351
MSTP Settings	352
MSTP Interface Settings	355
Configuring VLANs	358
VLAN Membership	358
Double VLAN	362
VLAN Port Settings	366
VLAN LAG Settings	368
Bind MAC to VLAN	370
Bind IP Subnet to VLAN	373
Protocol Group	375
GVRP Parameters	379
Configuring Voice VLAN	382
Aggregating Ports	384
LACP Parameters	384
LAG Membership	386
Assigning Ports to LAGs and LACPs Using CLI Commands	388
LAG Hash Configuration	388
LAG Hash Summary	389
Managing Multicast Support	391
Multicast Global Parameters	391
Bridge Multicast Group	392
Bridge Multicast Forward	396
IGMP Snooping	397
General IGMP Snooping	398
Global Querier Configuration	401
VLAN Querier	402
VLAN Querier Status	404
MFDB IGMP Snooping Table	405
MRouter Status	407
MLD Snooping	408
MLD Snooping General	408
MLD Snooping Global Querier Configuration	410
MLD Snooping VLAN Querier	412
FMLD Snooping VLAN Querier Status	414
MFDB MLD Snooping Table	415
Configuring the Link Layer Discovery Protocol (LLDP)	417
LLDP Configuration	417
LLDP Statistics	420
LLDP Connections	423
Configuring Link Layer Discovery Protocol (LLDP) for Media Endpoint Devices	425
LLDP-MED Global Configuration	425
LLDP-MED Interface Configuration	427
LLDP-MED Local Device Information	429
LLDP-MED Remote Device Information	431
Creating Link Dependencies	435
Link Dependency Summary	435
Dynamic ARP Inspection	438
DAI Global Configuration	438
DAI Interface Configuration	439
DAI VLAN Configuration	441
DAI ACL Configuration	442
DAI ACL Rule Configuration	443
DAI Statistics	445
DHCP Snooping	446
DHCP Snooping Configuration	447
DHCP Snooping Interface Configuration	448
DHCP Snooping VLAN Configuration	451
DHCP Snooping Persistent Configuration	452
DHCP Snooping Static Bindings Configuration	454
DHCP Snooping Dynamic Bindings Summary	456
DHCP Snooping Statistics	457
DHCP Relay	459
DHCP Relay Global Configuration	459
DHCP Relay Interface Configuration	460
DHCP Relay Interface Statistics	462
DHCP Relay VLAN Configuration	463
Viewing Statistics and Remote Monitoring	467
Overview	467
Table Views	468
Interface Statistics	468
Etherlike Statistics	470
GVRP Statistics	471
EAP Statistics	474
Utilization Summary	475
Counter Summary	477
RMON	479
RMON Statistics	479
RMON History Control Statistics	482
RMON History Table	485
RMON Event Control	487
RMON Event Log	489
RMON Alarms	490
Charts	495
Ports Statistics	495
LAG Statistics	496
Configuring Routing	499
Overview	499
ARP	500
ARP Create	500
ARP Table Configuration	502
IP	505
IP Configuration	505
IP Statistics	506
IP Interface Configuration	510
OSPF	513
OSPF Configuration	513
Area Configuration	518
Stub Area Summary	522
Area Range Configuration	523
Interface Statistics	525
Interface Configuration	528
Neighbor Table	533
Neighbor Configuration	534
Link State Database	537
Virtual Link Configuration	539
Virtual Link Summary	545
Route Redistribution Configuration	546
Route Redistribution Summary	548
Nonstop Forwarding OSPF Graceful Restart	549
BOOTP/DHCP Relay Agent	551
BOOTP/DHCP Relay Agent Configuration	552
IP Helper	553
IP Helper Global Configuration	554
IP Helper Interface Configuration	556
IP Helper Statistics	558
RIP	560
RIP Configuration	561
RIP Interface Configuration	563
RIP Interface Summary	565
RIP Route Redistribution Configuration	567
RIP Route Redistribution Summary	570
Router Discovery	571
Router Discovery Configuration	571
Router Discovery Status	573
Router	574
Route Table	574
Best Routes Table	576
Route Entry Configuration	577
Configured Routes	580
Route Preferences Configuration	581
VLAN Routing	583
VLAN Routing Summary	583
VRRP	585
VRRP Configuration	586
VRRP Router Configuration	587
VRRP Virtual Router Status	592
VRRP Virtual Router Statistics	595
Tunnels	597
Tunnels Configuration	598
Tunnels Summary	600
Loopbacks	602
Loopbacks Configuration	602
Loopbacks Summary	606
Configuring IPv6	609
Overview	609
Global Configuration	610
Interface Configuration	612
Interface Summary	616
IPv6 Statistics	616
IPv6 Neighbor Table	622
DHCPv6	624
DHCPv6 Global Configuration	624
DHCPv6 Pool Configuration	625
Prefix Delegation Configuration	628
DHCPv6 Pool Summary	629
DHCPv6 Interface Configuration	630
DHCPv6 Server Bindings Summary	634
DHCPv6 Statistics	635
OSPFv3	637
OSPFv3 Configuration	637
OSPFv3 Area Configuration	641
OSPFv3 Stub Area Summary	646
OSPFv3 Area Range Configuration	647
OSPFv3 Interface Configuration	649
OSPFv3 Interface Statistics	652
OSPFv3 Neighbors	655
OSPFv3 Neighbor Table	658
OSPFv3 Link State Database	659
OSPFv3 Virtual Link Configuration	661
OSPFv3 Virtual Link Summary	664
OSPFv3 Route Redistribution Configuration	666
OSPFv3 Route Redistribution Summary	667
Nonstop Forwarding OSPFv3 Graceful Restart	669
IPv6 Routes	672
IPv6 Route Entry Configuration	672
IPv6 Route Table	673
IPv6 Route Preferences	675
Configured IPv6 Routes	676
Configuring Quality of Service	679
Overview	679
Differentiated Services	680
DiffServ Overview	680
Defining DiffServ	680
Diffserv Configuration	681
Class Configuration	682
Class Criteria	684
Policy Configuration	689
Policy Class Definition	692
Service Configuration	698
Service Detailed Statistics	699
Class of Service	701
Mapping Table Configuration	701
Interface Configuration	705
Interface Queue Configuration	706
Auto VoIP	709
Auto VoIP Global Configuration	709
Auto VoIP Interface Configuration	710
Configuring IP Multicast	713
Overview	713
Multicast	714
Multicast Global Configuration	714
Multicast Interface Configuration	717
Multicast Route Table	718
Multicast Admin Boundary Configuration	719
Multicast Admin Boundary Summary	721
Multicast Static MRoute Configuration	721
Multicast Static MRoute Summary	723
Distance Vector Multicast Routing Protocol	725
DVMRP Global Configuration	725
DVMRP Interface Configuration	726
DVMRP Configuration Summary	728
Next Hop Summary	730
Prune Summary	731
Route Summary	732
Internet Group Management Protocol	734
IGMP Global Configuration	734
Routing Interface	735
Proxy Interface	743
Multicast Listener Discovery	751
MLD Global Configuration	751
MLD Routing Interface Configuration	752
MLD Routing Interface Summary	753
MLD Routing Interface Cache Information	756
MLD Routing Interface Source List Information	757
MLD Traffic	758
MLD Proxy Configuration	760
MLD Proxy Configuration Summary	761
Interface Membership Information	762
Interface Membership Information—Detailed	764
Protocol Independent Multicast	765
PIM Global Configuration	766
PIM Global Status	767
PIM Interface Configuration	768
Interface Summary	770
Candidate RP Configuration	771
Static RP Configuration	773
SSM Range Configuration	775
BSR Candidate Configuration	777
BSR Candidate Summary	778
Getting Help	781
Obtaining Assistance	782
Online Services	782
Automated Order-Status Service	783
Support Service	783
Dell Enterprise Training and Certification	783
Problems With Your Order	783
Product Information	784
Returning Items for Warranty Repair or Credit	784
Before You Call	784

Match case Limit results 1 per page

Introduction

MLD/MLDv2 (RFC2710/RFC3810)

MLD is used by IPv6 systems (listeners and routers) to report their IP multicast addresses memberships

to any neighboring multicast routers. The implementation of MLD v2 is backward compatible with

MLD v1.

MLD protocol enables the IPv6 router to discover the presence of multicast listeners, the nodes that

want to receive the multicast data packets, on its directly attached interfaces. The protocol specifically

discovers which multicast addresses are of interest to its neighboring nodes and provides this information

to the multicast routing protocol that make the decision on the flow of the multicast data packets.

Security Features

Access Control Lists (ACL)

Access Control Lists (ACLs) ensure that only authorized users have access to specific resources while

blocking off any unwarranted attempts to reach network resources. ACLs are used to provide traffic flow

control, restrict contents of routing updates, decide which types of traffic are forwarded or blocked, and

above all provide security for the network.

For information about defining ACLs, see "IP ACL Configuration" and "MAC ACL Configuration."

Dot1x Authentication (802.1x)

Dot1x authentication enables the authentication of system users through an external server. Only

authenticated and approved system users can transmit and receive data. Supplicants are authenticated

through the Remote Authentication Dial In User Service (RADIUS) server using the Extensible

Authentication Protocol (EAP). Also supported are PEAP, EAP-TTL, EAP-TTLS, and EAP-TLS. MAC-

based authentication allows multiple supplicants connected to the same port to each authenticate

individually. For example, a system attached to the port might be required to authenticate in order to

gain access to the network, while a VoIP phone might not need to authenticate in order to send voice

traffic through the port.

For information about enabling and configuring 802.1X port authentication, see

"Dot1x

Authentication."

Locked Port Support

The locked port feature limits access on a port to users with specific MAC addresses. These addresses are

manually defined or learned on that port. When a frame is seen on a locked port, and the frame source

MAC address is not tied to that port, the protection mechanism is invoked.

For information about enabling locked port security, see

"Port Security."

Password Management Security

Password management provides increased network security and improved password control. Passwords

for SSH, Telnet, HTTP, HTTPS, and SNMP access are assigned security features.

For more information about password management, see "Password Management."