Home » ZyXEL Manuals » Networking » ZyXEL ES3500-24HP » Manual Viewer

ZyXEL ES3500-24HP User Guide - Page 304

Table 134, Label, Description

Get ZyXEL ES3500-24HP PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 304 highlights

Chapter 39 Access Control The following table describes the labels in this screen. Table 134 Management > Access Control > SNMP > User LABEL DESCRIPTION User Information Note: Use the username and password of the login accounts you specify in this screen to create accounts on the SNMP v3 manager. Username Security Level Specify the username of a login account on the Switch. Select whether you want to implement authentication and/or encryption for SNMP communication from this user. Choose: • noauth -to use the username as the password string to send to the SNMP manager. This is equivalent to the Get, Set and Trap Community in SNMP v2c. This is the lowest security level. • auth - to implement an authentication algorithm for SNMP messages sent by this user. • priv - to implement authentication and encryption for SNMP messages sent by this user. This is the highest security level. Authentication Password Privacy Password Group Add Cancel Clear Index Username Security Level Authenticati on Privacy Note: The settings on the SNMP manager must be set at the same security level or higher than the security level settings on the Switch. Select an authentication algorithm. MD5 (Message Digest 5) and SHA (Secure Hash Algorithm) are hash algorithms used to authenticate SNMP data. SHA authentication is generally considered stronger than MD5, but is slower. Enter the password of up to 32 ASCII characters for SNMP user authentication. Specify the encryption method for SNMP communication from this user. You can choose one of the following: • DES - Data Encryption Standard is a widely used (but breakable) method of data encryption. It applies a 56-bit key to each 64-bit block of data. • AES - Advanced Encryption Standard is another method for data encryption that also uses a secret key. AES applies a 128-bit key to 128-bit blocks of data. Enter the password of up to 32 ASCII characters for encrypting SNMP packets. SNMP v3 adopts the concept of View-based Access Control Model (VACM) group. SNMP managers in one group are assigned common access rights to MIBs. Specify in which SNMP group this user is. admin - Members of this group can perform all types of system configuration, including the management of administrator accounts. readwrite - Members of this group have read and write rights, meaning that the user can create and edit the MIBs on the Switch, except the user account and AAA configuration. readonly - Members of this group have read rights only, meaning the user can collect information from the Switch. Click Add to insert the entry in the summary table below and save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click Cancel to reset the fields to your previous configuration. Click Clear to reset the fields to the factory defaults. This is a read-only number identifying a login account on the Switch. Click on an index number to view more details and edit an existing account. This field displays the username of a login account on the Switch. This field displays whether you want to implement authentication and/or encryption for SNMP communication with this user. This field displays the authentication algorithm used for SNMP communication with this user. This field displays the encryption method used for SNMP communication with this user. 304 ES3500 Series User's Guide

Section	Page
ES3500 Series	1
Contents Overview	3
Table of Contents	5
User’s Guide	17
Getting to Know Your Switch	19
1.1 Introduction	19
1.1.1 Backbone Application	19
1.1.2 Bridging Example	20
1.1.3 High Performance Switching Example	20
1.1.4 IEEE 802.1Q VLAN Application Examples	21
1.1.5 IPv6 Support	22
1.2 Ways to Manage the Switch	22
1.3 Good Habits for Managing the Switch	23
Hardware Installation and Connection	25
2.1 Installation Scenarios	25
2.2 Desktop Installation Procedure	25
2.3 Mounting the Switch on a Rack	25
2.3.1 Rack-mounted Installation Requirements	26
2.3.2 Attaching the Mounting Brackets to the Switch	26
2.3.3 Mounting the Switch on a Rack	27
Hardware Overview	28
3.1 Front and Rear Panels	28
3.1.1 Console Port	30
3.1.2 Ethernet Ports	30
3.1.3 Transceiver Slots	31
3.1.4 Power Connector	33
3.2 LEDs	33
The Web Configurator	37
4.1 Introduction	37
4.2 System Login	37
4.3 The Web Configurator Layout	38
4.3.1 Change Your Password	43
4.4 Saving Your Configuration	43
4.5 Switch Lockout	43
4.6 Resetting the Switch	44
4.6.1 Reload the Configuration File	44
4.7 Logging Out of the Web Configurator	45
4.8 Help	45
Initial Setup Example	47
5.1 Overview	47
5.1.1 Creating a VLAN	47
5.1.2 Setting Port VID	49
5.2 Configuring Switch Management IP Address	50
Tutorials	52
6.1 How to Use DHCP Snooping on the Switch	52
6.2 How to Use DHCP Relay on the Switch	55
6.2.1 DHCP Relay Tutorial Introduction	56
6.2.2 Creating a VLAN	56
6.2.3 Configuring DHCP Relay	58
6.2.4 Troubleshooting	59
6.3 How to Use PPPoE IA on the Switch	59
6.3.1 Configuring Switch A	60
6.3.2 Configuring Switch B	62
6.4 How to Use Error Disable and Recovery on the Switch	65
6.5 How to Set Up a Guest VLAN	67
6.5.1 Creating a Guest VLAN	67
6.5.2 Enabling IEEE 802.1x Port Authentication	70
6.5.3 Enabling Guest VLAN	71
6.6 How to Do Port Isolation in a VLAN	72
6.6.1 Creating a VLAN	73
6.6.2 Creating a Private VLAN Rule	75
Technical Reference	77
System Status and Port Statistics	79
7.1 Overview	79
7.2 Port Status Summary	79
7.2.1 Status: Port Details	81
Basic Setting	84
8.1 Overview	84
8.2 System Information	84
8.3 General Setup	86
8.4 Introduction to VLANs	87
8.4.1 Smart Isolation	88
8.5 Switch Setup	89
8.6 IP Setup	91
8.6.1 Management IP Addresses	91
8.7 Port Setup	93
8.8 PoE	94
8.8.1 PoE Setup	96
VLAN	99
9.1 Introduction to IEEE 802.1Q Tagged VLANs	99
9.1.1 Forwarding Tagged and Untagged Frames	99
9.2 Automatic VLAN Registration	100
9.2.1 GARP	100
9.2.2 GVRP	100
9.3 Port VLAN Trunking	101
9.4 Select the VLAN Type	101
9.5 Static VLAN	101
9.5.1 VLAN Status	102
9.5.2 VLAN Details	103
9.5.3 Configure a Static VLAN	104
9.5.4 Configure VLAN Port Settings	105
9.6 Subnet Based VLANs	106
9.7 Configuring Subnet Based VLAN	107
9.8 Protocol Based VLANs	109
9.9 Configuring Protocol Based VLAN	110
9.10 Create an IP-based VLAN Example	111
9.11 Port-based VLAN Setup	112
9.11.1 Configure a Port-based VLAN	112
Static MAC Forward Setup	116
10.1 Overview	116
10.2 Configuring Static MAC Forwarding	116
Static Multicast Forward Setup	118
11.1 Static Multicast Forwarding Overview	118
11.2 Configuring Static Multicast Forwarding	119
Filtering	122
12.1 Configure a Filtering Rule	122
Spanning Tree Protocol	124
13.1 STP/RSTP Overview	124
13.1.1 STP Terminology	124
13.1.2 How STP Works	125
13.1.3 STP Port States	125
13.1.4 Multiple RSTP	126
13.1.5 Multiple STP	126
13.2 Spanning Tree Protocol Status Screen	129
13.3 Spanning Tree Configuration	129
13.4 Configure Rapid Spanning Tree Protocol	130
13.5 Rapid Spanning Tree Protocol Status	132
13.6 Configure Multiple Rapid Spanning Tree Protocol	133
13.7 Multiple Rapid Spanning Tree Protocol Status	134
13.8 Configure Multiple Spanning Tree Protocol	136
13.8.1 Multiple Spanning Tree Protocol Port Configuration	139
13.9 Multiple Spanning Tree Protocol Status	140
Bandwidth Control	142
14.1 Bandwidth Control Overview	142
14.1.1 CIR and PIR	142
14.2 Bandwidth Control Setup	143
Broadcast Storm Control	145
15.1 Broadcast Storm Control Setup	145
Mirroring	147
16.1 Port Mirroring Setup	147
Link Aggregation	149
17.1 Link Aggregation Overview	149
17.2 Dynamic Link Aggregation	149
17.2.1 Link Aggregation ID	150
17.3 Link Aggregation Status	150
17.4 Link Aggregation Setting	152
17.5 Link Aggregation Control Protocol	154
17.6 Static Trunking Example	155
Port Authentication	157
18.1 Port Authentication Overview	157
18.1.1 IEEE 802.1x Authentication	157
18.1.2 MAC Authentication	158
18.2 Port Authentication Configuration	159
18.2.1 Activate IEEE 802.1x Security	160
18.2.2 Guest VLAN	161
18.2.3 Activate MAC Authentication	163
Port Security	165
19.1 About Port Security	165
19.2 Port Security Setup	165
Classifier	167
20.1 About the Classifier and QoS	167
20.2 Configuring the Classifier	167
20.3 Viewing and Editing Classifier Configuration	169
20.4 Classifier Example	171
Policy Rule	172
21.1 Policy Rules Overview	172
21.1.1 DiffServ	172
21.1.2 DSCP and Per-Hop Behavior	172
21.2 Configuring Policy Rules	172
21.3 Viewing and Editing Policy Configuration	175
21.4 Policy Example	176
Queuing Method	177
22.1 Queuing Method Overview	177
22.1.1 Strictly Priority Queuing	177
22.1.2 Weighted Fair Queuing	177
22.1.3 Weighted Round Robin Scheduling (WRR)	178
22.2 Configuring Queuing	178
VLAN Stacking	180
23.1 VLAN Stacking Overview	180
23.1.1 VLAN Stacking Example	180
23.2 VLAN Stacking Port Roles	181
23.3 VLAN Tag Format	182
23.3.1 Frame Format	182
23.4 Configuring VLAN Stacking	183
23.4.1 Port-based Q-in-Q	184
23.4.2 Selective Q-in-Q	185
Multicast	187
24.1 Multicast Overview	187
24.1.1 IP Multicast Addresses	187
24.1.2 IGMP Filtering	187
24.1.3 IGMP Snooping	187
24.1.4 IGMP Snooping and VLANs	188
24.2 Multicast Status	188
24.3 Multicast Setting	189
24.4 IGMP Snooping VLAN	192
24.5 IGMP Filtering Profile	193
24.6 MVR Overview	194
24.6.1 Types of MVR Ports	195
24.6.2 MVR Modes	195
24.6.3 How MVR Works	195
24.7 General MVR Configuration	196
24.8 MVR Group Configuration	198
24.8.1 MVR Configuration Example	199
AAA	202
25.1 Authentication, Authorization and Accounting (AAA)	202
25.1.1 Local User Accounts	202
25.1.2 RADIUS and TACACS+	203
25.2 AAA Screens	203
25.2.1 RADIUS Server Setup	203
25.2.2 TACACS+ Server Setup	206
25.2.3 AAA Setup	208
25.2.4 Vendor Specific Attribute	210
25.2.5 Tunnel Protocol Attribute	211
25.3 Supported RADIUS Attributes	211
25.3.1 Attributes Used for Authentication	212
25.3.2 Attributes Used for Accounting	212
IP Source Guard	215
26.1 IP Source Guard Overview	215
26.1.1 DHCP Snooping Overview	215
26.1.2 ARP Inspection Overview	217
26.2 IP Source Guard	219
26.3 IP Source Guard Static Binding	219
26.4 DHCP Snooping	221
26.5 DHCP Snooping Configure	223
26.5.1 DHCP Snooping Port Configure	225
26.5.2 DHCP Snooping VLAN Configure	226
26.6 ARP Inspection Status	227
26.6.1 ARP Inspection VLAN Status	228
26.6.2 ARP Inspection Log Status	229
26.7 ARP Inspection Configure	230
26.7.1 ARP Inspection Port Configure	231
26.7.2 ARP Inspection VLAN Configure	233
Loop Guard	234
27.1 Loop Guard Overview	234
27.2 Loop Guard Setup	236
VLAN Mapping	238
28.1 VLAN Mapping Overview	238
28.1.1 VLAN Mapping Example	238
28.2 Enabling VLAN Mapping	239
28.3 Configuring VLAN Mapping	240
Layer 2 Protocol Tunneling	242
29.1 Layer 2 Protocol Tunneling Overview	242
29.1.1 Layer-2 Protocol Tunneling Mode	243
29.2 Configuring Layer 2 Protocol Tunneling	244
sFlow	246
30.1 sFlow Overview	246
30.2 sFlow Port Configuration	247
30.2.1 sFlow Collector Configuration	248
PPPoE	250
31.1 PPPoE Intermediate Agent Overview	250
31.1.1 PPPoE Intermediate Agent Tag Format	250
31.1.2 Sub-Option Format	250
31.1.3 Port State	251
31.2 The PPPoE Screen	252
31.3 PPPoE Intermediate Agent	252
31.3.1 PPPoE IA Per-Port	254
31.3.2 PPPoE IA Per-Port Per-VLAN	255
31.3.3 PPPoE IA for VLAN	257
Error Disable	258
32.1 CPU Protection Overview	258
32.2 Error-Disable Recovery Overview	258
32.3 The Error Disable Screen	259
32.4 CPU Protection Configuration	259
32.5 Error-Disable Detect Configuration	260
32.6 Error-Disable Recovery Configuration	261
Private VLAN	263
33.1 Private VLAN Overview	263
33.2 Configuring Private VLAN	264
Green Ethernet	265
34.1 Green Ethernet Overview	265
34.2 Configuring Green Ethernet	266
Static Route	267
35.1 Static Routing Overview	267
35.2 Configuring Static Routing	268
Differentiated Services	270
36.1 DiffServ Overview	270
36.1.1 DSCP and Per-Hop Behavior	270
36.1.2 DiffServ Network Example	270
36.2 Two Rate Three Color Marker Traffic Policing	271
36.2.1 TRTCM-Color-blind Mode	272
36.2.2 TRTCM-Color-aware Mode	272
36.3 Activating DiffServ	272
36.3.1 Configuring 2-Rate 3 Color Marker Settings	273
36.3.2 Configuring DSCP Profiles	275
36.4 DSCP-to-IEEE 802.1p Priority Settings	276
36.4.1 Configuring DSCP Settings	276
DHCP	278
37.1 DHCP Overview	278
37.1.1 DHCP Modes	278
37.1.2 DHCP Configuration Options	278
37.2 DHCP Status	278
37.3 DHCP Relay	279
37.3.1 DHCP Relay Agent Information	279
37.3.2 Configuring DHCP Global Relay	280
37.3.3 Global DHCP Relay Configuration Example	281
37.4 Configuring DHCP VLAN Settings	282
37.4.1 Example: DHCP Relay for Two VLANs	283
Maintenance	285
38.1 The Maintenance Screen	285
38.2 Load Factory Default	286
38.3 Save Configuration	286
38.4 Reboot System	286
38.5 Firmware Upgrade	287
38.6 Restore a Configuration File	288
38.7 Backup a Configuration File	288
38.8 FTP Command Line	289
38.8.1 Filename Conventions	289
38.8.2 FTP Command Line Procedure	290
38.8.3 GUI-based FTP Clients	290
38.8.4 FTP Restrictions	290
Access Control	292
39.1 Access Control Overview	292
39.2 The Access Control Main Screen	292
39.3 About SNMP	292
39.3.1 SNMP v3 and Security	293
39.3.2 Supported MIBs	294
39.3.3 SNMP Traps	294
39.3.4 Configuring SNMP	301
39.3.5 Configuring SNMP Trap Group	302
39.3.6 Configuring SNMP User	303
39.4 Setting Up Login Accounts	305
39.5 SSH Overview	306
39.6 How SSH works	307
39.7 SSH Implementation on the Switch	308
39.7.1 Requirements for Using SSH	308
39.8 Introduction to HTTPS	308
39.9 HTTPS Example	309
39.9.1 Internet Explorer Warning Messages	309
39.9.2 Mozilla Firefox Warning Messages	312
39.9.3 The Main Screen	313
39.10 Service Port Access Control	314
39.11 Remote Management	315
Diagnostic	317
40.1 Diagnostic	317
Syslog	318
41.1 Syslog Overview	318
41.2 Syslog Setup	319
41.3 Syslog Server Setup	320
Cluster Management	321
42.1 Cluster Management Status Overview	321
42.2 Cluster Management Status	322
42.2.1 Cluster Member Switch Management	323
42.3 Clustering Management Configuration	325
MAC Table	327
43.1 MAC Table Overview	327
43.2 Viewing the MAC Table	328
ARP Table	330
44.1 ARP Table Overview	330
44.1.1 How ARP Works	330
44.2 The ARP Table Screen	331
Configure Clone	332
45.1 Configure Clone	332
Troubleshooting	335
46.1 Power, Hardware Connections, and LEDs	335
46.2 Switch Access and Login	337
46.3 Switch Configuration	339
Common Services	341
Legal Information	345
Safety Warnings	348

Match case Limit results 1 per page

Chapter 39 Access Control

ES3500 Series User’s Guide

304

The following table describes the labels in this screen.

Table 134

Management > Access Control > SNMP > User

LABEL

DESCRIPTION

User

Information

Note: Use the username and password of the login accounts you specify in this screen to

create accounts on the SNMP v3 manager.

Username

Specify the username of a login account on the Switch.

Security Level

Select whether you want to implement authentication and/or encryption for SNMP

communication from this user. Choose:

•

noauth

-to use the username as the password string to send to the SNMP manager.

This is equivalent to the Get, Set and Trap Community in SNMP v2c. This is the lowest

security level.

•

auth

- to implement an authentication algorithm for SNMP messages sent by this user.

•

priv

- to implement authentication and encryption for SNMP messages sent by this

user. This is the highest security level.

Note: The settings on the SNMP manager must be set at the same security level or higher

than the security level settings on the Switch.

Authentication

Select an authentication algorithm.

MD5

(Message Digest 5) and

SHA

(Secure Hash

Algorithm) are hash algorithms used to authenticate SNMP data. SHA authentication is

generally considered stronger than MD5, but is slower.

Password

Enter the password of up to 32 ASCII characters for SNMP user authentication.

Privacy

Specify the encryption method for SNMP communication from this user. You can choose

one of the following:

•

DES

- Data Encryption Standard is a widely used (but breakable) method of data

encryption. It applies a 56-bit key to each 64-bit block of data.

•

AES

- Advanced Encryption Standard is another method for data encryption that also

uses a secret key. AES applies a 128-bit key to 128-bit blocks of data.

Password

Enter the password of up to 32 ASCII characters for encrypting SNMP packets.

Group

SNMP v3 adopts the concept of View-based Access Control Model (VACM) group. SNMP

managers in one group are assigned common access rights to MIBs. Specify in which SNMP

group this user is.

admin

- Members of this group can perform all types of system configuration, including

the management of administrator accounts.

readwrite

- Members of this group have read and write rights, meaning that the user can

create and edit the MIBs on the Switch, except the user account and AAA configuration.

readonly

- Members of this group have read rights only, meaning the user can collect

information from the Switch.

Add

Click

Add

to insert the entry in the summary table below and save your changes to the

Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power,

so use the

Save

link on the top navigation panel to save your changes to the non-volatile

memory when you are done configuring.

Cancel

Click

Cancel

to reset the fields to your previous configuration.

Clear

Click

Clear

to reset the fields to the factory defaults.

Index

This is a read-only number identifying a login account on the Switch. Click on an index

number to view more details and edit an existing account.

Username

This field displays the username of a login account on the Switch.

Security

Level

This field displays whether you want to implement authentication and/or encryption for

SNMP communication with this user.

Authenticati

This field displays the authentication algorithm used for SNMP communication with this

user.

Privacy

This field displays the encryption method used for SNMP communication with this user.