Home » ZyXEL Manuals » Hubs & Switches » ZyXEL GS1920 Series » Manual Viewer

ZyXEL GS1920 Series User Guide - Page 313

Table 156, Label, Description

View all ZyXEL GS1920 Series manuals

Add to My Manuals
Save this manual to your list of manuals

Page 313 highlights

Chapter 38 Access Control Table 156 Management > Access Control > SNMP > User (continued) LABEL Security Level DESCRIPTION Select whether you want to implement authentication and/or encryption for SNMP communication from this user. Choose: • noauth -to use the username as the password string to send to the SNMP manager. This is equivalent to the Get, Set and Trap Community in SNMP v2c. This is the lowest security level. • auth - to implement an authentication algorithm for SNMP messages sent by this user. • priv - to implement authentication and encryption for SNMP messages sent by this user. This is the highest security level. Authentication Password Privacy Note: The settings on the SNMP manager must be set at the same security level or higher than the security level settings on the Switch. Select an authentication algorithm. MD5 (Message Digest 5) and SHA (Secure Hash Algorithm) are hash algorithms used to authenticate SNMP data. SHA authentication is generally considered stronger than MD5, but is slower. Enter the password of up to 32 ASCII characters for SNMP user authentication. Specify the encryption method for SNMP communication from this user. You can choose one of the following: Password Group • DES - Data Encryption Standard is a widely used (but breakable) method of data encryption. It applies a 56-bit key to each 64-bit block of data. • AES - Advanced Encryption Standard is another method for data encryption that also uses a secret key. AES applies a 128-bit key to 128-bit blocks of data. Enter the password of up to 32 ASCII characters for encrypting SNMP packets. SNMP v3 adopts the concept of View-based Access Control Model (VACM) group. SNMP managers in one group are assigned common access rights to MIBs. Specify in which SNMP group this user is. admin - Members of this group can perform all types of system configuration, including the management of administrator accounts. readwrite - Members of this group have read and write rights, meaning that the user can create and edit the MIBs on the Switch, except the user account and AAA configuration. readonly - Members of this group have read rights only, meaning the user can collect information from the Switch. Add Click this to create a new entry or to update an existing one. This saves your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields to your previous configuration. Clear Click Clear to reset the fields to the factory defaults. Index This is a read-only number identifying a login account on the Switch. Click on an index number to view more details and edit an existing account. Username This field displays the username of a login account on the Switch. Security Level This field displays whether you want to implement authentication and/or encryption for SNMP communication with this user. Authentication This field displays the authentication algorithm used for SNMP communication with this user. Privacy This field displays the encryption method used for SNMP communication with this user. Group This field displays the SNMP group to which this user belongs. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to begin configuring this screen afresh. GS1920 Series User's Guide 313

Section	Page
GS1920 Series	1
Contents Overview	3
Table of Contents	5
User’s Guide	17
Getting to Know Your Switch	18
1.1 Introduction	18
1.1.1 Backbone Application	19
1.1.2 Bridging Example	19
1.1.3 High Performance Switching Example	20
1.1.4 IEEE 802.1Q VLAN Application Examples	20
1.2 Ways to Manage the Switch	21
1.3 Good Habits for Managing the Switch	21
Hardware Installation and Connection	23
2.1 Installation Scenarios	23
2.2 Desktop Installation Procedure	23
2.3 Mounting the Switch on a Rack	23
2.3.1 Rack-mounted Installation Requirements	23
2.3.2 Attaching the Mounting Brackets to the Switch	24
2.3.3 Mounting the Switch on a Rack	24
Hardware Panels	26
3.1 Front Panel	26
3.1.1 Gigabit Ethernet Ports	26
3.1.2 Mini-GBIC Slots	27
3.1.3 LED Mode (only available for GS1920-48HP)	29
3.2 Rear Panel	29
3.2.1 Power Connector	29
3.3 LEDs	30
3.4 Reset to Factory Defaults	30
3.4.1 Side Panels	31
Technical Reference	32
The Web Configurator	33
4.1 Overview	33
4.2 System Login	33
4.3 The Status Screen	34
4.3.1 Change Your Password	37
4.4 Saving Your Configuration	38
4.5 Switch Lockout	38
4.6 Resetting the Switch	39
4.7 Logging Out of the Web Configurator	39
4.8 Help	39
Initial Setup Example	40
5.1 Overview	40
5.1.1 Creating a VLAN	40
5.1.2 Setting Port VID	41
5.2 Configuring Switch Management IP Address	42
Tutorials	44
6.1 Overview	44
6.2 How to Use DHCP Snooping on the Switch	44
6.3 How to Use DHCP Relay on the Switch	48
6.3.1 DHCP Relay Tutorial Introduction	48
6.3.2 Creating a VLAN	48
6.3.3 Configuring DHCP Relay	50
6.3.4 Troubleshooting	51
ZON Utility, ZON Neighbor Management and Port Status	52
7.1 Overview	52
7.1.1 What You Can Do	52
7.2 ZyXEL One Network (ZON) Utility Screen	52
7.3 Neighbor screen	53
7.4 Port Status Summary	54
7.4.1 Status: Port Details	56
Basic Setting	59
8.1 Overview	59
8.1.1 What You Can Do	59
8.2 System Information	59
8.3 General Setup	61
8.4 Introduction to VLANs	63
8.5 Switch Setup Screen	64
8.6 IP Setup	65
8.6.1 Management IP Addresses	65
8.7 Port Setup	67
8.8 PoE Status	69
8.8.1 PoE Setup	71
8.9 Interface Setup	72
8.10 IPv6	73
8.10.1 IPv6 Interface Status	74
8.10.2 IPv6 Configuration	77
8.10.3 IPv6 Global Setup	77
8.10.4 IPv6 Interface Setup	78
8.10.5 IPv6 Link-Local Address Setup	79
8.10.6 IPv6 Global Address Setup	80
8.10.7 IPv6 Neighbor Discovery Setup	81
8.10.8 IPv6 Neighbor Setup	82
8.10.9 DHCPv6 Client Setup	83
VLAN	85
9.1 Overview	85
9.1.1 What You Can Do	85
9.1.2 What You Need to Know	85
9.2 VLAN Status	88
9.2.1 VLAN Details	89
9.3 VLAN Configuration	90
9.4 Configure a Static VLAN	90
9.5 Configure VLAN Port Settings	92
9.6 Subnet Based VLANs	93
9.6.1 Configuring Subnet Based VLAN	94
9.7 Protocol Based VLANs	95
9.7.1 Configuring Protocol Based VLAN	96
9.8 Port-based VLAN Setup	97
9.8.1 Configure a Port-based VLAN	98
9.9 Voice VLAN	100
9.10 MAC-based VLAN	102
9.11 Technical Reference	103
9.11.1 Create an IP-based VLAN Example	103
Static MAC Forward Setup	105
10.1 Overview	105
10.1.1 What You Can Do	105
10.2 Configuring Static MAC Forwarding	105
Static Multicast Forward Setup	107
11.1 Static Multicast Forward Setup Overview	107
11.1.1 What You Can Do	107
11.1.2 What You Need To Know	107
11.2 Configuring Static Multicast Forwarding	108
Filtering	110
12.1 Filtering Overview	110
12.1.1 What You Can Do	110
12.2 Configure a Filtering Rule	110
Spanning Tree Protocol	112
13.1 Spanning Tree Protocol Overview	112
13.1.1 What You Can Do	112
13.1.2 What You Need to Know	112
13.2 Spanning Tree Protocol Status Screen	115
13.3 Spanning Tree Configuration	115
13.4 Configure Rapid Spanning Tree Protocol	116
13.5 Rapid Spanning Tree Protocol Status	118
13.6 Configure Multiple Rapid Spanning Tree Protocol	119
13.7 Multiple Rapid Spanning Tree Protocol Status	121
13.8 Configure Multiple Spanning Tree Protocol	122
13.9 Multiple Spanning Tree Port Configuration	125
13.10 Multiple Spanning Tree Protocol Status	126
13.11 Technical Reference	128
13.11.1 MSTP Network Example	128
13.11.2 MST Region	129
13.11.3 MST Instance	130
13.11.4 Common and Internal Spanning Tree (CIST)	130
Bandwidth Control	131
14.1 Overview	131
14.1.1 What You Can Do	131
14.2 Bandwidth Control Setup	131
Broadcast Storm Control	133
15.1 Broadcast Storm Control Overview	133
15.1.1 What You Can Do	133
15.2 Broadcast Storm Control Setup	133
Mirroring	135
16.1 Mirroring Overview	135
16.1.1 What You Can Do	135
16.2 Port Mirroring Setup	135
Link Aggregation	137
17.1 Overview	137
17.1.1 What You Can Do	137
17.1.2 What You Need to Know	137
17.2 Link Aggregation Status	138
17.3 Link Aggregation Setting	139
17.4 Link Aggregation Control Protocol	141
17.5 Technical Reference	142
17.5.1 Static Trunking Example	142
Port Authentication	144
18.1 Port Authentication Overview	144
18.1.1 What You Can Do	144
18.1.2 What You Need to Know	144
18.2 Port Authentication Configuration	145
18.3 Activate IEEE 802.1x Security	145
18.3.1 Guest VLAN	147
Port Security	150
19.1 Port Security Overview	150
19.1.1 What You Can Do	150
19.2 Port Security Setup	150
Classifier	153
20.1 Overview	153
20.1.1 What You Can Do	153
20.1.2 What You Need to Know	153
20.2 Configuring the Classifier	153
20.2.1 Viewing and Editing Classifier Configuration	155
20.3 Classifier Example	157
Policy Rule	158
21.1 Policy Rules Overview	158
21.1.1 What You Can Do	158
21.2 Configuring Policy Rules	158
21.2.1 Viewing and Editing Policy Configuration	161
21.3 Policy Example	161
Queuing Method	162
22.1 Queuing Method Overview	162
22.1.1 What You Can Do	162
22.1.2 What You Need to Know	162
22.2 Configuring Queuing	163
Multicast	165
23.1 Multicast Overview	165
23.1.1 What You Can Do	165
23.1.2 What You Need to Know	165
23.2 Multicast Setup	169
23.3 IPv4 Multicast Status	169
23.3.1 IGMP Snooping	170
23.4 IGMP Snooping VLAN	172
23.4.1 IGMP Filtering Profile	174
23.5 IPv6 Multicast Status	175
23.5.1 MLD Snooping-proxy	176
23.5.2 MLD Snooping-proxy VLAN	176
23.5.3 MLD Snooping-proxy VLAN Port Role Setting	178
23.5.4 MLD Snooping-proxy VLAN Filtering	180
23.5.5 MLD Snooping-proxy VLAN Filtering Profile	182
23.6 General MVR Configuration	183
23.6.1 MVR Group Configuration	185
23.6.2 MVR Configuration Example	187
AAA	189
24.1 AAA Overview	189
24.1.1 What You Can Do	189
24.1.2 What You Need to Know	189
24.2 AAA Screens	190
24.3 RADIUS Server Setup	190
24.4 TACACS+ Server Setup	192
24.5 AAA Setup	194
24.6 Technical Reference	196
24.6.1 Vendor Specific Attribute	196
24.6.2 Supported RADIUS Attributes	198
24.6.3 Attributes Used for Authentication	198
IP Source Guard	200
25.1 Overview	200
25.1.1 What You Can Do	200
25.1.2 What You Need to Know	201
25.2 IP Source Guard	201
25.3 IP Source Guard Static Binding	202
25.4 DHCP Snooping	203
25.5 DHCP Snooping Configure	206
25.5.1 DHCP Snooping Port Configure	208
25.5.2 DHCP Snooping VLAN Configure	209
25.5.3 DHCP Snooping VLAN Port Configure	210
25.6 ARP Inspection Status	211
25.7 ARP Inspection VLAN Status	212
25.8 ARP Inspection Log Status	213
25.9 ARP Inspection Configure	215
25.9.1 ARP Inspection Port Configure	216
25.9.2 ARP Inspection VLAN Configure	218
25.10 Technical Reference	219
25.10.1 DHCP Snooping Overview	219
25.10.2 ARP Inspection Overview	221
Loop Guard	223
26.1 Loop Guard Overview	223
26.1.1 What You Can Do	223
26.1.2 What You Need to Know	223
26.2 Loop Guard Setup	225
Layer 2 Protocol Tunneling	227
27.1 Layer 2 Protocol Tunneling Overview	227
27.1.1 What You Can Do	227
27.1.2 What You Need to Know	227
27.2 Configuring Layer 2 Protocol Tunneling	228
PPPoE	231
28.1 PPPoE Intermediate Agent Overview	231
28.1.1 What You Can Do	231
28.1.2 What You Need to Know	231
28.2 The PPPoE Screen	234
28.3 PPPoE Intermediate Agent	234
28.3.1 PPPoE IA Per-Port	235
28.3.2 PPPoE IA Per-Port Per-VLAN	237
28.3.3 PPPoE IA for VLAN	238
Error Disable	240
29.1 Error Disable Overview	240
29.2 The Error Disable Screens Overview	240
29.3 Error-Disable Status	240
29.4 CPU Protection Configuration	242
29.5 Error-Disable Detect Configuration	243
29.6 Error-Disable Recovery Configuration	244
Private VLAN	246
30.1 Private VLAN Overview	246
30.2 Configuring Private VLAN	246
Green Ethernet	248
31.1 Green Ethernet Overview	248
31.2 Configuring Green Ethernet	248
Link Layer Discovery Protocol (LLDP)	250
32.1 LLDP Overview	250
32.2 LLDP-MED Overview	251
32.3 LLDP Screens	252
32.4 LLDP Local Status	253
32.4.1 LLDP Local Port Status Detail	254
32.5 LLDP Remote Status	258
32.5.1 LLDP Remote Port Status Detail	259
32.6 LLDP Configuration	265
32.6.1 LLDP Configuration Basic TLV Setting	267
32.6.2 LLDP Configuraion Basic Org-specific TLV Setting	268
32.7 LLDP-MED Configuration	269
32.8 LLDP-MED Network Policy	270
32.9 LLDP-MED Location	271
Static Route	274
33.1 Static Route Overview	274
33.1.1 What You Can Do	274
33.2 Static Routing	274
33.3 Configuring Static Routing	274
Differentiated Services	277
34.1 Differentiated Services Overview	277
34.1.1 What You Can Do	277
34.1.2 What You Need to Know	277
34.2 Activating DiffServ	278
34.3 DSCP-to-IEEE 802.1p Priority Settings	279
34.3.1 Configuring DSCP Settings	280
DHCP	281
35.1 DHCP Overview	281
35.1.1 What You Can Do	281
35.1.2 What You Need to Know	281
35.2 DHCP Configuration	282
35.3 DHCPv4 Status	283
35.4 DHCPv4 Relay	283
35.4.1 DHCPv4 Relay Agent Information	283
35.4.2 DHCPv4 Option 82 Profile	284
35.4.3 Configuring DHCPv4 Global Relay	286
35.4.4 DHCPv4 Global Relay Port Configure	287
35.4.5 Global DHCP Relay Configuration Example	288
35.5 Configuring DHCPv4 VLAN Settings	289
35.5.1 DHCPv4 VLAN Port Configure	291
35.5.2 Example: DHCP Relay for Two VLANs	292
35.6 DHCPv6 Relay	293
ARP Setup	295
36.1 ARP Overview	295
36.1.1 What You Can Do	295
36.1.2 What You Need to Know	295
36.2 ARP Setup	297
36.2.1 ARP Learning	297
Maintenance	299
37.1 Overview	299
37.1.1 What You Can Do	299
37.2 The Maintenance Screen	299
37.2.1 Load Factory Default	300
37.2.2 Save Configuration	300
37.2.3 Reboot System	301
37.3 Firmware Upgrade	301
37.4 Restore a Configuration File	302
37.5 Backup a Configuration File	303
37.6 Tech-Support	303
37.7 Technical Reference	305
37.7.1 FTP Command Line	305
37.7.2 Filename Conventions	305
37.7.3 FTP Command Line Procedure	306
37.7.4 GUI-based FTP Clients	306
37.7.5 FTP Restrictions	307
Access Control	308
38.1 Access Control Overview	308
38.1.1 What You Can Do	308
38.2 The Access Control Main Screen	308
38.3 Configuring SNMP	309
38.3.1 Configuring SNMP Trap Group	310
38.3.2 Enabling/Disabling Sending of SNMP Traps on a Port	311
38.3.3 Configuring SNMP User	312
38.4 Setting Up Login Accounts	314
38.5 Service Port Access Control	315
38.6 Remote Management	316
38.7 Technical Reference	318
38.7.1 About SNMP	318
38.7.2 Introduction to HTTPS	320
Diagnostic	326
39.1 Overview	326
39.2 Diagnostic	326
Syslog	328
40.1 Syslog Overview	328
40.1.1 What You Can Do	328
40.2 Syslog Setup	328
40.3 Syslog Server Setup	329
Cluster Management	331
41.1 Cluster Management Overview	331
41.1.1 What You Can Do	332
41.2 Cluster Management Status	332
41.3 Clustering Management Configuration	333
41.4 Technical Reference	335
41.4.1 Cluster Member Switch Management	335
MAC Table	337
42.1 MAC Table Overview	337
42.1.1 What You Can Do	337
42.1.2 What You Need to Know	337
42.2 Viewing the MAC Table	338
ARP Table	340
43.1 Overview	340
43.1.1 What You Can Do	340
43.1.2 What You Need to Know	340
43.2 Viewing the ARP Table	340
Path MTU Table	342
44.1 Path MTU Overview	342
44.2 Viewing the Path MTU Table	342
Configure Clone	343
45.1 Overview	343
45.2 Configure Clone	343
Neighbor Table	346
46.1 IPv6 Neighbor Table Overview	346
46.2 Viewing the IPv6 Neighbor Table	346
Troubleshooting	348
47.1 Power, Hardware Connections, and LEDs	348
47.2 Switch Access and Login	349
47.3 Switch Configuration	351
Customer Support	353
Common Services	359
IPv6	362
Legal Information	370

Match case Limit results 1 per page

Chapter 38 Access Control

GS1920 Series User’s Guide

313

Security Level

Select whether you want to implement authentication and/or encryption for SNMP

communication from this user. Choose:

•

noauth -to use the username as the password string to send to the SNMP manager.

This is equivalent to the Get, Set and Trap Community in SNMP v2c. This is the lowest

security level.

•

auth - to implement an authentication algorithm for SNMP messages sent by this user.

•

priv - to implement authentication and encryption for SNMP messages sent by this

user. This is the highest security level.

Note: The settings on the SNMP manager must be set at the same security level or higher

than the security level settings on the Switch.

Authentication

Select an authentication algorithm.

MD5

(Message Digest 5) and

SHA

(Secure Hash

Algorithm) are hash algorithms used to authenticate SNMP data. SHA authentication is

generally considered stronger than MD5, but is slower.

Password

Enter the password of up to 32 ASCII characters for SNMP user authentication.

Privacy

Specify the encryption method for SNMP communication from this user. You can choose

one of the following:

•

DES - Data Encryption Standard is a widely used (but breakable) method of data

encryption. It applies a 56-bit key to each 64-bit block of data.

•

AES - Advanced Encryption Standard is another method for data encryption that also

uses a secret key. AES applies a 128-bit key to 128-bit blocks of data.

Password

Enter the password of up to 32 ASCII characters for encrypting SNMP packets.

Group

SNMP v3 adopts the concept of View-based Access Control Model (VACM) group. SNMP

managers in one group are assigned common access rights to MIBs. Specify in which

SNMP group this user is.

admin

- Members of this group can perform all types of system configuration, including

the management of administrator accounts.

readwrite

- Members of this group have read and write rights, meaning that the user can

create and edit the MIBs on the Switch, except the user account and AAA configuration.

readonly

- Members of this group have read rights only, meaning the user can collect

information from the Switch.

Add

Click this to create a new entry or to update an existing one.

This saves your changes to the Switch’s run-time memory. The Switch loses these

changes if it is turned off or loses power, so use the

Save

link on the top navigation panel

to save your changes to the non-volatile memory when you are done configuring.

Cancel

Click

Cancel

to reset the fields to your previous configuration.

Clear

Click

Clear

to reset the fields to the factory defaults.

Index

This is a read-only number identifying a login account on the Switch. Click on an index

number to view more details and edit an existing account.

Username

This field displays the username of a login account on the Switch.

Security Level

This field displays whether you want to implement authentication and/or encryption for

SNMP communication with this user.

Authentication

This field displays the authentication algorithm used for SNMP communication with this

user.

Privacy

This field displays the encryption method used for SNMP communication with this user.

Group

This field displays the SNMP group to which this user belongs.

Delete

Click

Delete

to remove the selected entry from the summary table.

Cancel

Click

Cancel

to begin configuring this screen afresh.

Table 156

Management > Access Control > SNMP > User (continued)

LABEL

DESCRIPTION