Home » ZyXEL Manuals » Networking » ZyXEL GS2200-8 » Manual Viewer

ZyXEL GS2200-8 User Guide - Page 278

Introduction to HTTPS

Get ZyXEL GS2200-8 PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 278 highlights

Chapter 35 Access Control 2 Encryption Method Once the identification is verified, both the client and server must agree on the type of encryption method to use. 3 Authentication and Data Transmission After the identification is verified and data encryption activated, a secure tunnel is established between the client and the server. The client then sends its authentication information (user name and password) to the server to log in to the server. 35.7.2.2 SSH Implementation on the Switch Your Switch supports SSH version 2 using RSA authentication and three encryption methods (DES, 3DES and Blowfish). The SSH server is implemented on the Switch for remote management and file transfer on port 22. Only one SSH connection is allowed at a time. 35.7.2.3 Requirements for Using SSH You must install an SSH client program on a client computer (Windows or Linux operating system) that is used to connect to the Switch over SSH. 35.7.3 Introduction to HTTPS HTTPS (HyperText Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a web protocol that encrypts and decrypts web pages. Secure Socket Layer (SSL) is an application-level protocol that enables secure transactions of data by ensuring confidentiality (an unauthorized party cannot read the transferred data), authentication (one party can identify the other party) and data integrity (you know if data has been changed). It relies upon certificates, public keys, and private keys. HTTPS on the Switch is used so that you may securely access the Switch using the web configurator. The SSL protocol specifies that the SSL server (the Switch) must always authenticate itself to the SSL client (the computer which requests the HTTPS connection with the Switch), whereas the SSL client only should authenticate itself when the SSL server requires it to do so. Authenticating client certificates is optional and if selected means the SSL-client must send the Switch a certificate. You must apply for a certificate for the browser from a CA that is a trusted CA on the Switch. Please refer to the following figure. 1 HTTPS connection requests from an SSL-aware web browser go to port 443 (by default) on the Switch's WS (web server). 278 GS2200-8/24 User's Guide

Section	Page
GS2200-8/24 Series	1
About This User's Guide	3
Document Conventions	6
Safety Warnings	8
Contents Overview	9
Table of Contents	11
User’s Guide	21
Getting to Know Your Switch	23
1.1 Introduction	23
1.1.1 Backbone Application	23
1.1.2 Bridging Example	24
1.1.3 High Performance Switching Example	24
1.1.4 IEEE 802.1Q VLAN Application Examples	25
1.2 Ways to Manage the Switch	26
1.3 Good Habits for Managing the Switch	26
Hardware Installation and Connection	27
2.1 Installation Scenarios	27
2.2 Desktop Installation Procedure	27
2.3 Mounting the Switch on a Rack	27
2.3.1 Rack-mounted Installation Requirements	27
2.3.2 Attaching the Mounting Brackets to the Switch	28
2.3.3 Mounting the Switch on a Rack	29
2.4 Wall Mounting (for GS2200-8 only)	29
Hardware Panels	31
3.1 Overview	31
3.2 Front Panels	31
3.2.1 Console Port	33
3.2.2 Gigabit Ethernet Ports	33
3.2.3 Mini-GBIC Slots	34
3.2.4 Power Connector	35
3.3 LEDs	36
Technical Reference	37
The Web Configurator	39
4.1 Overview	39
4.2 System Login	39
4.3 The Status Screen	40
4.3.1 Change Your Password	44
4.4 Saving Your Configuration	44
4.5 Switch Lockout	44
4.6 Resetting the Switch	45
4.6.1 Reload the Configuration File	45
4.7 Logging Out of the Web Configurator	46
4.8 Help	46
Initial Setup Example	47
5.1 Overview	47
5.1.1 Creating a VLAN	47
5.1.2 Setting Port VID	48
5.2 Configuring Switch Management IP Address	49
Tutorials	51
6.1 Overview	51
6.2 How to Use DHCP Snooping on the Switch	51
6.3 How to Use DHCP Relay on the Switch	54
6.3.1 DHCP Relay Tutorial Introduction	55
6.3.2 Creating a VLAN	55
6.3.3 Configuring DHCP Relay	58
6.3.4 Troubleshooting	59
System Status and Port Statistics	60
7.1 Overview	60
7.1.1 What You Can Do	60
7.2 Port Status Summary	61
7.2.1 Status: Port Details	63
Basic Setting	66
8.1 Overview	66
8.1.1 What You Can Do	66
8.2 System Information	67
8.3 General Setup	69
8.4 Introduction to VLANs	70
8.5 Switch Setup Screen	71
8.6 IP Setup	72
8.6.1 Management IP Addresses	73
8.7 Port Setup	75
8.8 PoE Status	76
8.8.1 PoE Setup	79
VLAN	83
9.1 Overview	83
9.1.1 What You Can Do	83
9.1.2 What You Need to Know	83
9.2 VLAN Status	86
9.2.1 VLAN Details	87
9.3 Configure a Static VLAN	88
9.4 Configure VLAN Port Settings	90
9.5 Subnet Based VLANs	91
9.5.1 Configuring Subnet Based VLAN	92
9.6 Protocol Based VLANs	94
9.6.1 Configuring Protocol Based VLAN	94
9.7 Port-based VLAN Setup	96
9.7.1 Configure a Port-based VLAN	97
9.8 Technical Reference	99
9.8.1 Create an IP-based VLAN Example	99
Static MAC Forward Setup	101
10.1 Overview	101
10.1.1 What You Can Do	101
10.2 Configuring Static MAC Forwarding	101
Static Multicast Forward Setup	103
11.1 Overview	103
11.1.1 What You Can Do	103
11.1.2 What You Need To Know	103
11.2 Configuring Static Multicast Forwarding	104
Filtering	107
12.1 Overview	107
12.1.1 What You Can Do	107
12.2 Configure a Filtering Rule	107
Spanning Tree Protocol	109
13.1 Overview	109
13.1.1 What You Can Do	109
13.1.2 What You Need to Know	109
13.2 Spanning Tree Protocol Status Screen	112
13.3 Spanning Tree Configuration	113
13.4 Configure Rapid Spanning Tree Protocol	114
13.5 Rapid Spanning Tree Protocol Status	115
13.6 Configure Multiple Rapid Spanning Tree Protocol	117
13.7 Multiple Rapid Spanning Tree Protocol Status	118
13.8 Configure Multiple Spanning Tree Protocol	120
13.8.1 Multiple Spanning Tree Protocol Port Configuration	123
13.9 Multiple Spanning Tree Protocol Status	123
13.10 Technical Reference	125
13.10.1 MSTP Network Example	126
13.10.2 MST Region	126
13.10.3 MST Instance	127
13.10.4 Common and Internal Spanning Tree (CIST)	127
Bandwidth Control	129
14.1 Overview	129
14.1.1 What You Can Do	129
14.2 Bandwidth Control Setup	130
Broadcast Storm Control	132
15.1 Overview	132
15.1.1 What You Can Do	132
15.2 Broadcast Storm Control Setup	133
Mirroring	134
16.1 Overview	134
16.1.1 What You Can Do	134
16.2 Port Mirroring Setup	135
Link Aggregation	137
17.1 Overview	137
17.1.1 What You Can Do	137
17.1.2 What You Need to Know	137
17.2 Link Aggregation Status	138
17.3 Link Aggregation Setting	140
17.4 Link Aggregation Control Protocol	142
17.5 Technical Reference	143
17.5.1 Static Trunking Example	143
Port Authentication	145
18.1 Overview	145
18.1.1 What You Can Do	145
18.1.2 What You Need to Know	145
18.2 Port Authentication Configuration	146
18.3 Activate IEEE 802.1x Security	147
18.3.1 Guest VLAN	148
Port Security	151
19.1 Overview	151
19.1.1 What You Can Do	151
19.2 Port Security Setup	152
Classifier	154
20.1 Overview	154
20.1.1 What You Can Do	154
20.1.2 What You Need to Know	154
20.2 Configuring the Classifier	154
20.2.1 Viewing and Editing Classifier Configuration	156
20.3 Classifier Example	158
Policy Rule	160
21.1 Policy Rules Overview	160
21.1.1 What You Can Do	160
21.2 Configuring Policy Rules	160
21.2.1 Viewing and Editing Policy Configuration	163
21.3 Policy Example	164
Queuing Method	165
22.1 Overview	165
22.1.1 What You Can Do	165
22.1.2 What You Need to Know	165
22.2 Configuring Queuing	166
Multicast	168
23.1 Overview	168
23.1.1 What You Can Do	168
23.1.2 What You Need to Know	168
23.2 Multicast Status	170
23.3 Multicast Setting	171
23.4 IGMP Snooping VLAN	174
23.5 IGMP Filtering Profile	175
23.6 The MVR Screen	176
23.6.1 MVR Group Configuration	178
23.6.2 MVR Configuration Example	179
AAA	182
24.1 Overview	182
24.1.1 What You Can Do	182
24.1.2 What You Need to Know	182
24.2 AAA Screens	183
24.3 RADIUS Server Setup	183
24.4 TACACS+ Server Setup	186
24.5 AAA Setup	188
24.6 Technical Reference	190
24.6.1 Vendor Specific Attribute	190
24.6.2 Supported RADIUS Attributes	191
24.6.3 Attributes Used for Authentication	192
IP Source Guard	193
25.1 Overview	193
25.1.1 What You Can Do	193
25.1.2 What You Need to Know	194
25.2 IP Source Guard	194
25.3 IP Source Guard Static Binding	195
25.4 DHCP Snooping	196
25.5 DHCP Snooping Configure	199
25.5.1 DHCP Snooping Port Configure	201
25.5.2 DHCP Snooping VLAN Configure	203
25.6 ARP Inspection Status	204
25.7 ARP Inspection VLAN Status	205
25.8 ARP Inspection Log Status	206
25.9 ARP Inspection Configure	207
25.9.1 ARP Inspection Port Configure	208
25.9.2 ARP Inspection VLAN Configure	210
25.10 Technical Reference	211
25.10.1 DHCP Snooping Overview	211
25.10.2 ARP Inspection Overview	213
Loop Guard	215
26.1 Overview	215
26.1.1 What You Can Do	215
26.1.2 What You Need to Know	215
26.2 Loop Guard Setup	217
Layer 2 Protocol Tunneling	219
27.1 Overview	219
27.1.1 What You Can Do	219
27.1.2 What You Need to Know	219
27.2 Configuring Layer 2 Protocol Tunneling	221
PPPoE	223
28.1 PPPoE Intermediate Agent Overview	223
28.1.1 What You Can Do	223
28.1.2 What You Need to Know	223
28.2 The PPPoE Screen	225
28.3 PPPoE Intermediate Agent	226
28.3.1 PPPoE IA Per-Port	227
28.3.2 PPPoE IA Per-Port Per-VLAN	228
28.3.3 PPPoE IA for VLAN	230
Error Disable	231
29.1 Overview	231
29.1.1 What You Can Do	231
29.1.2 What You Need to Know	231
29.2 The Error Disable Screen	232
29.3 CPU Protection Configuration	232
29.4 Error-Disable Detect Configuration	233
29.5 Error-Disable Recovery Configuration	234
Static Route	237
30.1 Overview	237
30.1.1 What You Can Do	237
30.2 Configuring Static Routing	238
Differentiated Services	240
31.1 Overview	240
31.1.1 What You Can Do	240
31.1.2 What You Need to Know	240
31.2 Activating DiffServ	241
31.3 DSCP-to-IEEE 802.1p Priority Settings	242
31.3.1 Configuring DSCP Settings	242
DHCP	244
32.1 DHCP Overview	244
32.1.1 What You Can Do	244
32.1.2 What You Need to Know	244
32.2 DHCP Status	245
32.3 Configuring DHCP Global Relay	246
32.3.1 Global DHCP Relay Configuration Example	247
32.4 Configuring DHCP VLAN Settings	247
32.4.1 Example: DHCP Relay for Two VLANs	248
ARP Learning	250
33.1 ARP Overview	250
33.1.1 What You Can Do	250
33.1.2 What You Need to Know	250
33.2 Configuring ARP Learning	252
Maintenance	255
34.1 Overview	255
34.1.1 What You Can Do	255
34.2 The Maintenance Screen	255
34.2.1 Load Factory Default	256
34.2.2 Save Configuration	256
34.2.3 Reboot System	257
34.3 Firmware Upgrade	257
34.4 Restore a Configuration File	258
34.5 Backup a Configuration File	258
34.6 Technical Reference	259
34.6.1 FTP Command Line	259
34.6.2 Filename Conventions	259
34.6.3 FTP Command Line Procedure	259
34.6.4 GUI-based FTP Clients	260
34.6.5 FTP Restrictions	260
Access Control	261
35.1 Overview	261
35.1.1 What You Can Do	261
35.2 The Access Control Main Screen	261
35.3 Configuring SNMP	262
35.3.1 Configuring SNMP Trap Group	264
35.3.2 Configuring SNMP User	265
35.4 Setting Up Login Accounts	266
35.5 Service Port Access Control	268
35.6 Remote Management	268
35.7 Technical Reference	270
35.7.1 About SNMP	270
35.7.2 SSH Overview	277
35.7.3 Introduction to HTTPS	278
Diagnostic	285
36.1 Overview	285
36.2 Diagnostic	285
Syslog	287
37.1 Overview	287
37.1.1 What You Can Do	287
37.2 Syslog Setup	287
37.3 Syslog Server Setup	289
Cluster Management	290
38.1 Overview	290
38.1.1 What You Can Do	291
38.2 Cluster Management Status	291
38.3 Clustering Management Configuration	292
38.4 Technical Reference	294
38.4.1 Cluster Member Switch Management	294
MAC Table	296
39.1 Overview	296
39.1.1 What You Can Do	296
39.1.2 What You Need to Know	296
39.2 Viewing the MAC Table	297
ARP Table	299
40.1 Overview	299
40.1.1 What You Can Do	299
40.1.2 What You Need to Know	299
40.2 Viewing the ARP Table	299
Configure Clone	301
41.1 Overview	301
41.2 Configure Clone	301
Troubleshooting	303
42.1 Power, Hardware Connections, and LEDs	303
42.2 Switch Access and Login	304
42.3 Switch Configuration	306
Product Specifications	307
Changing a Fuse	315
Common Services	317
Legal Information	321

Match case Limit results 1 per page

Chapter 35 Access Control

GS2200-8/24 User’s Guide

278

Encryption Method

Once the identification is verified, both the client and server must agree on the type of encryption

method to use.

Authentication and Data Transmission

After the identification is verified and data encryption activated, a secure tunnel is established

between the client and the server. The client then sends its authentication information (user name

and password) to the server to log in to the server.

35.7.2.2

SSH Implementation on the Switch

Your Switch supports SSH version 2 using RSA authentication and three encryption methods (DES,

3DES and Blowfish). The SSH server is implemented on the Switch for remote management and file

transfer on port 22. Only one SSH connection is allowed at a time.

35.7.2.3

Requirements for Using SSH

You must install an SSH client program on a client computer (Windows or Linux operating system)

that is used to connect to the Switch over SSH.

35.7.3

Introduction to HTTPS

HTTPS (HyperText Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a web protocol

that encrypts and decrypts web pages. Secure Socket Layer (SSL) is an application-level protocol

that enables secure transactions of data by ensuring confidentiality (an unauthorized party cannot

read the transferred data), authentication (one party can identify the other party) and data

integrity (you know if data has been changed).

It relies upon certificates, public keys, and private keys.

HTTPS on the Switch is used so that you may securely access the Switch using the web

configurator. The SSL protocol specifies that the SSL server (the Switch) must always authenticate

itself to the SSL client (the computer which requests the HTTPS connection with the Switch),

whereas the SSL client only should authenticate itself when the SSL server requires it to do so.

Authenticating client certificates is optional and if selected means the SSL-client must send the

Switch a certificate. You must apply for a certificate for the browser from a CA that is a trusted CA

on the Switch.

Please refer to the following figure.

HTTPS connection requests from an SSL-aware web browser go to port 443 (by default) on the

Switch’s WS (web server).