Home » ZyXEL Manuals » Networking » ZyXEL MES-3728 » Manual Viewer

ZyXEL MES-3728 User Guide - Page 313

Management, Access Control, Logins, Table 108

Get ZyXEL MES-3728 PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 313 highlights

Chapter 34 Access Control Table 108 Management > Access Control > SNMP (continued) LABEL DESCRIPTION Set Community Enter the Set Community, which is the password for incoming Setrequests from the management station. Trap Community The Set Community string is only used by SNMP managers using SNMP version 2c or lower. Enter the Trap Community string, which is the password sent with each trap to the SNMP manager. Trap Destination Version IP Port Username The Trap Community string is only used by SNMP managers using SNMP version 2c or lower. Use this section to configure where to send SNMP traps from the Switch. Specify the version of the SNMP trap messages. Enter the IP addresses of up to four managers to send your SNMP traps to. Enter the port number upon which the manager listens for SNMP traps. Enter the username to be sent to the SNMP manager along with the SNMP v3 trap. User Information Note: This username must match an existing account on the Switch (configured in the Management > Access Control > Logins screen). Use this section to configure users for authentication with managers using SNMP v3. Index Username Security Level Note: Use the username and password of the login accounts you specify in this section to create accounts on the SNMP v3 manager. This is a read-only number identifying a login account on the Switch. This field displays the username of a login account on the Switch. Select whether you want to implement authentication and/or encryption for SNMP communication from this user. Choose: • noauth: to use the username as the password string to send to the SNMP manager. This is equivalent to the Get, Set and Trap Community in SNMP v2c. This is the lowest security level. • auth: to implement an authentication algorithm for SNMP messages sent by this user. • priv: to implement authentication and encryption for SNMP messages sent by this user. This is the highest security level. Authenticati on Note: The settings on the SNMP manager must be set at the same security level or higher than the security level settings on the Switch. Select an authentication algorithm. MD5 (Message Digest 5) and SHA (Secure Hash Algorithm) are hash algorithms used to authenticate SNMP data. SHA authentication is generally considered stronger than MD5, but is slower. MES-3728 User's Guide 313

Section	Page
MES-3728	1
About This User's Guide	3
Document Conventions	5
Safety Warnings	7
Contents Overview	9
Table of Contents	11
Introduction and Hardware	21
Getting to Know Your Switch	23
1.1 Introduction	23
1.1.1 Backbone Application	23
1.1.2 Bridging Example	24
1.1.3 High Performance Switching Example	25
1.1.4 IEEE 802.1Q VLAN Application Examples	25
1.1.5 Metro Ethernet	26
1.2 Ways to Manage the Switch	27
1.3 Good Habits for Managing the Switch	28
Hardware Installation and Connection	29
2.1 Installation Scenarios	29
2.2 Desktop Installation Procedure	29
2.3 Mounting the Switch on a Rack	29
2.3.1 Rack-mounted Installation Requirements	30
2.3.2 Attaching the Mounting Brackets to the Switch	30
2.3.3 Mounting the Switch on a Rack	31
Hardware Overview	33
3.1 Front Panel	33
3.1.1 Console Port	34
3.1.2 Gigabit Ethernet Ports	34
3.1.3 Mini-GBIC Slots	35
3.1.4 Management Port	37
3.1.5 Power Connector	37
3.1.6 Signal Slot	39
3.2 Rear Panel	41
3.2.1 External Backup Power Supply Connector	41
3.3 LEDs	42
Basic Configuration	45
The Web Configurator	47
4.1 Introduction	47
4.2 System Login	47
4.3 The Status Screen	48
4.3.1 Change Your Password	53
4.4 Saving Your Configuration	53
4.5 Switch Lockout	54
4.6 Resetting the Switch	54
4.6.1 Reload the Configuration File	54
4.7 Logging Out of the Web Configurator	56
4.8 Help	56
Initial Setup Example	57
5.1 Overview	57
5.1.1 Creating a VLAN	57
5.1.2 Setting Port VID	59
5.2 Configuring Switch Management IP Address	60
Tutorials	63
6.1 How to Use DHCP Snooping on the Switch	63
6.2 How to Use DHCP Relay on the Switch	67
6.2.1 DHCP Relay Tutorial Introduction	67
6.2.2 Creating a VLAN	68
6.2.3 Configuring DHCP Relay	71
6.2.4 Troubleshooting	72
System Status and Port Statistics	73
7.1 Overview	73
7.2 Port Status Summary	74
7.2.1 Status: Port Details	75
Basic Setting	79
8.1 Overview	79
8.2 System Information	80
8.3 General Setup	82
8.4 Introduction to VLANs	84
8.5 Switch Setup Screen	85
8.6 IP Setup	87
8.6.1 Management IP Addresses	87
8.7 Port Setup	90
Advanced	93
VLAN	95
9.1 Introduction to IEEE 802.1Q Tagged VLANs	95
9.1.1 Forwarding Tagged and Untagged Frames	95
9.2 Automatic VLAN Registration	96
9.2.1 GARP	96
9.2.2 GVRP	96
9.3 Port VLAN Trunking	97
9.4 Select the VLAN Type	98
9.5 Static VLAN	98
9.5.1 VLAN Status	99
9.5.2 VLAN Details	100
9.5.3 Configure a Static VLAN	101
9.5.4 Configure VLAN Port Settings	103
9.6 Subnet Based VLANs	105
9.7 Configuring Subnet Based VLAN	106
9.8 Protocol Based VLANs	107
9.9 Configuring Protocol Based VLAN	108
9.10 Create an IP-based VLAN Example	110
9.11 Port-based VLAN Setup	111
9.11.1 Configure a Port-based VLAN	112
Static MAC Forward Setup	115
10.1 Overview	115
10.2 Configuring Static MAC Forwarding	115
Static Multicast Forward Setup	119
11.1 Static Multicast Forwarding Overview	119
11.2 Configuring Static Multicast Forwarding	120
Filtering	123
12.1 Configure a Filtering Rule	123
Spanning Tree Protocol	125
13.1 STP/RSTP Overview	125
13.1.1 STP Terminology	125
13.1.2 How STP Works	126
13.1.3 STP Port States	127
13.1.4 Multiple RSTP	127
13.1.5 Multiple STP	128
13.2 Spanning Tree Protocol Status Screen	131
13.3 Spanning Tree Configuration	132
13.4 Configure Rapid Spanning Tree Protocol	133
13.5 Rapid Spanning Tree Protocol Status	135
13.6 Configure Multiple Rapid Spanning Tree Protocol	137
13.7 Multiple Rapid Spanning Tree Protocol Status	139
13.8 Configure Multiple Spanning Tree Protocol	141
13.9 Multiple Spanning Tree Protocol Status	144
Bandwidth Control	147
14.1 Bandwidth Control Overview	147
14.1.1 CIR and PIR	147
14.2 Bandwidth Control Setup	148
Broadcast Storm Control	151
15.1 Broadcast Storm Control Setup	151
Mirroring	153
16.1 Port Mirroring Setup	153
Link Aggregation	155
17.1 Link Aggregation Overview	155
17.2 Dynamic Link Aggregation	155
17.2.1 Link Aggregation ID	156
17.3 Link Aggregation Status	157
17.4 Link Aggregation Setting	159
17.5 Link Aggregation Control Protocol	161
17.6 Static Trunking Example	162
Port Authentication	165
18.1 Port Authentication Overview	165
18.1.1 IEEE 802.1x Authentication	165
18.1.2 MAC Authentication	166
18.2 Port Authentication Configuration	167
18.2.1 Activate IEEE 802.1x Security	168
18.2.2 Activate MAC Authentication	169
Port Security	171
19.1 About Port Security	171
19.2 Port Security Setup	172
19.3 VLAN MAC Address Limit	174
Classifier	177
20.1 About the Classifier and QoS	177
20.2 Configuring the Classifier	177
20.3 Viewing and Editing Classifier Configuration	180
20.4 Classifier Example	182
Policy Rule	185
21.1 Policy Rules Overview	185
21.1.1 DiffServ	185
21.1.2 DSCP and Per-Hop Behavior	185
21.2 Configuring Policy Rules	186
21.3 Viewing and Editing Policy Configuration	189
21.4 Policy Example	191
Queuing Method	193
22.1 Queuing Method Overview	193
22.1.1 Strictly Priority Queuing	193
22.1.2 Weighted Fair Queuing	193
22.1.3 Weighted Round Robin Scheduling (WRR)	194
22.2 Configuring Queuing	195
VLAN Stacking	197
23.1 VLAN Stacking Overview	197
23.1.1 VLAN Stacking Example	197
23.2 VLAN Stacking Port Roles	198
23.3 VLAN Tag Format	199
23.3.1 Frame Format	199
23.4 Configuring VLAN Stacking	200
23.4.1 Port-based Q-in-Q	201
23.4.2 Selective Q-in-Q	202
Multicast	205
24.1 Multicast Overview	205
24.1.1 IP Multicast Addresses	205
24.1.2 IGMP Filtering	205
24.1.3 IGMP Snooping	206
24.1.4 IGMP Snooping and VLANs	206
24.2 Multicast Status	206
24.3 Multicast Setting	207
24.4 IGMP Snooping VLAN	210
24.5 IGMP Filtering Profile	211
24.6 MVR Overview	213
24.6.1 Types of MVR Ports	213
24.6.2 MVR Modes	214
24.6.3 How MVR Works	214
24.7 General MVR Configuration	215
24.8 MVR Group Configuration	217
24.8.1 MVR Configuration Example	218
AAA	221
25.1 Authentication, Authorization and Accounting (AAA)	221
25.1.1 Local User Accounts	222
25.1.2 RADIUS and TACACS+	222
25.2 AAA Screens	222
25.2.1 RADIUS Server Setup	223
25.2.2 TACACS+ Server Setup	225
25.2.3 AAA Setup	227
25.2.4 Vendor Specific Attribute	230
25.3 Supported RADIUS Attributes	231
25.3.1 Attributes Used for Authentication	232
25.3.2 Attributes Used for Accounting	233
IP Source Guard	235
26.1 IP Source Guard Overview	235
26.1.1 DHCP Snooping Overview	236
26.1.2 ARP Inspection Overview	238
26.2 IP Source Guard	239
26.3 IP Source Guard Static Binding	240
26.4 DHCP Snooping	243
26.5 DHCP Snooping Configure	247
26.5.1 DHCP Snooping Port Configure	249
26.5.2 DHCP Snooping VLAN Configure	250
26.6 ARP Inspection Status	252
26.6.1 ARP Inspection VLAN Status	253
26.6.2 ARP Inspection Log Status	254
26.7 ARP Inspection Configure	255
26.7.1 ARP Inspection Port Configure	257
26.7.2 ARP Inspection VLAN Configure	259
Loop Guard	261
27.1 Loop Guard Overview	261
27.2 Loop Guard Setup	263
VLAN Mapping	265
28.1 VLAN Mapping Overview	265
28.1.1 VLAN Mapping Example	265
28.2 Enabling VLAN Mapping	266
28.3 Configuring VLAN Mapping	267
Layer 2 Protocol Tunneling	269
29.1 Layer 2 Protocol Tunneling Overview	269
29.1.1 Layer 2 Protocol Tunneling Mode	270
29.2 Configuring Layer 2 Protocol Tunneling	271
IP Application	273
Static Route	275
30.1 Static Routing Overview	275
30.2 Configuring Static Routing	276
Differentiated Services	279
31.1 DiffServ Overview	279
31.1.1 DSCP and Per-Hop Behavior	279
31.1.2 DiffServ Network Example	280
31.2 Two Rate Three Color Marker Traffic Policing	280
31.2.1 TRTCM-Color-blind Mode	281
31.2.2 TRTCM-Color-aware Mode	281
31.3 Activating DiffServ	282
31.3.1 Configuring 2-Rate 3 Color Marker Settings	283
31.4 DSCP-to-IEEE 802.1p Priority Settings	284
31.4.1 Configuring DSCP Settings	285
DHCP	287
32.1 DHCP Overview	287
32.1.1 DHCP Modes	287
32.1.2 DHCP Configuration Options	287
32.2 DHCP Status	288
32.3 DHCP Relay	288
32.3.1 DHCP Relay Agent Information	288
32.3.2 Configuring DHCP Global Relay	289
32.3.3 Global DHCP Relay Configuration Example	290
32.4 Configuring DHCP VLAN Settings	291
32.4.1 Example: DHCP Relay for Two VLANs	293
Management	295
Maintenance	297
33.1 The Maintenance Screen	297
33.2 Load Factory Default	298
33.3 Save Configuration	298
33.4 Reboot System	299
33.5 Firmware Upgrade	299
33.6 Restore a Configuration File	300
33.7 Backup a Configuration File	301
33.8 FTP Command Line	301
33.8.1 Filename Conventions	301
33.8.2 FTP Command Line Procedure	303
33.8.3 GUI-based FTP Clients	303
33.8.4 FTP Restrictions	304
Access Control	305
34.1 Access Control Overview	305
34.2 The Access Control Main Screen	305
34.3 About SNMP	306
34.3.1 SNMP v3 and Security	307
34.3.2 Supported MIBs	307
34.3.3 SNMP Traps	308
34.3.4 Configuring SNMP	312
34.3.5 Configuring SNMP Trap Group	314
34.3.6 Setting Up Login Accounts	315
34.4 SSH Overview	317
34.5 How SSH works	318
34.6 SSH Implementation on the Switch	319
34.6.1 Requirements for Using SSH	319
34.7 Introduction to HTTPS	319
34.8 HTTPS Example	320
34.8.1 Internet Explorer Warning Messages	320
34.8.2 Netscape Navigator Warning Messages	321
34.8.3 The Main Screen	323
34.9 Service Port Access Control	323
34.10 Remote Management	324
Diagnostic	327
35.1 Diagnostic	327
Syslog	329
36.1 Syslog Overview	329
36.2 Syslog Setup	330
36.3 Syslog Server Setup	331
Cluster Management	333
37.1 Cluster Management Status Overview	333
37.2 Cluster Management Status	334
37.2.1 Cluster Member Switch Management	335
37.3 Clustering Management Configuration	338
MAC Table	341
38.1 MAC Table Overview	341
38.2 Viewing the MAC Table	342
ARP Table	345
39.1 ARP Table Overview	345
39.1.1 How ARP Works	345
39.2 Viewing the ARP Table	346
Configure Clone	347
40.1 Configure Clone	348
Troubleshooting & Product Specifications	351
Troubleshooting	353
41.1 Power, Hardware Connections, and LEDs	353
41.2 Switch Access and Login	354
41.3 Switch Configuration	357
Product Specifications	359
Appendices and Index	369
Changing a Fuse	371
Common Services	373
Legal Information	377

Match case Limit results 1 per page

Chapter 34 Access Control

MES-3728 User’s Guide

313

Set Community

Enter the

Set Community

, which is the password for incoming Set-

requests from the management station.

The

Set Community

string is only used by SNMP managers using

SNMP version 2c or lower.

Trap

Community

Enter the

Trap Community

string, which is the password sent with

each trap to the SNMP manager.

The

Trap Community

string is only used by SNMP managers using

SNMP version 2c or lower.

Trap

Destination

Use this section to configure where to send SNMP traps from the Switch.

Version

Specify the version of the SNMP trap messages.

Enter the IP addresses of up to four managers to send your SNMP traps

to.

Port

Enter the port number upon which the manager listens for SNMP traps.

Username

Enter the username to be sent to the SNMP manager along with the

SNMP v3 trap.

Note: This username must match an existing account on the Switch

(configured in the

Management

Access Control

Logins

screen).

User

Information

Use this section to configure users for authentication with managers

using SNMP v3.

Note: Use the username and password of the login accounts you

specify in this section to create accounts on the SNMP v3

manager.

Index

This is a read-only number identifying a login account on the Switch.

Username

This field displays the username of a login account on the Switch.

Security

Level

Select whether you want to implement authentication and/or encryption

for SNMP communication from this user. Choose:

•

noauth

: to use the username as the password string to send to the

SNMP manager. This is equivalent to the Get, Set and Trap

Community in SNMP v2c. This is the lowest security level.

•

auth

: to implement an authentication algorithm for SNMP messages

sent by this user.

•

priv

: to implement authentication and encryption for SNMP

messages sent by this user. This is the highest security level.

Note: The settings on the SNMP manager must be set at the same

security level or higher than the security level settings on the

Switch.

Authenticati

Select an authentication algorithm.

MD5

(Message Digest 5) and

SHA

(Secure Hash Algorithm) are hash algorithms used to authenticate

SNMP data.

SHA

authentication is generally considered stronger than

MD5

, but is slower.

Table 108

Management > Access Control > SNMP

(continued)

LABEL

DESCRIPTION