Home » ZyXEL Manuals » Networking » ZyXEL MI-7248 » Manual Viewer

ZyXEL MI-7248 User Guide - Page 234

Introduction to HTTPS

Get ZyXEL MI-7248 PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 234 highlights

Chapter 38 Access Control Once the identification is verified, both the client and server must agree on the type of encryption method to use. 3 Authentication and Data Transmission After the identification is verified and data encryption activated, a secure tunnel is established between the client and the server. The client then sends its authentication information (user name and password) to the server to log in to the server. 38.4.2 SSH Implementation on the Switch Your switch supports SSH version 2 using RSA authentication and three encryption methods (DES, 3DES and Blowfish). The SSH server is implemented on the switch for remote management and file transfer on port 22. Only one SSH connection is allowed at a time. 38.4.2.1 Requirements for Using SSH You must install an SSH client program on a client computer (Windows or Linux operating system) that is used to connect to the switch over SSH. 38.5 Introduction to HTTPS HTTPS (HyperText Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a web protocol that encrypts and decrypts web pages. Secure Socket Layer (SSL) is an applicationlevel protocol that enables secure transactions of data by ensuring confidentiality (an unauthorized party cannot read the transferred data), authentication (one party can identify the other party) and data integrity (you know if data has been changed). It relies upon certificates, public keys, and private keys. HTTPS on the switch is used so that you may securely access the switch using the web configurator. The SSL protocol specifies that the SSL server (the switch) must always authenticate itself to the SSL client (the computer which requests the HTTPS connection with the switch), whereas the SSL client only should authenticate itself when the SSL server requires it to do so. Authenticating client certificates is optional and if selected means the SSLclient must send the switch a certificate. You must apply for a certificate for the browser from a CA that is a trusted CA on the switch. Please refer to the following figure. 1 HTTPS connection requests from an SSL-aware web browser go to port 443 (by default) on the switch's WS (web server). 2 HTTP connection requests from a web browser go to port 80 (by default) on the switch's WS (web server). 234 MS-7206 User's Guide

Section	Page
User's Guide	1
About This User's Guide	3
Document Conventions	4
Safety Warnings	6
Contents Overview	9
Table of Contents	11
List of Figures	21
List of Tables	25
Introduction	29
Introducing the MM-7201	31
1.1 Overview	31
1.2 Ways to Manage the MM-7201	32
1.3 Good Habits for Managing the MM-7201	32
1.4 LEDs	33
Hardware	35
Front Panel	37
2.1 Front Panel	37
2.2 Connections	37
2.2.1 MGMT Port	37
2.2.2 CONSOLE Port	38
2.2.3 ALARM Port	38
Installing Cards	39
3.1 Management Cards	39
3.1.1 Add a Management Card (System Is Off)	39
3.1.2 Add a Management Card (System Is On)	39
3.1.3 Remove a Management Card	40
3.2 Interface Modules	40
3.2.1 Add an Interface Module (System Is Off)	40
3.2.2 Add an Interface Module (System Is On)	40
3.2.3 Remove an Interface Module	42
Basic	43
The Web Configurator	45
4.1 Introduction	45
4.2 System Login	45
4.3 The Status Screen	46
4.3.1 Change Your Password	49
4.4 Saving Your Configuration	50
4.5 Switch Lockout	50
4.6 Resetting the Switch	51
4.7 Logging Out of the Web Configurator	52
4.8 Help	52
Initial Setup Example	53
5.1 Configuring an IP Interface	53
5.2 Configuring DHCP Server Settings	54
5.3 Creating a VLAN	55
5.4 Setting Port VID	56
5.5 Enabling RIP	56
System Status and Port Statistics	57
6.1 Status	57
6.1.1 Port Status	58
6.1.2 Port Details	59
System Info	63
7.1 System Info	63
7.1.1 Hardware Monitor	65
General Setup	67
8.1 General Setup	67
Switch Setup	71
9.1 Switch Setup	71
IP Setup	73
10.1 IP Interfaces	73
10.2 IP Setup	73
Slot Setup	77
11.1 Slot Setup	77
Port Setup	79
12.1 Port Setup	79
Advanced	81
VLAN	83
13.1 Introduction to VLANs	83
13.2 Introduction to IEEE 802.1Q Tagged VLANs	83
13.2.1 Forwarding Tagged and Untagged Frames	84
13.3 Automatic VLAN Registration	84
13.3.1 GARP	84
13.3.2 GVRP	84
13.4 Port VLAN Trunking	85
13.5 Static VLAN	86
13.6 VLAN Status	86
13.6.1 VLAN Detail	87
13.6.2 Static VLAN	87
13.6.3 VLAN Port Setting	89
Static MAC Forward Setup	91
14.1 Static MAC Forwarding	91
Filtering	93
15.1 Filtering	93
Spanning Tree Protocol	95
16.1 STP/RSTP Overview	95
16.1.1 STP Terminology	95
16.1.2 How STP Works	96
16.1.3 STP Port States	97
16.1.4 Multiple RSTP	97
16.2 Spanning Tree Protocol Status Screen	98
16.3 Spanning Tree Configuration	98
16.4 Rapid Spanning Tree Protocol	99
16.5 Rapid Spanning Tree Protocol Status	101
16.6 Multiple Rapid Spanning Tree Protocol	102
16.7 Multiple Rapid Spanning Tree Protocol Status	104
Bandwidth Control	107
17.1 CIR and PIR	107
17.2 Bandwidth Control	107
Broadcast Storm Control	109
18.1 Broadcast Storm Control	109
Mirroring	111
19.1 Mirroring	111
Link Aggregation	113
20.1 Link Aggregation Overview	113
20.2 Dynamic Link Aggregation	113
20.2.1 Link Aggregation ID	114
20.3 Link Aggregation Control Protocol Status	114
20.4 Link Aggregation Setting	115
20.5 Link Aggregation Control Protocol	116
Port Authentication	119
21.1 Port Authentication Overview	119
21.2 Port Authentication	119
21.2.1 802.1x	119
Port Security	121
22.1 Port Security	121
Classifier	123
23.1 Packet Classifier and QoS	123
23.2 Classifier	123
23.3 Classifier Example	126
Policy Rule	129
24.1 Policy Rules Overview	129
24.1.1 DiffServ	129
24.1.2 DSCP and Per-Hop Behavior	129
24.2 Configuring Policy Rules	130
24.3 Policy Example	133
Queuing Method	135
25.1 Queuing Method Overview	135
25.1.1 Strictly Priority Queuing	135
25.1.2 Weighted Round Robin Scheduling (WRR)	135
25.1.3 Weighted Fair Queuing	136
25.2 Queuing Method	136
VLAN Stacking	139
26.1 VLAN Stacking Overview	139
26.1.1 VLAN Stacking Example	139
26.2 VLAN Stacking Port Roles	140
26.3 VLAN Tag Format	141
26.3.1 Frame Format	141
26.4 VLAN Stacking	142
Multicast	145
27.1 Multicast Overview	145
27.1.1 IP Multicast Addresses	145
27.1.2 IGMP Filtering	145
27.1.3 IGMP Snooping	145
27.1.4 IGMP Snooping and VLANs	146
27.2 Multicast Status	146
27.3 Multicast Setting	146
27.4 IGMP Snooping VLAN	148
27.5 IGMP Filtering Profile	150
27.6 MVR Overview	151
27.6.1 Types of MVR Ports	152
27.6.2 MVR Modes	152
27.6.3 How MVR Works	152
27.7 MVR	153
27.8 Group Configuration	155
27.8.1 MVR Configuration Example	156
Authentication and Accounting	159
28.1 Authentication, Authorization and Accounting (AAA)	159
28.1.1 Local User Accounts	159
28.1.2 RADIUS and TACACS+	160
28.2 Authentication and Accounting Screens	160
28.2.1 RADIUS Server Setup	160
28.2.2 TACACS+ Server Setup	162
28.2.3 Authentication and Accounting Setup	164
28.2.4 Vendor Specific Attribute	167
28.2.5 Tunnel Protocol Attribute	168
IP	169
Static Route	171
29.1 Static Routing	171
RIP	173
30.1 RIP	173
OSPF	175
31.1 OSPF Overview	175
31.1.1 OSPF Autonomous Systems and Areas	175
31.1.2 How OSPF Works	176
31.1.3 Interfaces and Virtual Links	176
31.1.4 OSPF and Router Elections	176
31.1.5 Configuring OSPF	177
31.2 OSPF Status	177
31.3 OSPF Configuration	179
31.4 OSPF Interface	182
31.5 OSPF Virtual-Link	184
IGMP	187
32.1 IGMP	187
DVMRP	189
33.1 DVMRP Overview	189
33.2 How DVMRP Works	189
33.2.1 DVMRP Terminology	190
33.3 DVMRP	190
33.3.1 DVMRP Configuration Error Messages	191
33.4 Default DVMRP Timer Values	192
Differentiated Services	193
34.1 DiffServ Overview	193
34.1.1 DSCP and Per-Hop Behavior	193
34.1.2 DiffServ Network Example	193
34.2 DiffServ	194
34.3 DSCP Setting	195
DHCP	197
35.1 DHCP Overview	197
35.1.1 DHCP modes	197
35.1.2 DHCP Configuration Options	197
35.2 DHCP Status	197
35.3 DHCP Relay	198
35.3.1 DHCP Relay Agent Information	198
35.3.2 Configuring DHCP Global Relay	199
35.3.3 Global DHCP Relay Configuration Example	200
35.4 Configuring DHCP VLAN Settings	201
35.4.1 DHCP VLAN Setting Example	203
VRRP	205
36.1 VRRP Overview	205
36.1.1 VRRP Parameters	206
36.2 VRRP Status	206
36.2.1 VRRP Configuration	207
36.3 VRRP Configuration Examples	209
36.3.1 One Subnet Network Example	209
36.3.2 Two Subnets Example	211
Manage	213
Maintenance	215
37.1 Maintenance	215
37.1.1 Firmware Upgrade	216
37.1.2 Restore Configuration	218
37.1.3 Backup Configuration	218
37.2 FTP Command Line	218
37.2.1 Filename Conventions	219
37.2.2 FTP Command Line Procedure	220
37.2.3 GUI-based FTP Clients	220
37.2.4 FTP Restrictions	221
Access Control	223
38.1 Access Control	223
38.2 SNMP Overview	223
38.2.1 SNMP v3 and Security	224
38.2.2 Supported MIBs	225
38.2.3 SNMP Traps	225
38.2.4 SNMP	228
38.2.5 Configuring SNMP Trap Group	230
38.3 Logins	231
38.4 SSH Overview	233
38.4.1 How SSH works	233
38.4.2 SSH Implementation on the Switch	234
38.5 Introduction to HTTPS	234
38.5.1 HTTPS Example	235
38.6 Service Access Control	237
38.7 Remote Management	238
Diagnostic	241
39.1 Diagnostic	241
Syslog	243
40.1 Syslog Overview	243
40.2 Syslog Setup	243
40.2.1 Syslog Server Setup	244
Cluster Management	247
41.1 Cluster Management Status Overview	247
41.2 Clustering Management Status	248
41.2.1 Cluster Member Switch Management	249
41.2.2 Uploading Firmware to a Cluster Member Switch	249
41.3 Clustering Management Configuration	250
MAC Table	253
42.1 MAC Table Overview	253
42.2 MAC Table	254
IP Table	255
43.1 IP Table Overview	255
43.2 IP Table	256
ARP Table	257
44.1 ARP Table Overview	257
44.1.1 How ARP Works	257
44.2 ARP Table	257
Routing Table	259
45.1 Routing Table Status	259
Configure Clone	261
46.1 Configure Clone	261
Troubleshooting and Product Specifications	263
Troubleshooting	265
47.1 Power, Hardware Connections, and LEDs	265
47.2 MM-7201 Access and Login	266
Product Specifications	269
Appendices and Index	277
IP Addresses and Subnetting	279
Pop-up Windows, JavaScripts and Java Permissions	287
Legal Information	293
Customer Support	297

Match case Limit results 1 per page

Chapter 38 Access Control

MS-7206 User’s Guide

234

Once the identification is verified, both the client and server must agree on the type of

encryption method to use.

Authentication and Data Transmission

After the identification is verified and data encryption activated, a secure tunnel is

established between the client and the server. The client then sends its authentication

information (user name and password) to the server to log in to the server.

38.4.2

SSH Implementation on the Switch

Your switch supports SSH version 2 using RSA authentication and three encryption methods

(DES, 3DES and Blowfish). The SSH server is implemented on the switch for remote

management and file transfer on port 22. Only one SSH connection is allowed at a time.

38.4.2.1

Requirements for Using SSH

You must install an SSH client program on a client computer (Windows or Linux operating

system) that is used to connect to the switch over SSH.

38.5

Introduction to HTTPS

HTTPS (HyperText Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a web

protocol that encrypts and decrypts web pages. Secure Socket Layer (SSL) is an application-

level protocol that enables secure transactions of data by ensuring confidentiality (an

unauthorized party cannot read the transferred data), authentication (one party can identify the

other party) and data integrity (you know if data has been changed).

It relies upon certificates, public keys, and private keys.

HTTPS on the switch is used so that you may securely access the switch using the web

configurator. The SSL protocol specifies that the SSL server (the switch) must always

authenticate itself to the SSL client (the computer which requests the HTTPS connection with

the switch), whereas the SSL client only should authenticate itself when the SSL server

requires it to do so. Authenticating client certificates is optional and if selected means the SSL-

client must send the switch a certificate. You must apply for a certificate for the browser from

a CA that is a trusted CA on the switch.

Please refer to the following figure.

HTTPS connection requests from an SSL-aware web browser go to port 443 (by default)

on the switch’s WS (web server).

HTTP connection requests from a web browser go to port 80 (by default) on the switch’s

WS (web server).