Home » ZyXEL Manuals » Networking » ZyXEL MM-7201 » Manual Viewer

ZyXEL MM-7201 User Guide - Page 314

Introduction to HTTPS

Get ZyXEL MM-7201 PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 314 highlights

Chapter 40 Access Control 1 Host Identification The SSH client sends a connection request to the SSH server. The server identifies itself with a host key. The client encrypts a randomly generated session key with the host key and server key and sends the result back to the server. The client automatically saves any new server public keys. In subsequent connections, the server public key is checked against the saved version on the client computer. 2 Encryption Method Once the identification is verified, both the client and server must agree on the type of encryption method to use. 3 Authentication and Data Transmission After the identification is verified and data encryption activated, a secure tunnel is established between the client and the server. The client then sends its authentication information (user name and password) to the server to log in to the server. 40.4.2 SSH Implementation on the Switch Your switch supports SSH version 2 using RSA authentication and three encryption methods (DES, 3DES and Blowfish). The SSH server is implemented on the switch for remote management and file transfer on port 22. Only one SSH connection is allowed at a time. 40.4.2.1 Requirements for Using SSH You must install an SSH client program on a client computer (Windows or Linux operating system) that is used to connect to the switch over SSH. 40.5 Introduction to HTTPS HTTPS (HyperText Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a web protocol that encrypts and decrypts web pages. Secure Socket Layer (SSL) is an application-level protocol that enables secure transactions of data by ensuring confidentiality (an unauthorized party cannot read the transferred data), authentication (one party can identify the other party) and data integrity (you know if data has been changed). It relies upon certificates, public keys, and private keys. 314 MS-7206 User's Guide

Section	Page
MS-7206	1
About This User's Guide	3
Document Conventions	5
Safety Warnings	7
Contents Overview	9
Table of Contents	11
Introduction	23
Introducing the MM-7201	25
1.1 Overview	25
1.2 Ways to Manage the MM-7201	26
1.3 Good Habits for Managing the MM-7201	26
1.4 LEDs	27
Hardware	29
Front Panel	31
2.1 Front Panel	31
2.2 Connections	31
2.2.1 MGMT Port	31
2.2.2 CONSOLE Port	32
2.2.3 ALARM Port	32
Installing Cards	33
3.1 Management Cards	33
3.1.1 Add a Management Card (System Is Off)	33
3.1.2 Add a Management Card (System Is On)	34
3.1.3 Remove a Management Card	34
3.2 Interface Modules	34
3.2.1 Add an Interface Module (System Is Off)	34
3.2.2 Add an Interface Module (System Is On)	34
3.2.3 Remove an Interface Module	36
Basic	37
The Web Configurator	39
4.1 Introduction	39
4.2 System Login	39
4.3 The Status Screen	40
4.3.1 Change Your Password	44
4.4 Saving Your Configuration	44
4.5 Switch Lockout	45
4.6 Resetting the Switch	45
4.7 Logging Out of the Web Configurator	46
4.8 Help	47
Initial Setup Example	49
5.1 Configuring an IP Interface	49
5.2 Configuring DHCP Server Settings	50
5.3 Creating a VLAN	51
5.4 Setting Port VID	52
5.5 Enabling RIP	53
System Status and Port Statistics	55
6.1 Status	55
6.1.1 Port Status	56
6.1.2 Port Details	57
System Info	61
7.1 System Info	61
7.1.1 Hardware Monitor	63
General Setup	65
8.1 General Setup	65
Switch Setup	69
9.1 Switch Setup	69
IP Setup	73
10.1 IP Interfaces	73
10.2 IP Setup	74
Slot Setup	77
11.1 Slot Setup	77
Port Setup	79
12.1 Port Setup	79
Advanced	83
VLAN	85
13.1 Introduction to VLANs	85
13.2 Introduction to IEEE 802.1Q Tagged VLANs	85
13.2.1 Forwarding Tagged and Untagged Frames	86
13.3 Automatic VLAN Registration	86
13.3.1 GARP	86
13.3.2 GVRP	87
13.4 Port VLAN Trunking	87
13.5 Static VLAN	88
13.6 VLAN Status	89
13.6.1 VLAN Detail	89
13.6.2 Static VLAN	91
13.6.3 VLAN Port Setting	93
13.7 Subnet Based VLANs	94
13.8 Configuring Subnet Based VLAN	95
13.9 Protocol Based VLANs	97
13.10 Configuring Protocol Based VLAN	98
13.11 Create an IP-based VLAN Example	100
Static MAC Forward Setup	101
14.1 Static MAC Forwarding	101
Filtering	103
15.1 Filtering	103
Spanning Tree Protocol	105
16.1 STP/RSTP Overview	105
16.1.1 STP Terminology	105
16.1.2 How STP Works	106
16.1.3 STP Port States	107
16.1.4 Multiple RSTP	107
16.1.5 Multiple STP	108
16.2 Spanning Tree Protocol Status Screen	111
16.3 Spanning Tree Configuration	111
16.4 Rapid Spanning Tree Protocol	112
16.5 Rapid Spanning Tree Protocol Status	114
16.6 Multiple Rapid Spanning Tree Protocol	116
16.7 Multiple Rapid Spanning Tree Protocol Status	118
16.8 Configure Multiple Spanning Tree Protocol	120
16.9 Multiple Spanning Tree Protocol Status	123
Bandwidth Control	127
17.1 CIR and PIR	127
17.2 Bandwidth Control	127
Broadcast Storm Control	131
18.1 Broadcast Storm Control	131
Mirroring	133
19.1 Mirroring	133
Link Aggregation	135
20.1 Link Aggregation Overview	135
20.2 Dynamic Link Aggregation	135
20.2.1 Link Aggregation ID	136
20.3 Link Aggregation Status	137
20.4 Link Aggregation Setting	138
20.5 Link Aggregation Control Protocol	140
Port Authentication	143
21.1 Port Authentication Overview	143
21.1.1 IEEE 802.1x Authentication	143
21.1.2 MAC Authentication	144
21.2 Port Authentication	145
21.2.1 802.1x	146
21.2.2 MAC Authentication	147
Port Security	149
22.1 Port Security	149
22.2 VLAN MAC Address Limit	152
Classifier	155
23.1 Packet Classifier and QoS	155
23.2 Classifier	155
23.3 Classifier Example	159
Policy Rule	161
24.1 Policy Rules Overview	161
24.1.1 DiffServ	161
24.1.2 DSCP and Per-Hop Behavior	161
24.2 Configuring Policy Rules	162
24.3 Policy Example	166
Queuing Method	169
25.1 Queuing Method Overview	169
25.1.1 Strictly Priority Queuing	169
25.1.2 Weighted Round Robin Scheduling (WRR)	169
25.1.3 Weighted Fair Queuing	170
25.2 Queuing Method	171
VLAN Stacking	173
26.1 VLAN Stacking Overview	173
26.1.1 VLAN Stacking Example	173
26.2 VLAN Stacking Port Roles	174
26.3 VLAN Tag Format	175
26.3.1 Frame Format	175
26.4 VLAN Stacking	176
Multicast	179
27.1 Multicast Overview	179
27.1.1 IP Multicast Addresses	179
27.1.2 IGMP Filtering	179
27.1.3 IGMP Snooping	180
27.1.4 IGMP Snooping and VLANs	180
27.2 Multicast Status	180
27.3 Multicast Setting	181
27.4 IGMP Snooping VLAN	183
27.5 IGMP Filtering Profile	185
27.6 MVR Overview	186
27.6.1 Types of MVR Ports	187
27.6.2 MVR Modes	187
27.6.3 How MVR Works	187
27.7 MVR	188
27.8 Group Configuration	190
27.8.1 MVR Configuration Example	192
AAA	195
28.1 Authentication, Authorization and Accounting (AAA)	195
28.1.1 Local User Accounts	196
28.1.2 RADIUS and TACACS+	196
28.2 AAA Screens	196
28.2.1 RADIUS Server Setup	197
28.2.2 TACACS+ Server Setup	199
28.2.3 AAA Setup	201
28.2.4 Vendor Specific Attribute	204
28.2.5 Tunnel Protocol Attribute	205
IP Source Guard	207
29.1 IP Source Guard Overview	207
29.1.1 DHCP Snooping Overview	208
29.1.2 ARP Inspection Overview	210
29.2 IP Source Guard	211
29.3 IP Source Guard Static Binding	212
29.4 DHCP Snooping	215
29.5 DHCP Snooping Configure	218
29.5.1 DHCP Snooping Port Configure	220
29.5.2 DHCP Snooping VLAN Configure	221
29.6 ARP Inspection Status	223
29.6.1 ARP Inspection VLAN Status	224
29.6.2 ARP Inspection Log Status	225
29.7 ARP Inspection Configure	226
29.7.1 ARP Inspection Port Configure	228
29.7.2 ARP Inspection VLAN Configure	230
Loop Guard	233
30.1 Loop Guard Overview	233
30.2 Loop Guard Setup	235
IP	239
Static Route	241
31.1 Static Routing	241
RIP	243
32.1 RIP	243
OSPF	245
33.1 OSPF Overview	245
33.1.1 OSPF Autonomous Systems and Areas	245
33.1.2 How OSPF Works	246
33.1.3 Interfaces and Virtual Links	246
33.1.4 OSPF and Router Elections	247
33.1.5 Configuring OSPF	247
33.2 OSPF Status	248
33.3 OSPF Configuration	250
33.4 OSPF Interface	252
33.5 OSPF Virtual-Link	255
IGMP	257
34.1 IGMP	257
DVMRP	259
35.1 DVMRP Overview	259
35.2 How DVMRP Works	259
35.2.1 DVMRP Terminology	260
35.3 DVMRP	260
35.3.1 DVMRP Configuration Error Messages	261
35.4 Default DVMRP Timer Values	262
Differentiated Services	263
36.1 DiffServ Overview	263
36.1.1 DSCP and Per-Hop Behavior	263
36.1.2 DiffServ Network Example	264
36.2 Two Rate Three Color Marker Traffic Policing	264
36.2.1 TRTCM-Color-blind Mode	265
36.2.2 TRTCM-Color-aware Mode	265
36.3 DiffServ	266
36.4 2-Rate 3 Color Marker	267
36.5 DSCP Setting	269
DHCP	271
37.1 DHCP Overview	271
37.1.1 DHCP modes	271
37.1.2 DHCP Configuration Options	271
37.2 DHCP Status	272
37.3 DHCP Relay	272
37.3.1 DHCP Relay Agent Information	273
37.3.2 Configuring DHCP Global Relay	274
37.3.3 Global DHCP Relay Configuration Example	275
37.4 Configuring DHCP VLAN Settings	276
37.4.1 DHCP VLAN Setting Example	278
VRRP	281
38.1 VRRP Overview	281
38.1.1 VRRP Parameters	282
38.2 VRRP Status	283
38.2.1 VRRP Configuration	284
38.3 VRRP Configuration Examples	286
38.3.1 One Subnet Network Example	286
38.3.2 Two Subnets Example	288
Manage	291
Maintenance	293
39.1 Maintenance	293
39.1.1 Firmware Upgrade	294
39.1.2 Restore Configuration	296
39.1.3 Backup Configuration	296
39.2 FTP Command Line	297
39.2.1 Filename Conventions	297
39.2.2 FTP Command Line Procedure	299
39.2.3 GUI-based FTP Clients	300
39.2.4 FTP Restrictions	300
Access Control	301
40.1 Access Control	301
40.2 SNMP Overview	301
40.2.1 SNMP v3 and Security	303
40.2.2 Supported MIBs	303
40.2.3 SNMP Traps	303
40.2.4 SNMP	308
40.2.5 Configuring SNMP Trap Group	310
40.3 Logins	311
40.4 SSH Overview	313
40.4.1 How SSH works	313
40.4.2 SSH Implementation on the Switch	314
40.5 Introduction to HTTPS	314
40.5.1 HTTPS Example	315
40.6 Service Access Control	319
40.7 Remote Management	320
Diagnostic	321
41.1 Diagnostic	321
Syslog	323
42.1 Syslog Overview	323
42.2 Syslog Setup	324
42.2.1 Syslog Server Setup	325
Cluster Management	327
43.1 Cluster Management Status Overview	327
43.2 Clustering Management Status	328
43.2.1 Cluster Member Switch Management	329
43.2.2 Uploading Firmware to a Cluster Member Switch	330
43.3 Clustering Management Configuration	332
MAC Table	335
44.1 MAC Table Overview	335
44.2 MAC Table	336
IP Table	339
45.1 IP Table Overview	339
45.2 IP Table	340
ARP Table	343
46.1 ARP Table Overview	343
46.1.1 How ARP Works	343
46.2 ARP Table	344
Routing Table	345
47.1 Routing Table Status	345
Configure Clone	347
48.1 Configure Clone	347
Troubleshooting and Product Specifications	351
Troubleshooting	353
49.1 Power, Hardware Connections, and LEDs	353
49.2 MM-7201 Access and Login	354
Product Specifications	357
Appendices and Index	367
IP Addresses and Subnetting	369
Legal Information	381