Home » ZyXEL Manuals » Networking » ZyXEL XGS4700-48F » Manual Viewer

ZyXEL XGS4700-48F User Guide - Page 250

Advanced Application > AAA > TACACS+ Server Setup

Get ZyXEL XGS4700-48F PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 250 highlights

Chapter 25 AAA The following table describes the labels in this screen. Table 70 Advanced Application > AAA > TACACS+ Server Setup LABEL Authentication Server Mode DESCRIPTION Use this section to configure your TACACS+ authentication settings. This field is only valid if you configure multiple TACACS+ servers. Select index-priority and the Switch tries to authenticate with the first configured TACACS+ server, if the TACACS+ server does not respond then the Switch tries to authenticate with the second TACACS+ server. Timeout Select round-robin to alternate between the TACACS+ servers that it sends authentication requests to. Specify the amount of time in seconds that the Switch waits for an authentication request response from the TACACS+ server. Index IP Address TCP Port Shared Secret Delete Apply Cancel Accounting Server Timeout Index IP Address TCP Port If you are using index-priority for your authentication and you are using two TACACS+ servers then the timeout value is divided between the two TACACS+ servers. For example, if you set the timeout value to 30 seconds, then the Switch waits for a response from the first TACACS+ server for 15 seconds and then tries the second TACACS+ server. This is a read-only number representing a TACACS+ server entry. Enter the IP address of an external TACACS+ server in dotted decimal notation. The default port of a TACACS+ server for authentication is 49. You need not change this value unless your network administrator instructs you to do so. Specify a password (up to 32 alphanumeric characters) as the key to be shared between the external TACACS+ server and the Switch. This key is not sent over the network. This key must be the same on the external TACACS+ server and the Switch. Check this box if you want to remove an existing TACACS+ server entry from the Switch. This entry is deleted when you click Apply. Click Apply to save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. Use this section to configure your TACACS+ accounting settings. Specify the amount of time in seconds that the Switch waits for an accounting request response from the TACACS+ server. This is a read-only number representing a TACACS+ accounting server entry. Enter the IP address of an external TACACS+ accounting server in dotted decimal notation. The default port of a TACACS+ accounting server is 49. You need not change this value unless your network administrator instructs you to do so. 250 XGS4700-48F User's Guide

Section	Page
XGS4700-48F	1
About This User's Guide	3
Document Conventions	5
Safety Warnings	7
Contents Overview	9
Table of Contents	11
User’s Guide	25
Getting to Know Your Switch	27
1.1 Introduction	27
1.1.1 Bridging Example	27
1.1.2 High Performance Switching Example	28
1.1.3 Gigabit Ethernet to the Desktop	29
1.1.4 IEEE 802.1Q VLAN Application Example	29
1.1.5 IPv6 Support	30
1.2 Ways to Manage the Switch	30
1.3 Good Habits for Managing the Switch	31
Hardware Installation and Connection	33
2.1 Freestanding Installation	33
2.2 Mounting the Switch on a Rack	34
2.2.1 Rack-mounted Installation Requirements	34
2.2.2 Attaching the Mounting Brackets to the Switch	34
2.2.3 Mounting the Switch on a Rack	35
2.3 Connecting the Frame Ground	35
2.4 Power Module Installation	36
2.4.1 Installing a Power Module	36
2.4.2 Removing a Power Module	38
Hardware Overview	41
3.1 Front Panel Connections	41
3.1.1 Mini-GBIC Slots	41
3.1.2 Console Port	43
3.1.3 Signal Slot	43
3.2 Rear Panel	46
3.2.1 Removing and Installing the Fan Module	47
3.2.2 Uplink Module	48
3.2.3 Rear Panel Connections	48
3.2.4 Management Port	49
3.2.5 Power Connector	49
3.3 Power Connection	49
3.3.1 AC Power Connections	50
3.3.2 DC Power Connections	50
3.3.3 Procedure to Turn on the Switch Power	51
3.3.4 Disconnecting the Power	51
3.4 LEDs	52
The Web Configurator	55
4.1 Introduction	55
4.2 System Login	55
4.3 The Web Configurator Layout	56
4.3.1 Change Your Password	61
4.4 Saving Your Configuration	62
4.5 Switch Lockout	62
4.6 Resetting the Switch	62
4.6.1 Reload the Configuration File	63
4.7 Logging Out of the Web Configurator	64
4.8 Help	64
Initial Setup Example	65
5.1 Overview	65
5.1.1 Configuring an IP Interface	65
5.1.2 Configuring DHCP Server Settings	67
5.1.3 Creating a VLAN	67
5.1.4 Setting Port VID	69
5.1.5 Enabling RIP	70
Tutorials	71
6.1 How to Use DHCP Snooping on the Switch	71
6.2 How to Use DHCP Relay on the Switch	75
6.2.1 DHCP Relay Tutorial Introduction	75
6.2.2 Creating a VLAN	76
6.2.3 Configuring DHCP Relay	79
6.2.4 Troubleshooting	79
6.3 How to Use PPPoE IA on the Switch	80
6.3.1 Configuring Switch A	81
6.3.2 Configuring Switch B	83
6.4 How to Use Error Disable and Recovery on the Switch	85
6.5 How to Set Up a Guest VLAN	88
6.5.1 Creating a Guest VLAN	89
6.5.2 Enabling IEEE 802.1x Port Authentication	91
6.5.3 Enabling Guest VLAN	92
6.6 How to Configure Routing Policy	93
6.6.1 Create a Layer-3 Classifier	94
6.6.2 Create a Policy Routing Rule	95
Technical Reference	97
System Status and Port Statistics	99
7.1 Overview	99
7.2 Port Status Summary	99
7.2.1 Status: Port Details	101
Basic Setting	105
8.1 Overview	105
8.2 System Information	106
8.3 General Setup	108
8.4 Introduction to VLANs	110
8.5 Switch Setup Screen	111
8.6 IP Setup	113
8.6.1 IP Interfaces	113
8.7 Port Setup	115
VLAN	119
9.1 Introduction to IEEE 802.1Q Tagged VLANs	119
9.1.1 Forwarding Tagged and Untagged Frames	119
9.2 Automatic VLAN Registration	120
9.2.1 GARP	120
9.2.2 GVRP	120
9.3 Port VLAN Trunking	121
9.4 Select the VLAN Type	122
9.5 Static VLAN	122
9.5.1 VLAN Status	123
9.5.2 VLAN Details	124
9.5.3 Configure a Static VLAN	124
9.5.4 Configure VLAN Port Settings	126
9.6 Subnet Based VLANs	128
9.7 Configuring Subnet Based VLAN	129
9.8 Protocol Based VLANs	130
9.9 Configuring Protocol Based VLAN	131
9.10 Create an IP-based VLAN Example	133
9.11 Port-based VLAN Setup	134
9.11.1 Configure a Port-based VLAN	134
Static MAC Forward Setup	139
10.1 Overview	139
10.2 Configuring Static MAC Forwarding	139
Static Multicast Forward Setup	143
11.1 Static Multicast Forwarding Overview	143
11.2 Configuring Static Multicast Forwarding	144
Filtering	147
12.1 Configure a Filtering Rule	147
Spanning Tree Protocol	149
13.1 STP/RSTP Overview	149
13.1.1 STP Terminology	149
13.1.2 How STP Works	150
13.1.3 STP Port States	151
13.1.4 Multiple RSTP	151
13.1.5 Multiple STP	152
13.2 Spanning Tree Protocol Status Screen	155
13.3 Spanning Tree Configuration	155
13.4 Configure Rapid Spanning Tree Protocol	156
13.5 Rapid Spanning Tree Protocol Status	158
13.6 Configure Multiple Rapid Spanning Tree Protocol	160
13.7 Multiple Rapid Spanning Tree Protocol Status	162
13.8 Configure Multiple Spanning Tree Protocol	164
13.8.1 Multiple Spanning Tree Protocol Port Configuration	167
13.9 Multiple Spanning Tree Protocol Status	168
Bandwidth Control	171
14.1 Bandwidth Control Overview	171
14.1.1 CIR and PIR	171
14.2 Bandwidth Control Setup	172
Broadcast Storm Control	175
15.1 Broadcast Storm Control Setup	175
Mirroring	177
16.1 Port Mirroring Setup	177
Link Aggregation	179
17.1 Link Aggregation Overview	179
17.2 Dynamic Link Aggregation	179
17.2.1 Link Aggregation ID	180
17.3 Link Aggregation Status	181
17.4 Link Aggregation Setting	183
17.5 Link Aggregation Control Protocol	185
17.6 Static Trunking Example	186
Port Authentication	189
18.1 Port Authentication Overview	189
18.1.1 IEEE 802.1x Authentication	189
18.1.2 MAC Authentication	190
18.2 Port Authentication Configuration	191
18.2.1 Activate IEEE 802.1x Security	192
18.2.2 Guest VLAN	193
18.2.3 Activate MAC Authentication	196
Port Security	199
19.1 About Port Security	199
19.2 Port Security Setup	200
19.3 VLAN MAC Address Limit	201
Classifier	203
20.1 About the Classifier and QoS	203
20.2 Configuring the Classifier	204
20.3 Viewing and Editing Classifier Configuration	206
20.4 Classifier Example	208
Policy Rule	209
21.1 Policy Rules Overview	209
21.1.1 DiffServ	209
21.1.2 DSCP and Per-Hop Behavior	209
21.2 Configuring Policy Rules	210
21.3 Viewing and Editing Policy Configuration	213
21.4 Policy Example	215
Queuing Method	217
22.1 Queuing Method Overview	217
22.1.1 Strictly Priority	217
22.1.2 Weighted Fair Queuing	217
22.1.3 Weighted Round Robin Scheduling (WRR)	218
22.2 Configuring Queuing	219
VLAN Stacking	221
23.1 VLAN Stacking Overview	221
23.1.1 VLAN Stacking Example	221
23.2 VLAN Stacking Port Roles	222
23.3 VLAN Tag Format	223
23.3.1 Frame Format	223
23.4 Configuring VLAN Stacking	224
23.4.1 Port-based Q-in-Q	225
23.4.2 Selective Q-in-Q	226
Multicast	229
24.1 Multicast Overview	229
24.1.1 IP Multicast Addresses	229
24.1.2 IGMP Filtering	229
24.1.3 IGMP Snooping	230
24.1.4 IGMP Snooping and VLANs	230
24.2 Multicast Status	230
24.3 Multicast Setting	231
24.4 IGMP Snooping VLAN	234
24.5 IGMP Filtering Profile	235
24.6 MVR Overview	237
24.6.1 Types of MVR Ports	237
24.6.2 MVR Modes	238
24.6.3 How MVR Works	238
24.7 General MVR Configuration	239
24.8 MVR Group Configuration	241
24.8.1 MVR Configuration Example	242
AAA	245
25.1 Authentication, Authorization and Accounting (AAA)	245
25.1.1 Local User Accounts	246
25.1.2 RADIUS and TACACS+	246
25.2 AAA Screens	246
25.2.1 RADIUS Server Setup	247
25.2.2 TACACS+ Server Setup	249
25.2.3 AAA Setup	251
25.2.4 Vendor Specific Attribute	254
25.2.5 Tunnel Protocol Attribute	255
25.3 Supported RADIUS Attributes	256
25.3.1 Attributes Used for Authentication	256
25.3.2 Attributes Used for Accounting	257
IP Source Guard	261
26.1 IP Source Guard Overview	261
26.1.1 DHCP Snooping Overview	262
26.1.2 ARP Inspection Overview	264
26.2 IP Source Guard	265
26.3 IP Source Guard Static Binding	266
26.4 DHCP Snooping	268
26.5 DHCP Snooping Configure	271
26.5.1 DHCP Snooping Port Configure	273
26.5.2 DHCP Snooping VLAN Configure	274
26.6 ARP Inspection Status	276
26.6.1 ARP Inspection VLAN Status	277
26.6.2 ARP Inspection Log Status	278
26.7 ARP Inspection Configure	279
26.7.1 ARP Inspection Port Configure	281
26.7.2 ARP Inspection VLAN Configure	282
Loop Guard	285
27.1 Loop Guard Overview	285
27.2 Loop Guard Setup	287
VLAN Mapping	289
28.1 VLAN Mapping Overview	289
28.1.1 VLAN Mapping Example	289
28.2 Enabling VLAN Mapping	290
28.3 Configuring VLAN Mapping	291
Layer 2 Protocol Tunneling	293
29.1 Layer 2 Protocol Tunneling Overview	293
29.1.1 Layer-2 Protocol Tunneling Mode	294
29.2 Configuring Layer 2 Protocol Tunneling	295
sFlow	297
30.1 sFlow Overview	297
30.2 sFlow Port Configuration	298
30.2.1 sFlow Collector Configuration	299
PPPoE	301
31.1 PPPoE Intermediate Agent Overview	301
31.1.1 PPPoE Intermediate Agent Tag Format	301
31.1.2 Sub-Option Format	302
31.1.3 Port State	303
31.2 The PPPoE Screen	304
31.3 PPPoE Intermediate Agent	304
31.3.1 PPPoE IA Per-Port	305
31.3.2 PPPoE IA Per-Port Per-VLAN	307
31.3.3 PPPoE IA for VLAN	309
Error Disable	311
32.1 CPU Protection Overview	311
32.2 Error-Disable Recovery Overview	311
32.3 The Error Disable Screen	312
32.4 CPU Protection Configuration	312
32.5 Error-Disable Detect Configuration	313
32.6 Error-Disable Recovery Configuration	315
Static Route	317
33.1 Static Routing Overview	317
33.2 Configuring Static Routing	318
Policy Routing	321
34.1 Policy Route Overview	321
34.1.1 Benefits	321
34.2 Configuring Policy Routing Profile	322
34.2.1 Policy Routing Rule Configuration	323
RIP	325
35.1 RIP Overview	325
35.1.1 Administrative Distance	325
35.2 Configuring RIP	326
OSPF	329
36.1 OSPF Overview	329
36.1.1 OSPF Autonomous Systems and Areas	329
36.1.2 How OSPF Works	330
36.1.3 Interfaces and Virtual Links	330
36.1.4 OSPF and Router Elections	331
36.1.5 Configuring OSPF	331
36.2 OSPF Status	332
36.3 OSPF Configuration	334
36.4 Configure OSPF Areas	335
36.4.1 View OSPF Area Information Table	337
36.5 Configuring OSPF Redistribution	337
36.6 Configuring OSPF Interfaces	339
36.7 OSPF Virtual-Links	341
IGMP	343
37.1 IGMP Overview	343
37.1.1 How IGMP Works	344
37.2 Port-based IGMP	345
37.3 Configuring IGMP	346
DVMRP	347
38.1 DVMRP Overview	347
38.2 How DVMRP Works	347
38.2.1 DVMRP Terminology	348
38.3 Configuring DVMRP	348
38.3.1 DVMRP Configuration Error Messages	349
38.4 Default DVMRP Timer Values	350
Differentiated Services	351
39.1 DiffServ Overview	351
39.1.1 DSCP and Per-Hop Behavior	351
39.1.2 DiffServ Network Example	352
39.2 Two Rate Three Color Marker Traffic Policing	352
39.2.1 TRTCM - Color-blind Mode	353
39.2.2 TRTCM - Color-aware Mode	353
39.3 Activating DiffServ	354
39.3.1 Configuring 2-Rate 3 Color Marker Settings	355
39.4 DSCP-to-IEEE 802.1p Priority Settings	357
39.4.1 Configuring DSCP Settings	358
DHCP	359
40.1 DHCP Overview	359
40.1.1 DHCP Modes	359
40.1.2 DHCP Configuration Options	359
40.2 DHCP Status	360
40.3 DHCP Server Status Detail	360
40.4 DHCP Relay	362
40.4.1 DHCP Relay Agent Information	362
40.4.2 Configuring DHCP Global Relay	363
40.4.3 Global DHCP Relay Configuration Example	364
40.5 Configuring DHCP VLAN Settings	365
40.5.1 Example: DHCP Relay for Two VLANs	367
VRRP	369
41.1 VRRP Overview	369
41.2 VRRP Status	370
41.3 VRRP Configuration	371
41.3.1 IP Interface Setup	371
41.3.2 VRRP Parameters	373
41.3.3 Configuring VRRP Parameters	374
41.3.4 Configuring VRRP Parameters	375
41.4 VRRP Configuration Examples	375
41.4.1 One Subnet Network Example	376
41.4.2 Two Subnets Example	377
ARP Learning	379
42.1 ARP Overview	379
42.1.1 How ARP Works	379
42.1.2 ARP Learning Mode	379
42.2 Configuring ARP Learning	382
Load Sharing	385
43.1 Load Sharing Overview	385
43.2 Configuring Load Sharing	385
Maintenance	387
44.1 The Maintenance Screen	387
44.2 Load Factory Default	388
44.3 Save Configuration	388
44.4 Reboot System	389
44.5 Firmware Upgrade	389
44.6 Restore a Configuration File	390
44.7 Backup a Configuration File	391
44.8 FTP Command Line	391
44.8.1 Filename Conventions	391
44.8.2 FTP Command Line Procedure	393
44.8.3 GUI-based FTP Clients	393
44.8.4 FTP Restrictions	394
Access Control	395
45.1 Access Control Overview	395
45.2 The Access Control Main Screen	395
45.3 About SNMP	396
45.3.1 SNMP v3 and Security	397
45.3.2 Supported MIBs	397
45.3.3 SNMP Traps	398
45.3.4 Configuring SNMP	402
45.3.5 Configuring SNMP Trap Group	404
45.3.6 Configuring SNMP User	405
45.4 Setting Up Login Accounts	407
45.5 SSH Overview	408
45.6 How SSH works	409
45.7 SSH Implementation on the Switch	410
45.7.1 Requirements for Using SSH	410
45.8 Introduction to HTTPS	410
45.9 HTTPS Example	411
45.9.1 Internet Explorer Warning Messages	411
45.9.2 Mozilla Firefox Warning Messages	414
45.9.3 The Main Screen	415
45.10 Service Port Access Control	416
45.11 Remote Management	417
Diagnostic	421
46.1 Diagnostic	421
Syslog	423
47.1 Syslog Overview	423
47.2 Syslog Setup	424
47.3 Syslog Server Setup	425
Cluster Management	427
48.1 Clustering Management Status Overview	427
48.2 Cluster Management Status	428
48.2.1 Cluster Member Switch Management	429
48.3 Clustering Management Configuration	432
MAC Table	435
49.1 MAC Table Overview	435
49.2 Viewing the MAC Table	436
IP Table	439
50.1 IP Table Overview	439
50.2 Viewing the IP Table	440
ARP Table	443
51.1 ARP Table Overview	443
51.1.1 How ARP Works	443
51.2 The ARP Table Screen	444
Routing Table	445
52.1 Overview	445
52.2 Viewing the Routing Table Status	445
Configure Clone	447
53.1 Configure Clone	447
Troubleshooting	449
54.1 Power, Hardware Connections, and LEDs	449
54.2 Switch Access and Login	450
54.3 Switch Configuration	453
Product Specifications	455
Common Services	465
Legal Information	469

Match case Limit results 1 per page

Chapter 25 AAA

XGS4700-48F User’s Guide

250

The following table describes the labels in this screen.

Table 70

Advanced Application > AAA > TACACS+ Server Setup

LABEL

DESCRIPTION

Authentication

Server

Use this section to configure your TACACS+ authentication settings.

Mode

This field is only valid if you configure multiple TACACS+ servers.

Select

index-priority

and the Switch tries to authenticate with the first

configured TACACS+ server, if the TACACS+ server does not respond

then the Switch tries to authenticate with the second TACACS+ server.

Select

round-robin

to alternate between the TACACS+ servers that it

sends authentication requests to.

Timeout

Specify the amount of time in seconds that the Switch waits for an

authentication request response from the TACACS+ server.

If you are using

index-priority

for your authentication and you are

using two TACACS+ servers then the timeout value is divided between

the two TACACS+ servers. For example, if you set the timeout value to

30 seconds, then the Switch waits for a response from the first TACACS+

server for 15 seconds and then tries the second TACACS+ server.

Index

This is a read-only number representing a TACACS+ server entry.

IP Address

Enter the IP address of an external TACACS+ server in dotted decimal

notation.

TCP Port

The default port of a TACACS+ server for authentication is

. You need

not change this value unless your network administrator instructs you to

do so.

Shared Secret

Specify a password (up to 32 alphanumeric characters) as the key to be

shared between the external TACACS+ server and the Switch. This key is

not sent over the network. This key must be the same on the external

TACACS+ server and the Switch.

Delete

Check this box if you want to remove an existing TACACS+ server entry

from the Switch. This entry is deleted when you click

Apply

Click

Apply

to save your changes to the Switch’s run-time memory. The

Switch loses these changes if it is turned off or loses power, so use the

Save

link on the top navigation panel to save your changes to the non-

volatile memory when you are done configuring.

Cancel

Click

Cancel

to begin configuring this screen afresh.

Accounting

Server

Use this section to configure your TACACS+ accounting settings.

Timeout

Specify the amount of time in seconds that the Switch waits for an

accounting request response from the TACACS+ server.

Index

This is a read-only number representing a TACACS+ accounting server

entry.

IP Address

Enter the IP address of an external TACACS+ accounting server in dotted

decimal notation.

TCP Port

The default port of a TACACS+ accounting server is

. You need not

change this value unless your network administrator instructs you to do

so.