Page 36 / 81 Scroll up to view Page 31 - 35
Chapter 5
Advanced Configuration
30
8-Port 10/100/1000 Gigabit Switch with Webview
Statistics > GVRP Statistics
The
GVRP Statistics
screen contains device statistics for
GVRP.
Statistics > GVRP Statistics
The
GVRP Statistics
screen is divided into two areas,
GVRP Statistics Table and GVRP Error Statistics Table. The
following fields are relevant for both tables:
Interface
Specifies the interface type for which the
statistics are displayed.
Port
Indicates port statistics are displayed.
LAG
Indicates LAG statistics are displayed.
Refresh Rate
Indicates the amount of time that passes
before the GVRP statistics are refreshed. The possible field
values are:
No Refresh
Indicates that the GVRP statistics are not
refreshed.
15 Sec
Indicates that the GVRP statistics are refreshed
every 15 seconds.
30 Sec
Indicates that the GVRP statistics are refreshed
every 30 seconds.
60 Sec
Indicates that the GVRP statistics are refreshed
every 60 seconds.
The GVRP Statistics Table contains the following fields:
Join Empty
Displays the device GVRP Join Empty
statistics.
Empty
Displays the device GVRP Empty statistics.
Leave Empty
Displays the device GVRP Leave Empty
statistics.
Join In
Displays the device GVRP Join In statistics.
Leave In
Displays the device GVRP Leave in statistics.
Leave All
Displays the device GVRP Leave all statistics.
The GVRP Error Statistics Table contains the following
fields:
Invalid Protocol ID
Displays the device GVRP Invalid
Protocol ID statistics.
Invalid Attribute Type
Displays the device GVRP Invalid
Attribute ID statistics.
Invalid Attribute Value
Displays the device GVRP Invalid
Attribute Value statistics.
Invalid Attribute Length
Displays the device GVRP
Invalid Attribute Length statistics.
Invalid Events
Displays the device GVRP Invalid Events
statistics.
The
Clear All Counters
button resets all tables.
ACL > IP based ACL
ACL > IP based ACL
The
IP Based ACL
(Access Control List) screen contains
information for defining IP Based ACLs.
ACL Name
Displays the user-defined IP based ACLs.
New ACL Name
Define a new user-defined IP based
ACL.
Delete ACL
Deletes the selected ACL.
Action
Indicates the action assigned to the packet
matching the ACL. Packets are forwarded or dropped. In
addition, the port can be shut down, a trap can be sent
to the network administrator, or a packet assigned rate
limiting restrictions for forwarding. The options are as
follows:
Permit
Forwards
packets
which
meet
the
ACL
criteria.
Page 37 / 81
Chapter 5
Advanced Configuration
31
8-Port 10/100/1000 Gigabit Switch with Webview
Deny
Drops packets which meet the ACL criteria.
Shutdown
Drops
packet
that
meets
the
ACL
criteria, and disables the port to which the packet
was addressed. Ports are reactivated from the
Port
Management
screen.
Protocol
Creates an ACE (Access Control Event) based on
a specific protocol.
Select from List
Selects from a protocols list on which
ACE can be based. The possible field values are:
Any
Matches the protocol to any protocol.
EIGRP
Indicates that the Enhanced Interior Gateway
Routing Protocol (EIGRP) is used to classify network
flows.
ICMP
Indicates that the Internet Control Message
Protocol (ICMP) is used to classify network flows.
IGMP
Indicates that the Internet Group Management
Protocol (IGMP) is used to classify network flows.
TCP
Indicates that the Transmission Control Protocol
is used to classify network flows.
OSPF
Matches the packet to the Open Shortest Path
First (OSPF) protocol.
UDP
Indicates that the User Datagram Protocol is
used to classify network flows.
Protocol ID To Match
Adds user-defined protocols to
which packets are matched to the ACE. Each protocol has
a specific protocol number which is unique. The possible
field range is 0-255.
TCP Flags
Filters packets by TCP flag. Filtered packets
are either forwarded or dropped. Filtering packets by TCP
flags increases packet control, which increases network
security. The values that can be assigned are:
Set
Enables filtering packets by selected flags.
Unset
Disables filtering packets by selected flags.
Don’t care
Indicates that selected packets do not
influence the packet filtering process.
The TCP Flags that can be selected are:
Urg
Indicates the packet is urgent.
Ack
Indicates the packet is acknowledged.
Psh
Indicates the packet is pushed.
Rst
Indicates the connection is dropped.
Syn
Indicates request to start a session.
Fin
Indicates request to close a session.
Source Port
Defines the TCP/UDP source port to which
the ACE is matched. This field is active only if 800/6-TCP or
800/17-UDP are selected in the
Select from List
drop-down
menu. The possible field range is 0 - 65535.
Destination
Port
Defines
the
TCP/UDP
destination
port. This field is active only if 800/6-TCP or 800/17-UDP
are selected in the
Select from List
drop-down menu. The
possible field range is 0 - 65535.
Source IP Address
Matches the source port IP address to
which packets are addressed to the ACE.
Wildcard Mask
Defines the source IP address wildcard
mask. Wildcard masks specify which bits are used and
which bits are ignored. A wild card mask of 255.255.255.255
indicates that no bit is important. A wildcard of 0.0.0.0
indicates that all the bits are important. For example, if the
source IP address 149.36.184.198 and the wildcard mask
is 255.36.184.00, the first eight bits of the IP address are
ignored, while the last eight bits are used.
Dest. IP Address
Matches the destination port IP address
to which packets are addressed to the ACE.
Wildcard
Mask
Defines
the
destination
IP
address
wildcard mask.
Match DSCP
Matches the packet DSCP value to the ACE.
Either the DSCP value or the IP Precedence value is used to
match packets to ACLs. The possible field range is 0-63.
Match IP Precedence
Matches the packet IP Precedence
value to the ACE. Either the DSCP value or the IP Precedence
value is used to match packets to ACLs. The possible field
range is 0-7.
The
Add to List
button adds the configured IP Based ACLs
to the IP Based ACL Table at the bottom of the screen.
ACL > MAC based ACL
ACL > MAC based ACL
Page 38 / 81
Chapter 5
Advanced Configuration
32
8-Port 10/100/1000 Gigabit Switch with Webview
The
MAC Based ACL
screen allows a MAC based ACL to be
defined. ACEs can be added only if the ACL is not bound
to an interface.
ACL Name
Displays the user-defined MAC based ACLs.
New ACL Name
Specifies a new user-defined MAC based
ACL name.
Delete ACL
Deletes the selected ACL.
Action
Indicates the ACL forwarding action. Possible field
values are:
Permit
Forwards
packets
which
meet
the
ACL
criteria.
Deny
Drops packets which meet the ACL criteria.
Shutdown
Drops packet that meet the ACL criteria,
and disables the port to which the packet was
addressed.
Source MAC Address
Matches the source MAC address
to which packets are addressed to the ACE.
Wildcard Mask
Defines the source IP address wildcard
mask. Wildcard masks specify which bits are used and
which bits are ignored. A wild card mask of 255.255.255.255
indicates that no bit is important. A wildcard of 0.0.0.0
indicates that all the bits are important. For example, if the
source IP address 149.36.184.198 and the wildcard mask
is 255.36.184.00, the first eight bits of the IP address are
ignored, while the last eight bits are used.
Dest.
MAC
Address
Matches
the
destination
MAC
address to which packets are addressed to the ACE.
Wildcard
Mask
Defines
the
destination
IP
address
wildcard mask.
VLAN ID
Matches the packet’s VLAN ID to the ACE. The
possible field values are 2 to 4094.
Ether Type
Specifies the packet’s Ethernet type.
The
Add to List
button adds the configured MAC Based
ACLs to the MAC Based ACL Table at the bottom of the
screen.
Security > ACL Binding
Security > ACL Binding
When an ACL is bound to an interface, all the ACE rules that
have been defined are applied to the selected interface.
Whenever an ACL is assigned on a port or LAG, flows
from that ingress interface that do not match the ACL are
matched to the default rule, which is Drop unmatched
packets.
Interface
Indicates the interface to which the ACL is
bound.
ACL Name
Indicates the ACL which is bound to the
interface.
The
Add to List
button adds the ACL Binding configuration
to the ACL Binding Table at the bottom of the screen.
Security > RADIUS
Security > RADIUS
Page 39 / 81
Chapter 5
Advanced Configuration
33
8-Port 10/100/1000 Gigabit Switch with Webview
Remote Authorization Dial-In User Service (RADIUS)
servers provide additional security for networks. RADIUS
servers provide a centralized authentication method for
web access.
IP Address
The Authentication Server IP address.
Priority
The server priority. The possible values are 0-
65535, where 1 is the highest value. The RADIUS Server
priority is used to configure the server query order.
Authentication Port
Identifies the authentication port.
The authentication port is used to verify the RADIUS server
authentication. The authenticated port default is
1812
.
Number of Retries
Defines the number of transmitted
requests sent to RADIUS server before a failure occurs. The
possible field values are 1 - 10.
Three
is the default value.
Timeout for Reply
Defines the amount of the time in
seconds the device waits for an answer from the RADIUS
server before retrying the query, or switching to the next
server. The possible field values are 1 - 30.
Three
is the
default value.
Dead Time
Defines the amount of time (minutes) that a
RADIUS server is bypassed for service requests. The range
is 0-2000. The Dead Time default is
0
minutes.
Key String
Defines the default key string used for
authenticating and encrypting all RADIUS communications
between the device and the RADIUS server. This key must
match the RADIUS encryption.
Source IP Address
Defines the source IP address that is
used for communication with RADIUS servers.
Usage Type
Specifies the RADIUS server authentication
type. The default value is
Login
. The possible field values
are:
Login
Indicates that the RADIUS server is used for
authenticating user name and passwords.
802.1X
Indicates that the RADIUS server is used for
802.1X authentication.
All
Indicates that the RADIUS server is used for
authenticating user name and passwords, and 802.1X
port authentication.
The
Add to List
button adds the RADIUS configuration to
the RADIUS Table at the bottom of the screen.
Security > TACACS+
The device provides Terminal Access Controller Access
Control System (TACACS+) client support. TACACS+
provides centralized security for validation of users
accessing the device. TACACS+ provides a centralized user
management system, while still retaining consistency with
RADIUS and other authentication processes. The TACACS+
protocol ensures network integrity through encrypted
protocol exchanges between the device and TACACS+
server.
Security > TACACS+
Host
IP
Address
Displays
the TACACS+
Server
IP
address.
Priority
Displays the order in which the TACACS+ servers
are used. The default is
0
.
Source IP Address
Displays the device source IP address
used for the TACACS+ session between the device and the
TACACS+ server.
Key String
Defines the authentication and encryption key
for TACACS+ server. The key must match the encryption
key used on the TACACS+ server.
Authentication Port
Displays the port number through
which the TACACS+ session occurs. The default is port 49.
Timeout for Reply
Displays the amount of time that
passes before the connection between the device and
the TACACS+ server times out. The field range is 1-30
seconds.
Status
Displays the connection status between the
device and the TACACS+ server. The possible field values
are:
Connected
There is currently a connection between
the device and the TACACS+ server.
Not Connected
There is not currently a connection
between the device and the TACACS+ server.
Single Connection
Maintains a single open connection
between the device and the TACACS+ server when
selected
The
Add to List
button adds the TACACS+ configuration
to the TACACS+ table at the bottom of the screen.
Page 40 / 81
Chapter 5
Advanced Configuration
34
8-Port 10/100/1000 Gigabit Switch with Webview
Security > 802.1x Settings
Security > 802.1x Settings
Port based authentication enables authenticating system
users on a per-port basis via an external server. Only
authenticated and approved system users can transmit
and receive data. Ports are authenticated via the RADIUS
server using the Extensible Authentication Protocol
(EAP).
Enable 802.1x
Place a checkmark in the check box to
enable 802.1x authentication.
Port
Indicates the port name.
Status Port Control
Specifies the port authorization
state. The possible field values are as follows:
Force-Authorized
The controlled port state is set to
Force-Authorized (forward traffic).
Force-Unauthorized
The controlled port state is set
to Force-Unauthorized (discard traffic).
Enable Periodic Reauthentication
Permits immediate
port reauthentication.
Setting Timer
The
Setting Timer
button opens the
Setting Timer screen to configure ports for 802.1x
functionality.
Setting Timer
802.1x Settings > Setting Timer
Port
Indicates the port name.
Reauthentication
Period
Specifies
the
number
of
seconds in which the selected port is reauthenticated
(Range: 300-4294967295). The field default is
3600
seconds.
Quiet Period
Specifies the number of seconds that
the switch remains in the quiet state following a failed
authentication exchange (Range: 0-65535).
Resending EAP
Specifies the number of seconds that the
switch waits for a response to an EAP - request/identity
frame, from the supplicant (client), before resending the
request.
Max EAP Requests
The total amount of EAP requests
sent. If a response is not received after the defined period,
the authentication process is restarted. The field default
is
2
retries.
Supplicant Timeout
Displays the number of seconds that
lapses before EAP requests are resent to the supplicant
(Range: 1-65535). The field default is
30
seconds.
Server
Timeout
Specifies
the
number
of
seconds
that lapses before the switch resends a request to the
authentication server (Range: 1-65535). The field default
is
30
seconds.
Security > Ports Security
Security > Ports Security
Network security can be increased by limiting access on
a specific port only to users with specific MAC addresses.
MAC addresses can be dynamically learned or statically
configured. Locked port security monitors both received
and learned packets that are received on specific ports.
Access to the locked port is limited to users with specific
MAC addresses. These addresses are either manually
defined on the port, or learned on that port up to the
point when it is locked. When a packet is received on a
locked port, and the packet source MAC address is not tied

Rate

3.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top