Allied Telesis AT-8000S User Manual

Loading...

Layer 2

Ethernet Switch

AT-8000S Series

User’s Guide

Table of Contents

Table of Contents

 

Preface....................................................................................................................................

6

Web Browser Interface User’s Guide Overview ..............................................................................

7

Intended Audience...........................................................................................................................

7

Document Conventions ...................................................................................................................

8

Contacting Allied Telesis .................................................................................................................

8

Getting Started......................................................................................................................

10

Starting the Application..................................................................................................................

10

Using the Web Browser Interface..................................................................................................

12

Viewing the Device Representation.........................................................................................................

12

User Interface Components.....................................................................................................................

13

Using the Management Buttons ..............................................................................................................

14

Adding, Modifying and Deleting Information ............................................................................................

15

Saving Configurations..............................................................................................................................

16

Logging Out ...................................................................................................................................

16

Resetting the Device .....................................................................................................................

17

Defining System Information.................................................................................................

18

Configuring System Time......................................................................................................

20

Setting the System Clock ..............................................................................................................

22

Configuring SNTP..........................................................................................................................

23

Polling for Unicast Time Information........................................................................................................

23

Polling for Anycast Time Information .......................................................................................................

23

Broadcast Time Information.....................................................................................................................

23

Configuring Daylight Saving Time .................................................................................................

24

Configuring Device Security..................................................................................................

26

Configuring Management Security ................................................................................................

27

Defining Access Profiles ..........................................................................................................................

28

Defining Profile Rules ..............................................................................................................................

31

Defining Authentication Profiles...............................................................................................................

34

Mapping Authentication Profiles ..............................................................................................................

37

Configuring Server Based Authentication................................................................................................

38

Configuring TACACS+ ............................................................................................................................

38

Configuring RADIUS................................................................................................................................

41

Configuring Local Users ..........................................................................................................................

43

Configuring Network Security ........................................................................................................

45

Network Security Overview......................................................................................................................

46

Managing Port Security ...........................................................................................................................

46

Defining 802.1x Port Access....................................................................................................................

49

Enabling Storm Control............................................................................................................................

52

Page 1

Allied Telesis AT-8000S Switch

Web Browser Interface User’s Guide

Configuring Ports ..................................................................................................................

54

Defining Port Settings ...................................................................................................................

55

Configuring Port Mirroring .............................................................................................................

59

Aggregating Ports .........................................................................................................................

62

Defining Trunk Settings...........................................................................................................................

63

Defining Port Trunking ............................................................................................................................

67

Configuring LACP ...................................................................................................................................

69

Configuring Interfaces...........................................................................................................

70

Defining MAC Addresses..............................................................................................................

71

Configuring VLANs........................................................................................................................

74

Defining VLAN Properties .......................................................................................................................

75

Defining VLAN Interface Settings ...........................................................................................................

77

Defining GVRP........................................................................................................................................

79

Configuring System Logs......................................................................................................

82

Defining Log Settings....................................................................................................................

83

Clearing Event Logs......................................................................................................................

85

Configuring Log Servers ...............................................................................................................

85

Setting System Log Display ..........................................................................................................

86

Viewing Flash Logs.......................................................................................................................

87

Configuring Spanning Tree ...................................................................................................

88

Configuring Classic Spanning Tree...............................................................................................

89

Defining STP Properties .........................................................................................................................

89

Defining STP Interfaces ..........................................................................................................................

91

Configuring Rapid Spanning Tree.................................................................................................

94

Configuring Multiple Spanning Tree..............................................................................................

96

Defining MSTP Properties ......................................................................................................................

97

Defining MSTP Interfaces .......................................................................................................................

98

Defining MSTP Instances .....................................................................................................................

100

Configuring Multicast Forwarding .......................................................................................

102

Configuring IGMP Snooping .......................................................................................................

103

Defining Multicast Bridging Groups.............................................................................................

105

Defining Multicast Forward All Settings.......................................................................................

107

Configuring SNMP ..............................................................................................................

110

SNMP Overview..........................................................................................................................

111

Enabling SNMP...........................................................................................................................

112

Defining SNMP Communities......................................................................................................

114

Defining SNMP Groups...............................................................................................................

116

Defining SNMP Users .................................................................................................................

118

Defining SNMP Views.................................................................................................................

120

Page 2

Table of Contents

Configuring SNMP Notifications ..................................................................................................

122

Defining Notification Recipients .............................................................................................................

122

Defining Notification Filters ....................................................................................................................

124

Configuring Power Over Ethernet .......................................................................................

126

Enabling PoE and Setting the Power Threshold .........................................................................

127

Defining PoE Settings..................................................................................................................

128

Configuring Services...........................................................................................................

132

Enabling Class of Service (CoS) .................................................................................................

133

Configuring CoS Priorities ...........................................................................................................

135

Mapping Queues .........................................................................................................................

136

Mapping CoS Values to Queues ...........................................................................................................

136

Mapping DSCP Values to Queues ........................................................................................................

137

Configuring Bandwidth QoS ........................................................................................................

138

Managing System Files.......................................................................................................

140

Restoring the Default Configuration ............................................................................................

141

Defining TFTP File Uploads and Downloads...............................................................................

142

Viewing Integrated Cable Tests...................................................................................................

145

Viewing Optical Transceivers ......................................................................................................

147

Resetting the Device ...................................................................................................................

148

Viewing Statistics ................................................................................................................

150

Viewing Interface Statistics..........................................................................................................

151

Viewing Interface Statistics....................................................................................................................

151

Viewing Etherlike Statistics....................................................................................................................

153

Managing RMON Statistics .........................................................................................................

155

Viewing RMON Statistics.......................................................................................................................

155

Configuring RMON History ....................................................................................................................

157

Configuring RMON Events ....................................................................................................................

161

Defining RMON Alarms .........................................................................................................................

164

Managing Stacking .............................................................................................................

168

Stacking Overview.......................................................................................................................

169

Stacking Ring Topology.........................................................................................................................

169

Stacking Chain Topology.......................................................................................................................

169

Stacking Members and Unit ID ..............................................................................................................

170

Removing and Replacing Stacking Members........................................................................................

170

Exchanging Stacking Members .............................................................................................................

171

Configuring Stacking Management .............................................................................................

172

Connecting a Terminal..............................................................................................................

174

Initial Configuration ...................................................................................................................

174

Configuration175

Static IP Address and Subnet Mask175

User Name176

Page 3

Allied Telesis AT-8000S Switch

Web Browser Interface User’s Guide

Downloading Software..............................................................................................................

176

Standalone Device Software Download176

Stacking Member Software Download177

RS-232 Port Settings................................................................................................................

181

Port Defaults.............................................................................................................................

181

Configuration Defaults..............................................................................................................

181

Security Defaults ......................................................................................................................

181

System Time Defaults ..............................................................................................................

182

Spanning Tree Defaults............................................................................................................

182

Address Table Defaults ............................................................................................................

182

VLAN Default............................................................................................................................

183

Trunking Defaults .....................................................................................................................

183

Multicast Defaults .....................................................................................................................

183

Page 4

Table of Contents

Page 5

Allied Telesis AT-8000S Switch

Web Browser Interface User’s Guide

Preface

This guide contains instructions on how to configure an AT-8000S Series Layer 2+ Fast Ethernet Switch using the interface in the Embedded Management System (EWS).

The Embedded Management System enables configuring, monitoring, and troubleshooting of network devices remotely via a web browser. The web pages are easy-to-use and easy-to-navigate.

This preface provides an overview of the Web Browser Interface User’s Guide, and includes the following sections:

Web Browser Interface User’s Guide Overview

Intended Audience

Page 6

Preface

Web Browser Interface User’s Guide Overview

Web Browser Interface User’s Guide Overview

The Web Browser Interface User’s Guide provides the following sections:

Section 1,“Getting Started” — Provides information for using the Embedded Web Management System, including adding, editing, and deleting configurations.

Section 2, “Defining System Information” — Provides information for defining basic device information.

Section 3, “Configuring System Time” — Provides information for configuring Daylight Savings Time and Simple Network Time Protocol (SNTP).

Section 4, “Configuring Device Security” — Provides information for configuring both system and network security, including traffic control, and switch access methods.

Section 5, “Configuring Ports” — Provides information for configuring ports, port aggregation, port mirroring and LACP.

Section 6, “Configuring Interfaces” — Provides information for defining ports, LAGs, and VLANs.

Section 7, “Configuring System Logs” — Provides information for setting up and viewing system logs, and configuring switch log servers.

Section 8, “Configuring Spanning Tree” — Provides information for configuring Classic, Rapid, and Multiple Spanning Tree.

Section 9, “Configuring Multicast Forwarding” — Provides information for configuring both the static and dynamic forwarding databases.

Section 10, “Configuring SNMP” — Provides information for configuring SNMP access and management.

Section 11, “Configuring Power Over Ethernet” — Provides information for configuring Power over Ethernet (PoE) on the device.

Section 12, “Configuring Services” — Provides information for configuring Quality of Service CoS parameters.

Section 13, “Managing System Files” — Provides information for managing system files.

Section 14, “Viewing Statistics” — Provides information about viewing device statistics, including Remote Monitoring On Network (RMON) statistics, and device history events.

Section 15, “Managing Stacking” — Provides information for stacking, including a stacking overview.

Intended Audience

This guide is intended for network administrators familiar with IT concepts and terminology.

Page 7

Page 7

Allied Telesis AT-8000S Switch

Web Browser Interface User’s Guide

Document Conventions

This document uses the following conventions:

Note

Provides related information or information of special importance.

Caution

Indicates potential damage to hardware or software, or loss of data.

Warning

Indicates a risk of personal injury.

Contacting Allied Telesis

This section provides Allied Telesis contact information for technical support as well as sales or corporate information.

Online Support

You can request technical support online by accessing the Allied Telesis Knowledge Base

 

from the following web site: www.alliedtelesis.com/kb. You can use the Knowledge Base

 

to submit questions to our technical support staff and review answers to previously asked

 

questions.

Email and Telephone

Support

Returning Products

For Sales or

Corporate

Information

Management

Software Updates

For Technical Support via email or telephone, refer to the Support & Services section of the Allied Telesis web site: www.alliedtelesiselesis.com.

Products for return or repair must first be assigned a Return Materials Authorization (RMA) number. A product sent to Allied Telesis without a RMA number will be returned to the sender at the sender’s expense.

To obtain a RMA number, contact Allied Telesis’s Technical Support at our web site: www.alliedtelesiselesis.com.

You can contact Allied Telesis for sales or corporate information at our web site: www.alliedtelesis.com. To find the contact information for your country, select Contact Us -> Worldwide Contacts.

You can download new releases of management software for our managed products from either of the following Internet sites:

Allied Telesis web site: www.alliedtelesis.com

Allied Telesis FTP server: ftp://ftp.alliedtelesis.com

To download new software from the Allied Telesis FTP server using your workstation’s command prompt, you need FTP client software and you must log in to the server. Enter “anonymous” as the user name and your email address for the password.

Page 8

Preface

Contacting Allied Telesis

Page 9

Page 9

Allied Telesis AT-8000S Switch

Web Browser Interface User’s Guide

Section 1. Getting Started

This section provides an introduction to the Web Browser Interface, and includes the following topics:

Starting the Application

User Interface Components

Resetting the Device

Starting the Application

Starting the Application

This section contains information for starting the application. The login information is configured with a default user name and password. The default password is friend; the default user name is manager. Passwords are both case sensitive and alphanumeric. Additional user names can be added.

To open the application:

1.Open a web browser.

2.Enter the device IP address in the address bar and press <Enter>. The Login Page opens:

Figure 1: Login Page

3.Enter the user name and password.

4.Click Login. The Embedded Web System Home Page opens:

Page 10

Allied Telesis AT-8000S User Manual

Getting Started

Starting the Application

Figure 2: Embedded Web System Home Page

5.Click Configuration. The System General Page opens:

Figure 3: System General Page

Page 11

Allied Telesis AT-8000S Switch

Web Browser Interface User’s Guide

Using the Web Browser Interface

This section provides general information about the interface, and describes the following topics:

Viewing the Device Representation

User Interface Components

Using the Management Buttons

Using the Management Buttons

Adding, Modifying and Deleting Information

Viewing the Device Representation

Zoom Views provide a graphical representation of the device ports. The Port Settings Page displays an example of the Zoom View with a detailed graphical representation of the device ports.

To open a zoom view of device ports:

Click Layer 1 > Port Settings. The Port Settings Page opens:

Figure 4: Port Settings Page

The port status indicators vary with context, for example the general port status indicators are as in the figure above while port mirror indicators are different. Indicator legend descriptions are provided with each context of the specific Zoom View.

Page 12

Getting Started

Using the Web Browser Interface

User Interface Components

The System General Page example shows the interface components.

Figure 5: System General Page

The following table lists the interface components with their corresponding numbers:

Table 1:

Interface Components

 

Component

Description

 

 

 

 

1

Menu

 

The Menu provides easy navigation through the main management software

 

 

 

features. In addition, the Menu provides general navigation options.

 

 

 

 

2

Tabs

 

Provide navigation to configurable device sub-features.

 

 

 

3

Management Buttons

Enable configuring parameters and navigation to other pages, see Using the

 

 

 

Management Buttons.

 

 

 

 

Page 13

Allied Telesis AT-8000S Switch

Web Browser Interface User’s Guide

Using the Management Buttons

Management buttons provide an easy method of configuring device information, and include the following:

Table 2:

Configuration Management Buttons

 

Button

 

 

 

Button Name

Description

 

 

 

 

 

 

 

 

 

 

 

 

Add

Opens a page which creates new configuration entries.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Create

Opens a page which creates new configuration entries.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Modify

Modifies the configuration settings. The configuration change is

 

 

 

 

 

 

 

 

 

 

 

saved to the Running Configuration file and is maintained until

 

 

 

 

 

 

 

 

 

 

 

 

reset or power-up.

 

 

 

 

 

 

 

 

 

 

 

 

Apply

Saves configuration changes to the device. The configuration

 

 

 

 

 

 

 

 

 

 

 

change is saved to the Running Configuration file and is

 

 

 

 

 

 

 

 

 

 

 

 

maintained until reset or power-up.

 

 

 

 

 

 

 

 

 

 

 

 

Configure

Opens a page which creates or modifies configuration entries.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Delete

Deletes the selected table and configuration entries.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

View

Displays detailed information for the current page/configuration.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Refresh

Refreshes information displayed on the current page.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Reset

Device reset. Resets the device information for all device

 

 

 

 

 

 

 

 

 

 

 

parameters according to current configuration.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Defaults

Configuration reset. Resets the information for all parameters in

 

 

 

 

 

 

 

 

 

 

 

the current context (page/tab) to predefined defaults.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Test

Performs a diagnostic test.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Clear All Counters

Removes all counters.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

The application menu includes the following general purpose buttons:

 

 

 

 

 

 

 

 

 

 

 

 

Configuration

Opens the default configuration page (System General).

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Login

Signs the user into the WBI, starts the management session.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Logout

Signs the user out of the WBI, ending the management session.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Help

Opens the online help page.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Exit Help

Closes the online help page.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Save Config

Used when configuration changes to the device need to be saved

 

 

 

 

 

 

 

 

 

 

 

as permanent. The configuration is saved as permanent by

 

 

 

 

 

 

 

 

 

 

 

 

copying the current Running Configuration file to the Startup

 

 

 

 

 

 

Configuration file.

 

 

 

 

 

 

 

Page 14

Getting Started

Using the Web Browser Interface

Adding, Modifying and Deleting Information

The WBI contains and tables for configuring devices. User-defined information can be added, modified or deleted in specific WBI pages.

To add information to tables or WBI pages:

1.Open a WBI page.

2.Click Add. An Add page opens, for example, the Add Local User Page:

Figure 6: Add Local User Page

3.Define the fields.

4.Click Apply. The configuration information is saved, and the device is updated.

To modify information in tables or WBI pages:

1.Open a WBI page.

2.Select a table entry.

3.Click Modify. A Modify (or Settings) page opens, for example, the Local User Settings Page:

Figure 7: Local User Settings Page

4.Define the fields.

5.Click Apply. The fields are modified, and the information is saved to the device.

Page 15

Allied Telesis AT-8000S Switch

Web Browser Interface User’s Guide

To delete information in tables or WBI pages:

1.Open the WBI page.

2.Select a table row.

3.Click Delete. The information is deleted, and the device is updated.

Saving Configurations

User-defined information can be saved for permanent use or until next update, not just for the current session. A configuration is saved as permanent by copying the current Running Configuration file to the Startup Configuration file.

To save changes permanently:

Click Save Config on the menu.

Logging Out

The Logout option enables the user to log out of the device thereby terminating the running session. To log out:

In any page, click Logout on the menu. The current management session is ended and the Login Page opens:

Figure 8: Login Page

For more information about login, refer to Starting the Application.

Page 16

Getting Started

Resetting the Device

Resetting the Device

The Reset option enables resetting the device from a remote location.

Note

Save all changes to the Running Configuration file before resetting the device. This prevents the current device configuration from being lost. See also "Managing System Files".

To reset the device:

1.In the System General Page, click Reset. You are prompted to confirm.

2.Click OK. The device is reset. Resetting the device ends the web browser management session. You must restart the session to continue managing the device. After the device is reset, a prompt for a user name and password displays.

3.Enter a user name and password to reconnect to the Web Interface.

To reset the device to the predefined default configuration:

In the System General Page, click Defaults. The default settings are restored and the device is reset.

Page 17

Allied Telesis AT-8000S Switch

Web Browser Interface User’s Guide

Section 2. Defining System Information

The System General Page contains general device information, including system name and its IP addressing, administrator and passwords information, Dynamic Host Configuration Protocol (DHCP) configuration and MAC Address Aging Time.

To define the general system information:

1.Click System > General. The System General Page opens:

Figure 9: System General Page

The System General Page comprises two sections: Administration and DHCP Configuration. The Administration section of the System General Page contains the following fields:

System Name — Indicates the user-defined name of the device. This is a required field. The field range is 0-159 characters.

Administrator — Indicates the name of the administrator responsible for managing the device. The field range is 0-159 characters.

Comments — (Optional) The user can add any comments about the device in this field, for example, fill in the location of the device.

IP Address — Indicates the device’s IP address.

Subnet Mask — Indicates the device’s subnet mask.

Page 18

Defining System Information

Default Gateway — The IP address of a router for remote management of the device. The address must be entered in the format: xxx.xxx.xxx.xxx. The default value is 0.0.0.0.

Note

Packets are forwarded to the default IP when frames are sent to a remote network via the default gateway. The configured IP address must belong to the same subnet as one of the IP interfaces.

The DHCP Configuration section of the System General Page contains the following fields:

DHCP — Indicates if the Dynamic Host Configuration Protocol (DHCP) is enabled.

Enable — DHCP dynamically assigns IP addresses to devices on a network. With dynamic addressing, a device can have a different IP address every time it connects to the network. If the DHCP client software is activated, the device immediately begins to query the network for a DHCP server. The device continues to query the network for its IP configuration until it receives a response. If the device and IP address are manually assigned, that address is deleted and replaced by the IP address received from the DHCP server.

Disable — Disables DHCP on the device.

Mac Address Aging Time — The time interval an inactive dynamic MAC address can remain in the MAC address table before it is deleted. The default time is 300 seconds, and the range is 0-300.

2.Define the administration, passwords and DHCP configuration fields.

3.Click Apply. The system general information is defined and the device is updated.

4.Click Save Config on the menu to save the changes permanently.

Page 19

Allied Telesis AT-8000S Switch

Web Browser Interface User’s Guide

Section 3. Configuring System Time

This section provides information for configuring system time parameters, including:

Setting the System Clock

Configuring SNTP

Configuring Daylight Saving Time

The following is a list of Daylight Savings Time start and end dates by country:

Albania — From the last weekend of March until the last weekend of October.

Australia — From the end of October until the end of March.

Australia - Tasmania — From the beginning of October until the end of March.

Armenia — From the last weekend of March until the last weekend of October.

Austria — From the last weekend of March until the last weekend of October.

Bahamas — From April to October, in conjunction with Daylight Savings Time in the United States.

Belarus — From the last weekend of March until the last weekend of October.

Belgium — From the last weekend of March until the last weekend of October.

Brazil — From the third Sunday in October until the third Saturday in March. During the period of Daylight Saving Time, Brazilian clocks go forward one hour in most of the Brazilian southeast.

Chile — In Easter Island, from March 9 until October 12. In the rest of the country, from the first Sunday in March or after 9th March.

China — China does not use Daylight Saving Time.

Canada — From the first Sunday in April until the last Sunday of October. Daylight Saving Time is usually regulated by provincial and territorial governments. Exceptions may exist in certain municipalities.

Cuba — From the last Sunday of March to the last Sunday of October.

Cyprus — From the last weekend of March until the last weekend of October.

Denmark — From the last weekend of March until the last weekend of October.

Egypt — From the last Friday in April until the last Thursday in September.

Estonia — From the last weekend of March until the last weekend of October.

Finland — From the last weekend of March until the last weekend of October.

France — From the last weekend of March until the last weekend of October.

Germany — From the last weekend of March until the last weekend of October.

Greece — From the last weekend of March until the last weekend of October.

Hungary — From the last weekend of March until the last weekend of October.

India — India does not use Daylight Saving Time.

Iran — From Farvardin 1 until Mehr 1.

Iraq — From April 1 until October 1.

Ireland — From the last weekend of March until the last weekend of October.

Israel — Varies year-to-year.

Italy — From the last weekend of March until the last weekend of October.

Japan — Japan does not use Daylight Saving Time.

Jordan — From the last weekend of March until the last weekend of October.

Latvia — From the last weekend of March until the last weekend of October.

Lebanon — From the last weekend of March until the last weekend of October.

Page 20

Configuring System Time

Lithuania — From the last weekend of March until the last weekend of October.

Luxembourg — From the last weekend of March until the last weekend of October.

Macedonia — From the last weekend of March until the last weekend of October.

Mexico — From the first Sunday in April at 02:00 to the last Sunday in October at 02:00.

Moldova — From the last weekend of March until the last weekend of October.

Montenegro — From the last weekend of March until the last weekend of October.

Netherlands — From the last weekend of March until the last weekend of October.

New Zealand — From the first Sunday in October until the first Sunday on or after March 15.

Norway — From the last weekend of March until the last weekend of October.

Paraguay — From April 6 until September 7.

Poland — From the last weekend of March until the last weekend of October.

Portugal — From the last weekend of March until the last weekend of October.

Romania — From the last weekend of March until the last weekend of October.

Russia — From the last weekend of March until the last weekend of October.

Serbia — From the last weekend of March until the last weekend of October.

Slovak Republic - From the last weekend of March until the last weekend of October.

South Africa — South Africa does not use Daylight Saving Time.

Spain — From the last weekend of March until the last weekend of October.

Sweden — From the last weekend of March until the last weekend of October.

Switzerland — From the last weekend of March until the last weekend of October.

Syria — From March 31 until October 30.

Taiwan — Taiwan does not use Daylight Saving Time.

Turkey — From the last weekend of March until the last weekend of October.

United Kingdom — From the last weekend of March until the last weekend of October.

United States of America — From the first Sunday in April at 02:00 to the last Sunday in October at 02:00.

Page 21

Allied Telesis AT-8000S Switch

Web Browser Interface User’s Guide

Setting the System Clock

The System Time Page contains fields for defining system time parameters for both the local hardware clock and the external SNTP clock. If the system time is kept using an external SNTP clock, and the external SNTP clock fails, the system time reverts to the local hardware clock. Daylight Savings Time can be enabled on the device.

To configure the system clock time:

1.Click System > System Time. The System Time Page opens:

Figure 10: System Time Page

The Clock Source and System Time sections of the System Time Page contains the following fields:

Clock Source — The source used to set the system clock. The possible field values are:

Use Local Settings — Indicates that the clock is set locally.

Use SNTP Server — Indicates that the system time is set via an SNTP server.

System Time — Sets the local clock time. The field format is HH:MM:SS. For example: 21:15:03.

System Date — Sets the system date. The field format is Day/Month/Year. For example: 04/May/50 (May 4, 2050).

Time Zone Offset — The difference between Greenwich Mean Time (GMT) and local time. For example, the Time Zone Offset for Paris is GMT +1, while the Time Zone Offset for New York is GMT –5.

To set the system clock:

2.Select the system time mode.

3.Define the System Date, System Time and Time Zone Offset fields.

4.Click Apply in each section. The local system clock settings are saved, and the device is updated.

5.Click Save Config on the menu to save the changes permanently.

Page 22

Configuring System Time

Configuring SNTP

Configuring SNTP

The device supports the Simple Network Time Protocol (SNTP). SNTP assures accurate network device clock time synchronization up to the millisecond. Time synchronization is performed by a network SNTP server. The device operates only as an SNTP client, and cannot provide time services to other systems. The device can poll the following server types for the server time:

Unicast

Anycast

Broadcast

Time sources are established by stratums. Stratums define the accuracy of the reference clock. The higher the stratum (where zero is the highest), the more accurate the clock. The device receives time from stratum 1 and above. The following is an example of stratums:

Stratum 0 — A real time clock (such as a GPS system) is used as the time source.

Stratum 1 — A server that is directly linked to a Stratum 0 time source is used. Stratum 1 time servers provide primary network time standards.

Stratum 2 — The time source is distanced from the Stratum 1 server over a network path. For example, a Stratum 2 server receives the time over a network link, via NTP, from a Stratum 1 server.

Polling for Unicast Time Information

Polling for Unicast information is used for polling a server for which the IP address is known. T1 - T4 are used to determine the server time. This is the preferred method for synchronizing device time.

Polling for Anycast Time Information

Polling for Anycast information is used when the SNTP server IP address is unknown. The first Anycast server to return a response is used to set the time value. Time levels T3 and T4 are used to determine the server time. Using Anycast time information for synchronizing device time is preferred to using Broadcast time information.

Broadcast Time Information

Broadcast information is used when the server IP address is unknown. When a broadcast message is sent from an SNTP server, the SNTP client listens for the response. The SNTP client neither sends time information requests nor receives responses from the Broadcast server.

Message Digest 5 (MD5) Authentication safeguards device synchronization paths to SNTP servers. MD5 is an algorithm that produces a 128-bit hash. MD5 is a variation of MD4, and increases MD4 security. MD5 verifies the integrity of the communication, authenticates the origin of the communication.

To define SNTP global parameters:

1.Click System > System Time. The System Time Page opens.

The SNTP Settings section of the System Time Page contains the following fields:

Status — Indicates if SNTP is enabled on the device. The possible field values are:

Disabled — Indicates that SNTP is disabled.

Enabled — Indicates that SNTP is enabled.

Server IP Address — Displays a user-defined SNTP server IP address.

Poll Interval — Defines the interval (in seconds) at which the SNTP server is polled for Unicast information. The Poll Interval default is 1024 seconds.

2.Select the SNTP Status.

Page 23

Allied Telesis AT-8000S Switch

Web Browser Interface User’s Guide

3.Define the Server IP Address and the Poll Interval fields.

4.Click Apply. The SNTP global settings are defined, and the device is updated.

5.Click Save Config on the menu to save the changes permanently.

Configuring Daylight Saving Time

To configure DST:

1.Click System > System Time. The System Time Page opens:

The Additional Time Parameters section of the System Time Page contains the following fields:

Daylight Saving — Enables automatic Daylight Saving Time (DST) on the device based on the device’s location. There are two types of daylight settings, either by a specific date in a particular year or a recurring setting irrespective of the year. For a specific setting in a particular year complete the Daylight Savings area, and for a recurring setting, complete the Recurring area. The possible field values are:

USA — The device devices to DST at 2:00 a.m. on the first Sunday of April, and reverts to standard time at 2:00 a.m. on the last Sunday of October.

European — The device devices to DST at 1:00 am on the last Sunday in March and reverts to standard time at 1:00 am on the last Sunday in October. The European option applies to EU members, and other European countries using the EU standard.

Custom — The DST definitions are user-defined based on the device locality. If Custom is selected, the From and To fields must be defined.

Time Set Offset — Used for non-USA and European countries to set the amount of time for DST (in minutes). The default time is 60 minutes. The range is 1-1440 minutes.

From — Indicates the time that DST begins in countries other than the USA and Europe, in the format Day/ Month/Year in one field and HH:MM in another. For example, if DST begins on October 25, 2007 at 5:00 am, the two fields should be set to 25/Oct./07 and 05:00. The possible field values are:

Date — The date on which DST begins. The possible field range is 1-31.

Month — The month of the year in which DST begins. The possible field range is Jan.-Dec.

Year — The year in which the configured DST begins.

Time — The time at which DST begins. The field format is HH:MM. For example: 05:30.

To — Indicates the time that DST ends in countries other than the USA and Europe, in the format Day/Month/ Year in one field and HH:MM in another. For example, if DST ends on March 23, 2008 at midnight, the two fields should be 23/Mar/08 and 00:00. The possible field values are:

Date — The date on which DST ends. The possible field range is 1-31.

Month — The month of the year in which DST ends. The possible field range is Jan-Dec.

Year— The year in which the configured DST ends.

Time — The time at which DST starts. The field format is HH:MM. For example: 05:30.

Recurring — Enables user-defined DST for countries in which DST is constant from year to year, other than the USA and Europe.

From — The time that DST begins each year. In the example, DST begins locally every first Sunday in April at midnight. The possible field values are:

Day — The day of the week from which DST begins every year. The possible field range is SundaySaturday.

Week — The week within the month from which DST begins every year. The possible field range is 1-5.

Month — The month of the year in which DST begins every year. The possible field range is Jan.-Dec.

Page 24

Configuring System Time

Configuring Daylight Saving Time

Time — The time at which DST begins every year. The field format is Hour:Minute. For example: 02:10.

To — The time that DST ends each year. In the example, DST ends locally every first Sunday in October at midnight. The possible field values are:

Day — The day of the week at which DST ends every year. The possible field range is Sunday-Saturday.

Week — The week within the month at which DST ends every year. The possible field range is 1-5.

Month — The month of the year in which DST ends every year. The possible field range is Jan.-Dec.

Time — The time at which DST ends every year. The field format is HH:MM. For example: 05:30.

2.To configure the device to automatically switch to DST, select Daylight Savings and select either USA, European, or Other. If you select Other, you must define its From and To fields. To configure DST parameters that will recur every year, select Recurring and define its From and To fields.

3.Click Apply. The DST settings are saved, and the device is updated.

4.Click Save Config on the menu to save the changes permanently.

Page 25

Allied Telesis AT-8000S Switch

Web Browser Interface User’s Guide

Section 4. Configuring Device Security

This section describes setting security parameters for ports, device management methods, users, and servers. This section contains the following topics:

Configuring Management Security

Configuring Network Security

Page 26

Configuring Device Security

Configuring Management Security

Configuring Management Security

This section provides information for configuring device management security: device authentication methods, users and passwords.

This section includes the following topics:

Defining Access Profiles

Defining Profile Rules

Defining Authentication Profiles

Mapping Authentication Profiles

Configuring Server Based Authentication

Configuring TACACS+

Configuring RADIUS

Configuring Local Users

Page 27

Allied Telesis AT-8000S Switch

Web Browser Interface User’s Guide

Defining Access Profiles

Access profiles are profiles and rules for accessing the device. Access to management functions can be limited to user groups. User groups are defined for interfaces according to IP addresses or IP subnets. Access profiles contain management methods for accessing and managing the device. The device management methods include:

All

Telnet

Secure Telnet (SSH)

HTTP

Management access to different management methods may differ between user groups. For example, User Group 1 can access the device module only via an HTTPS session, while User Group 2 can access the device module via both HTTPS and Telnet sessions. The Access Profile Page contains the currently configured access profiles and their activity status.

Assigning an access profile to an interface denies access via other interfaces. If an access profile is assigned to any interface, the device can be accessed by all interfaces.

To define access profiles:

1.Click Mgmt. Security > Access Profile. The Access Profile Page opens:

Figure 11: Access Profile Page

The Access Profile Page contains a table listing the currently defined profiles and their active status:

Access Profile Name — The name of the profile. The access profile name can contain up to 32 characters.

Current Active Access Profile — Indicates if the profile is currently active. The possible field values are:

Page 28

Configuring Device Security

Configuring Management Security

Checked — The access profile is currently active. Access Profiles cannot be deleted when active.

Unchecked — Disables the active access profile.

2.Click Add. The Add Access Profile Page opens:

Figure 12: Add Access Profile Page

The Add Access Profile Page contains the following fields:

Access Profile Name — Defines the name of a new access profile.

Rule Priority — Defines the rule priority. When the packet is matched to a rule, user groups are either granted permission or denied device management access. The rule number is essential to matching packets to rules, as packets are matched on a first-fit basis. The rule priorities are assigned in the Profile Rules Page.

Management Method — Defines the management method for which the rule is defined. Users with this access profile can access the device using the management method selected. The possible field values are:

All — Assigns all management methods to the rule.

Telnet — Assigns Telnet access to the rule. If selected, users accessing the device using Telnet meeting access profile criteria are permitted or denied access to the device.

Secure Telnet (SSH) — Assigns SSH access to the rule. If selected, users accessing the device using Telnet meeting access profile criteria are permitted or denied access to the device.

HTTP — Assigns HTTP access to the rule. If selected, users accessing the device using HTTP meeting access profile criteria are permitted or denied access to the device.

Secure HTTP (HTTPS) — Assigns HTTPS access to the rule. If selected, users accessing the device using HTTPS meeting access profile criteria are permitted or denied access to the device.

SNMP — Assigns SNMP access to the rule. If selected, users accessing the device using SNMP meeting access profile criteria are permitted or denied access to the device.

Interface — Defines the interface on which the access profile is defined. The possible field values are:

Port — Specifies the port on which the access profile is defined.

LAG — Specifies the LAG on which the access profile is defined.

VLAN — Specifies the VLAN on which the access profile is defined.

Source IP Address — Defines the interface source IP address to which the access profile applies. The Source IP Address field is valid for a subnetwork.

Page 29

Allied Telesis AT-8000S Switch

Web Browser Interface User’s Guide

Network Mask — Defines the network mask of the source IP address.

Prefix Length — Defines the number of bits that comprise the source IP address prefix, or the network mask of the source IP address.

Action — Defines the action attached to the access rule. The possible field values are:

Permit — Permits access to the device.

Deny — Denies access to the device. This is the default.

3.Define the fields.

4.Click Apply. The access profile is saved and the device is updated.

5.Click Save Config on the menu to save the changes permanently.

Page 30

Configuring Device Security

Configuring Management Security

Defining Profile Rules

Access profiles can contain up to 128 rules that determine which users can manage the device module, and by which methods. Users can also be blocked from accessing the device. Rules are composed of filters including:

Rule Priority

Interface

Management Method

IP Address

Prefix Length

Forwarding Action

To define profile rules:

1.Click Mgmt. Security > Profile Rules: The Profile Rules Page opens:

Figure 13: Profile Rules Page

Access Profile Name — Displays the access profile to which the rule is attached.

Priority — Defines the rule priority. When the packet is matched to a rule, user groups are either granted permission or denied device management access. The rule number is essential to matching packets to rules, as packets are matched on a first-fit basis.

Interface — Indicates the interface type to which the rule applies. The possible field values are:

Port — Attaches the rule to the selected port.

LAG — Attaches the rule to the selected LAG.

VLAN — Attaches the rule to the selected VLAN.

Page 31

Allied Telesis AT-8000S Switch

Web Browser Interface User’s Guide

Management Method — Defines the management method for which the rule is defined. Users with this access profile can access the device using the management method selected. The possible field values are:

All — Assigns all management methods to the rule.

Telnet — Assigns Telnet access to the rule. If selected, users accessing the device using Telnet meeting access profile criteria are permitted or denied access to the device.

Secure Telnet (SSH) — Assigns SSH access to the rule. If selected, users accessing the device using Telnet meeting access profile criteria are permitted or denied access to the device.

HTTP — Assigns HTTP access to the rule. If selected, users accessing the device using HTTP meeting access profile criteria are permitted or denied access to the device.

Secure HTTP (HTTPS) — Assigns HTTPS access to the rule. If selected, users accessing the device using HTTPS meeting access profile criteria are permitted or denied access to the device.

SNMP — Assigns SNMP access to the rule. If selected, users accessing the device using SNMP meeting access profile criteria are permitted or denied access to the device.

Source IP Address — Defines the interface source IP address to which the rule applies.

Prefix Length — Defines the number of bits that comprise the source IP address prefix, or the network mask of the source IP address.

Action — Defines the action attached to the rule. The possible field values are:

Permit — Permits access to the device.

Deny — Denies access to the device. This is the default.

2.Click Add. The Add Profile Rule Page opens:

Figure 14: Add Profile Rule Page

3.Define the fields.

4.Click Apply. The profile rule is added to the access profile, and the device is updated.

5.Click Save Config on the menu to save the changes permanently.

Page 32

Configuring Device Security

Configuring Management Security

To modify an access rule:

1.Click Mgmt. Security > Profile Rule: The Profile Rules Page opens.

2.Click Modify. The Profiles Rules Configuration Page opens:

Figure 15: Profiles Rules Configuration Page

3.Define the fields.

4.Click Apply. The profile rule is saved, and the device is updated.

Page 33

Allied Telesis AT-8000S Switch

Web Browser Interface User’s Guide

Defining Authentication Profiles

Authentication profiles allow network administrators to assign authentication methods for user authentication. User authentication can be performed either locally or on an external server. User authentication occurs in the order the methods are selected. If the first authentication method is not available, the next selected method is used. For example, if the selected authentication methods are RADIUS and Local, and the RADIUS server is not available, then the user is authenticated locally.

To define Authentication profiles:

1.Click Mgmt. Security > Authentication Profiles. The Authentication Profiles Page opens:

Figure 16: Authentication Profiles Page

The Authentication Profiles Page contains two tables which display the currently defined profiles:

Login Authentication Profiles — Provides the method by which system users logon to the device.

Enable Authentication Profiles — Provides user authentication levels for users accessing the device.

Each table contains the following fields:

Profile Name — Contains a list of user-defined authentication profile lists to which user-defined authentication profiles are added. The default configuration displays as: Console Default, and Network Default.

Methods — Indicates the authentication method for the selected authentication profile. The possible authentication methods are:

None — Assigns no authentication method to the authentication profile.

Line — Indicates that authentication uses a line password.

Enable — Indicates that authentication uses an Enable password.

Page 34

Configuring Device Security

Configuring Management Security

Local — Authenticates the user at the device level. The device checks the user name and password for authentication.

RADIUS — Authenticates the user at the RADIUS server. For more information, see Defining RADIUS Server Settings.

TACACS+ — Authenticates the user at the TACACS+ server. For more information, see Defining TACACS+ Host Settings.

Local, RADIUS — Indicates that authentication first occurs locally. If authentication cannot be verified locally, the RADIUS server authenticates the management method. If the RADIUS server cannot authenticate the management method, the session is blocked.

RADIUS, Local — Indicates that authentication first occurs at the RADIUS server. If authentication cannot be verified at the RADIUS server, the session is authenticated locally. If the session cannot be authenticated locally, the session is blocked.

Local, RADIUS, None — Indicates that authentication first occurs locally. If authentication cannot be verified locally, the RADIUS server authenticates the management method. If the RADIUS server cannot authenticate the management method, the session is permitted.

RADIUS, Local, None — Indicates that Authentication first occurs at the RADIUS server. If authentication cannot be verified at the RADIUS server, the session is authenticated locally. If the session cannot be authenticated locally, the session is permitted.

Local, TACACS+ — Indicates that Authentication first occurs locally. If authentication cannot be verified locally, the TACACS+ server authenticates the management method. If the TACACS+ server cannot authenticate the management method, the session is blocked.

TACACS+, Local — Indicates that authentication first occurs at the TACACS+ server. If authentication cannot be verified at the TACACS+ server, the session is authenticated locally. If the session cannot be authenticated locally, the session is blocked.

Local, TACACS+, None — Indicates that authentication first occurs locally. If authentication cannot be verified locally, the TACACS+ server authenticates the management method. If the TACACS+ server cannot authenticate the management method, the session is permitted.

TACACS+, Local, None — Indicates that authentication first occurs at the TACACS+ server. If authentication cannot be verified at the TACACS+ server, the session is authenticated locally. If the session cannot be authenticated locally, the session is permitted.

2.Click Add. The Add Authentication Profile Page opens:

Page 35

Allied Telesis AT-8000S Switch

Web Browser Interface User’s Guide

Figure 17: Add Authentication Profile Page

3.Select the type of function to configure for the profile: Method or Login.

4.Enter the Profile Name.

5.Using the arrows, move the method(s) from the Optional Method list to the Selected Method list.

6.Click Apply. The authentication profile is defined. The profile is added to the profiles table and the device is updated.

To modify the authentication profile settings:

1.Click Mgmt. Security > Authentication Profiles. The Authentication Profiles Page opens.

2.Click Modify. The Authentication Profile Configuration Page opens:

Figure 18: Authentication Profile Configuration Page

3.Select the Profile Name from the list.

4.Using the arrows, move the method(s) from the Optional Method list to the Selected Method list.

5.Click Apply. The profile settings are saved and the device is updated.

Page 36

Configuring Device Security

Configuring Management Security

Mapping Authentication Profiles

After authentication profiles are defined, they can be applied to management access methods. For example, console users can be authenticated by Authentication Profile List 1, while Telnet users are authenticated by Authentication Profile List 2. Authentication methods are selected using arrows. The order in which the methods are selected is the order by which the authentication methods are used.

To map authentication methods:

1.Click Mgmt. Security > Authentication Mapping. The Authentication Mapping Page opens:

Figure 19: Authentication Mapping Page

The Authentication Mapping Page comprises three sections:

Authentication Login and Enable

Secure HTTP

HTTP

The Authentication Mapping Page contains the following fields:

Console — Indicates that authentication profiles are used to authenticate console users.

Telnet — Indicates that authentication profiles are used to authenticate Telnet users.

Secure Telnet (SSH) — Indicates that authentication profiles are used to authenticate Secure Shell (SSH) users. SSH provides clients secure and encrypted remote connections to a device.

Secure HTTP — Indicates that authentication methods are used for secure HTTP access. The possible methods are:

Local — Authentication occurs locally.

RADIUS — Authenticates the user at the RADIUS server.

TACACS+ — Authenticates the user at the TACACS+ server.

Page 37

Allied Telesis AT-8000S Switch

Web Browser Interface User’s Guide

None — Indicates that no authentication method is used for access.

HTTP — Indicates that authentication methods are used for HTTP access. Possible methods are:

Local — Authentication occurs locally.

RADIUS — Authenticates the user at the RADIUS server.

TACACS+ — Authenticates the user at the TACACS+ server.

None — Indicates that no authentication method is used for access.

2.Define the Console, Telnet, and Secure Telnet (SSH) fields.

3.Map the authentication method(s) in the Secure HTTP selection box using the arrow.

4.Map the authentication method(s) in the HTTP selection box.

5.Click Save Config on the menu to save the changes permanently.

Configuring Server Based Authentication

Network administrators assign authentication methods for user authentication. User authentication can be performed locally, or on an external server. User authentication occurs in the order the methods are selected. If the first authentication method is not available, the next selected method is used.

Configuring TACACS+

Terminal Access Controller Access Control System (TACACS+) provides centralized security user access validation. The system supports up-to 4 TACACS+ servers. TACACS+ provides a centralized user management system, while still retaining consistency with RADIUS and other authentication processes. TACACS+ provides the following services:

Authentication — Performed at login and via user names and user-defined passwords.

Authorization — Performed at login. Once the authentication session is completed, an authorization session starts using the authenticated user name.

The TACACS+ protocol ensures network integrity through encrypted protocol exchanges between the client and TACACS+ server.

To define TACACS+ security settings:

1.Click Mgmt. Protocols > TACACS+. The TACACS+ Configuration Page opens.

Page 38

Configuring Device Security

Configuring Management Security

Figure 20: TACACS+ Configuration Page

The TACACS+ Configuration Page contains the following fields:

Timeout for Reply — Defines the time interval in seconds that passes before the connection between the device and the TACACS+ server times out. The field range is 1-60 seconds and the default is 10 seconds.

Key String — Defines the default key string.

Server # — Displays the server number.

Host IP Address — Displays the TACACS+ server IP address.

Priority — Defines the order in which the TACACS+ servers are used. The field range is 0-65535. The default is 0.

Authorization Port — Identifies the authentication port. The authentication port is used to verify the TACACS+ server authentication.

Timeout for Reply — Defines the time interval in seconds that passes before the connection between the device and the TACACS+ server times out. The field range is 1-60 seconds and the default is 10 seconds.

Single Connection — Maintains a single open connection between the device and the TACACS+ server. The possible field values are:

Checked — Enables a single connection.

Unchecked — Disables a single connection.

Status — Indicates the connection status between the device and the TACACS+ server. The possible field values are:

Connected — Indicates there is currently a connection between the device and the TACACS+ server.

Not Connected — Indicates there is not currently a connection between the device and the TACACS+ server.

2.Click Create. The Add TACACS+ Page opens.

Page 39

Allied Telesis AT-8000S Switch

Web Browser Interface User’s Guide

Figure 21: Add TACACS+ Page

3.Define the fields.

4.Click Apply. The TACACS+ profile is saved, and the device is updated.

Page 40

Configuring Device Security

Configuring Management Security

Configuring RADIUS

Remote Authorization Dial-In User Service (RADIUS) servers provide additional security for networks. RADIUS servers provide a centralized authentication method for web access. To configure RADIUS security settings:

1.Click Mgmt. Protocols > RADIUS. The RADIUS Configuration Page opens:

Figure 22: RADIUS Configuration Page

The RADIUS Configuration Page contains the following fields:

Default Retries — Defines the default number of transmitted requests sent to the RADIUS server before a failure occurs. Possible field values are 1-10.

Default Timeout for Reply — Defines the default time interval in seconds that passes before the connection between the device and the TACACS+ server times out. The field range is 1-60 seconds and the default is 10 seconds.

Default Dead Time — Defines the default amount of time (in minutes) that a RADIUS server is bypassed for service requests. The range is 0-2000.

Server # — Displays the RADIUS server number.

IP Address — Displays the RADIUS server IP address.

Priority — Displays the RADIUS server priority. The possible values are 1-65535, where 1 is the highest value. The RADIUS server priority is used to configure the server query order.

Authorization Port — Identifies the authentication port. The authentication port is used to verify the RADIUS server authentication. The authenticated port default is 1812.

Number of Retries — Defines the number of transmitted requests sent to the RADIUS server before a failure occurs. Possible field values are 1-10.

Page 41

Allied Telesis AT-8000S Switch

Web Browser Interface User’s Guide

Timeout for Reply — Defines the time interval in seconds that passes before the connection between the device and the RADUIUS server times out. The field range is 1-60 seconds and the default is 10 seconds.

Dead Time — Defines the amount of time (in minutes) that a RADIUS server is bypassed for service requests. The range is 0-2000. The default is 0 minutes.

Key String — Defines the default key string used for authenticating and encrypting all RADIUScommunications between the device and the RADIUS server. This key must match the RADIUS encryption.

Usage Type— Specifies the RADIUS server authentication type. The default value is All. The possible field values are:

Log in — Indicates the RADIUS server is used for authenticating user name and passwords.

802.1X — Indicates the RADIUS server is used for 802.1X authentication.

All — Indicates the RADIUS server is used for authenticating user names and passwords, and 802.1X port authentication.

2.Click Create. The Add RADIUS Page opens.

Figure 23: Add RADIUS Page

3.Define the fields.

4.Click Apply. The RADIUS profile is saved, and the device is updated.

Page 42

Configuring Device Security

Configuring Management Security

Configuring Local Users

Network administrators can define users, passwords, and access levels for users using the Local Users Page. To configure local users and passwords:

1.Click Mgmt. Security > Local Users. The Local Users Page opens:

Figure 24: Local Users Page

The Local Users Page displays the list of currently defined local users and contains the following fields:

User Name — Displays the user’s name.

Access Level Displays the user access level. The lowest user access level is 1 and the highest is 15. Users assigned access level 1 have read/write access to the device. User assigned a access level of 15 have read-only access. The possible field values are:

Configuration — Provides configuration device privileges.

Monitoring — Provides device Read and Read/Write privileges.

Page 43

Allied Telesis AT-8000S Switch

Web Browser Interface User’s Guide

2.Click Create. The Add Local User Page opens:

Figure 25: Add Local User Page

In addition to the fields in the Local Users Page, the Add Local User Page contains the following fields:

Password — Defines the local user password. Local user passwords can contain up to 159 characters.

Confirm Password — Verifies the password.

3.Define the fields.

4.Click Apply. The user is added to the Local Users table and the device is updated.

To modify local users:

1.Click Mgmt. Security > Local Users. The Local Users Page opens.

2.Click Modify. The Local User Configuration Page opens:

Figure 26: Local User Configuration Page

3.Define the User Name, Access Level, Password, and Confirm Password fields.

4.Click Apply. The local user settings are defined, and the device is updated.

Page 44

Configuring Device Security

Configuring Network Security

Configuring Network Security

Network security manages locked ports. This section contains the following topics:

Network Security Overview

Managing Port Security

Defining 802.1x Port Access

Enabling Storm Control

Page 45

Allied Telesis AT-8000S Switch

Web Browser Interface User’s Guide

Network Security Overview

Port-based authentication provides traditional 802.1x support, as well as, Guest VLANs. Guest VLANs limited network access to authorized ports. If a port is denied network access via port-based authorization, but the Guest VLAN is enabled, the port receives limited network access. For example, a network administrator can use Guest VLANs to deny network access via port-based authentication, but grant Internet access to unauthorized users.

Managing Port Security

Network security can be increased by limiting access on a specific port only to users with specific MAC addresses. The MAC addresses can be dynamically learned or statically configured. Locked port security monitors both received and learned packets that are received on specific ports. Access to the locked port is limited to users with specific MAC addresses. These addresses are either manually defined on the port, or learned on that port up to the point when it is locked. When a packet is received on a locked port, and the packet D-Link source MAC address is not tied to that port (either it was learned on a different port, or it is unknown to the system), the protection mechanism is invoked, and can provide various options. Unauthorized packets arriving at a locked port are either:

Forwarded

Discarded with no trap

Discarded with a trap

Shuts down the port.

Locked port security also enables storing a list of MAC addresses in the configuration file. The MAC address list can be restored after the device has been reset. Disabled ports are activated from the Port Security Page. To define port security

The Port Security Page enhances network security by providing port locking management to network administrators.

To configure secure ports:

1.Click Network Security > Port Security. The Port Security Page opens:

Page 46

Configuring Device Security

Configuring Network Security

Figure 27: Port Security Page

The Port Security Page displays the Zoom View of device ports. The possible port indicators are:

Port is not selected — Indicates that security is currently not enabled on the port.

Port is selected — Indicates that security is currently enabled on the port.

2.Select the ports to lock. The port indicator changes to selected.

3.Click Modify. The Port Security Configuration Page opens:

Page 47

Allied Telesis AT-8000S Switch

Web Browser Interface User’s Guide

Figure 28: Port Security Configuration Page

The Port Security Configuration Page contains the following fields:

Unit Number — Defines the unit number.

Interface — Displays the port or LAG name.

Learning Mode — Defines the locked port type. The Learning Mode field is enabled only if Locked is selected in the Set Port field.The possible field values are:

Classic Lock — Locks the port using the classic lock mechanism. The port is immediately locked, regardless of the number of addresses that have already been learned.

Limited Dynamic Lock — Locks the port by deleting the current dynamic MAC addresses associated with the port. The port learns up to the maximum addresses allowed on the port. Both relearning and aging MAC addresses are enabled.

Enable Trap — Indicates if the SNMP trap generated if there is a violation. The possible values are:

Yes — Trap is generated.

No — No trap is generated.

Trap Frequency — The time interval (in seconds) between traps. The possible field range is 1-1,000,000 seconds, and the default is 10 seconds.

Action On Violation— Indicates the intruder action defined for the port. Indicates the action to be applied to packets arriving on a locked port. The possible values are:

Forward — Forwards packets from an unknown source without learning the MAC address.

Discard — Discards packets from any unlearned source. This is the default value.

Shutdown — Discards packets from any unlearned source and shuts down the port. The port remains shut down until reactivated, or until the device is reset.

Max Entries — Specifies the number of MAC addresses that can be learned on the port before the port is locked. The field range is 1-128. The default is 1.

Lock Interface —Locks the interface.

4.Select the security mode for the selected port(s).

5.Click Apply. The port security settings are saved and the device is updated.

Page 48

Configuring Device Security

Configuring Network Security

6.Click Save Config on the menu to save the changes permanently.

Defining 802.1x Port Access

The 802.1x Port Access Page allows enabling port access globally, defining the authentication method, and configuration of port roles and settings.

To configure 802.1x port access parameters:

1.Click Network Security > 802.1x Port Access. The 802.1x Port Access Page opens:

Figure 29: 802.1x Port Access Page

The 802.1x Port Access Page contains the following fields:

Enable Port Access — Enables the 802.1x port access globally. The possible values are:

Checked — Enables the 802.1x port access on the device.

Unchecked — Disables the 802.1x port access on the device. This is the default value.

Authentication Method — Displays the method by which the last session was authenticated. The possible field values are:

None — Indicates that no authentication method is used to authenticate the port.

RADIUS — Provides port authentication using the RADIUS server.

RADIUS, None — Provides port authentication, first using the RADIUS server. If the port is not authenticated, then no authentication method is used, and the session is permitted.

Guest VLAN —Provides limited network access to authorized ports. If a port is denied network access via port-based authorization, but the Guest VLAN field is enabled, the port receives limited network access.

Page 49

+ 138 hidden pages