Cisco Linksys SFE1000P, SFE1000P Reference Manual
¸
SFE1000P 8-port 10/100 Ethernet Switch with
PoE Reference Guide
March 2008
SFE1000P 8-port 10/100 Ethernet Switch with PoE
Reference Guide
SFE1000P 8-PORT 10/100 ETHERNET SWITCH WITH POE REFERENCE GUIDE
© Copyright 2008, Cisco Systems, Inc.
Specifications are subject to change without notice.
Linksys, the Cisco Systems logo, the Linksys Logo, and the Linksys One logo are registered trademarks of Cisco
Systems, Inc. All other trademarks mentioned in this document are the property of their respective owners.
Document Revision History
Revision Date Description
1.0 March 2008 Initial release
Contents
SFE1000P Gigabit Ethernet Switch Reference Guide
Chapter 1: Preface . . . . . . . . . . . . . . . . . . . . 1
Audience 1
Purpose 1
Organization 1
Chapter 2: Getting Started . . . . . . . . . . . . . . . . . 3
Starting the Application 3
Understanding the Interface 4
Device Representation 6
Using the Linksys Management Buttons 6
Using Screen and Table Options 7
Adding Device Information 7
Modifying Device Information 7
Deleting Device Information 7
Resetting the Device 8
Logging Off The Device 8
Chapter 3: Managing Device Information . . . . . . . . . . . 9
Understanding the Device Zoom View 9
Defining General System Information 10
Resetting the Device 11
Chapter 4: Managing Power-over-Ethernet Devices . . . . . . . . 12
PoE Settings 13
Edit PoE 14
Chapter 5: Configuring Device Security . . . . . . . . . . . . 16
Passwords Management 16
Add Local User 17
Modifying the Local User Settings 17
Defining Authentication 18
Defining Authentication Profiles 18
Add Authentication Profile 19
Modify the Authentication Profile 20
Mapping Authentication Profiles 21
Defining TACACS+ 22
Add TACACS+ Server 24
Modifying TACACS+ Settings 25
Defining RADIUS 26
Add RADIUS Server 27
Modifying RADIUS Server Settings 29
Defining Access Method 30
Defining Access Profiles 30
Add Access Profile Page 31
Defining Profile Rules 33
1
Contents
SFE1000P Gigabit Ethernet Switch Reference Guide
Add Profile Rule 35
Modifying Profile Rules 36
Defining Traffic Control 38
Defining Storm Control 38
Modifying Storm Control 39
Defining Port Security 40
Modifying Port Security 42
Defining 802.1x 44
Defining 802.1X Properties 44
Defining Port Authentication 46
Modifying 8021X Security 48
Defining Multiple Hosts 50
Modifying Multiple Host Settings 51
Defining Authenticated Host 52
Defining Access Control 53
Defining MAC Based ACL 53
Adding an ACL 55
Adding Rule to MAC Based ACL 56
Defining IP Based ACL 58
Add IP Based ACL 61
Adding an IP Based Rule 63
Defining ACL Binding 65
Modifying ACL Binding 66
Defining DoS Prevention 67
Global Settings 67
Defining Martian Addresses 68
Add Martian Address Page 69
Chapter 6: Configuring Device Interfaces . . . . . . . . . . . . 70
Defining Port Settings 70
Modifying Port Settings 72
Defining LAG Management 75
Modifying LAG Membership 77
Defining LAG Settings 78
LAG Configuration Settings 79
Configuring LACP 81
Modify LACP Parameter Settings 82
Chapter 7: Configuring VLANs . . . . . . . . . . . . . . . 83
Defining VLAN Properties 84
Add VLAN 85
Modifying VLANs 85
Defining VLAN Membership 86
Modifying VLAN Membership 87
Defining Interface Settings 88
Modifying VLAN Interface Settings 89
2
Contents
SFE1000P Gigabit Ethernet Switch Reference Guide
Configuring GVRP Settings 90
Modifying GVRP Settings 91
Defining VLAN Protocol Group 92
Add Protocol Group 93
Modifying Protocol Groups 93
Defining VLAN Protocol Port 94
Add Protocol Port to VLAN 94
Chapter 8: Configuring IP Information . . . . . . . . . . . . 96
Domain Name System 96
Defining DNS Server 96
Add DNS Server 98
Mapping DNS Hosts 98
Add DNS Host 99
Configuring Layer 2 IP Addresses 100
Defining IP Interfaces 100
Enabling ARP 101
Add ARP 102
Modifying ARP Settings 103
Chapter 9: Defining Address Tables . . . . . . . . . . . . 104
Defining Static Addresses 104
Add Static MAC Address 105
Defining Dynamic Addresses 106
Chapter 10: Configuring Multicast Forwarding . . . . . . . . 108
IGMP Snooping 108
Modifying IGMP Snooping 109
Defining Multicast Bridging Groups 110
Add Multicast Group 111
Modifying a Multicast Group 112
Defining Multicast Forwarding 113
Modifying Multicast Forwarding 114
Chapter 11: Configuring Spanning Tree . . . . . . . . . . . 115
Defining STP Properties 116
Global Settings 116
Defining Interface Settings 118
Modifying Interface Settings 120
Defining Rapid Spanning Tree 122
Modifying RTSP 124
Defining Multiple Spanning Tree 126
Defining MSTP Properties 126
Mapping MSTP Instances to VLAN 127
Defining MSTP Instance Settings 128
Defining MSTP Interface Settings 129
3
Contents
SFE1000P Gigabit Ethernet Switch Reference Guide
Interface Table 131
Chapter 12: Configuring SNMP . . . . . . . . . . . . . . 134
Configuring SNMP Security 135
Defining the SNMP Engine ID 135
Defining SNMP Views 136
Add SNMP View 137
Defining SNMP Users 138
Add SNMP Group Membership 139
Modifying SNMP Users 140
Define SNMP Groups 141
Adding SNMP Group Profiles 142
Modifying SNMP Group Profile Settings 143
Defining SNMP Communities 144
Adding SNMP Communities 145
Modifying SNMP Community Settings 146
Defining Trap Management 147
Defining Trap Settings 147
Configuring Station Management 148
Adding a SNMP Notification Recipient 150
Modifying SNMP Notifications Settings 152
Defining SNMP Filter Settings 154
Add SNMP Notification Filter 155
Chapter 13: Configuring Quality of Service . . . . . . . . . . 156
Defining General Settings 157
Defining CoS 157
Modifying Interface Priorities 158
Defining Queue 159
Mapping CoS to Queue 160
Mapping DSCP to Queue 161
Configuring Bandwidth 162
Modifying Bandwidth Settings 163
Defining Advanced Mode 164
Configuring DSCP Mapping 165
Defining Class Mapping 166
Adding QoS Class Maps 167
Defining Aggregate Policer 168
Adding QoS Aggregate Policer 169
Modifying QoS Aggregate Policer 170
Configuring Policy Table 171
Adding QoS Policy Profile 171
Modifying the QoS Policy Profile 173
Defining Policy Binding 174
Adding QoS Policy Binding 175
Modifying QoS Policy Binding Settings 175
4
Contents
SFE1000P Gigabit Ethernet Switch Reference Guide
Defining QoS Basic Mode 176
Rewritting DSCP Values 177
Chapter 14: Managing System Files . . . . . . . . . . . . 178
File Management Overview 178
File Management 179
Firmware Upgrade 179
Save Configuration 180
Copy Files 181
Active Image 182
Chapter 15: Managing System Logs . . . . . . . . . . . . 183
Enabling System Logs 183
Viewing the Device Memory Logs 185
Clearing Message Logs 185
Viewing the Flash Logs 186
Clearing Message Logs 186
Viewing Remote Logs 187
Adding a System Log Server 188
Modify Syslog Server Settings 190
Chapter 16: Configuring System Time . . . . . . . . . . . . 192
Defining System Time 192
Defining SNTP Settings 195
Add SNTP Server 196
Defining SNTP Authentication 197
Add SNTP Authentication 198
Chapter 17: Viewing Statistics . . . . . . . . . . . . . . 199
Viewing Ethernet Statistics 199
Defining Ethernet Interface 199
Resetting Interface Statistics Counters 200
Viewing Etherlike Statistics 201
Resetting Etherlike Statistics Counters 202
Viewing GVRP Statistics 203
Resetting GVRP Statistics Counters 204
Viewing EAP Statistics 205
Managing RMON Statistics 207
Viewing RMON Statistics 207
Resetting RMON Statistics Counters 208
Configuring RMON History 209
Defining RMON History Control 209
Add RMON History 210
Modify History Control Settings 211
Viewing the RMON History Table 212
Configuring RMON Events 214
5
Contents
SFE1000P Gigabit Ethernet Switch Reference Guide
Defining RMON Events Control 214
Add RMON Events 215
Modify Event Control Settings 216
Viewing the RMON Events Logs 217
Defining RMON Alarms 218
Add RMON Alarm 220
Modify RMON Alarm Settings 222
Chapter 18: Managing Device Diagnostics . . . . . . . . . . 224
Viewing Integrated Cable Tests 224
Performing Optical Tests 225
Configuring Port Mirroring 226
Adding Port Mirroring Session 227
Modifying Port Mirroring 227
Defining CPU Utilization 228
6
Chapter
SFE1000P 8-port 10/100 Ethernet Switch with PoE Reference Guide
Preface
Audience
This publication is designed for people who have some experience installing networking equipment
such as routers, hubs, servers, and switches. We assume the person installing and troubleshooting
the SFE1000P is familiar with electronic circuitry and wiring practices and has experience as an
electronic or electromechanical technician.
Purpose
This guide documents the features of the Linksys Business Series SFE1000P Gigabit Ethernet Switch
(SFE1000P). It describes the selections available on the administration screens of the SFE1000P, and
provides configuration information.
Organization
1
This guide is organized into the following chapters:
• Chapter 2, "Getting Started,"is an introduction to the user interface.
• Chapter 3, "Managing Device Information,"defines both basic and advanced system
information.
• Chapter 4, "Managing Power-over-Ethernet Devices,"describes configuring PoE settings.
• Chapter 5, "Configuring Device Security,"describes password management, defining
authentication, access method, traffic control, 802.1x protocols, access control, and Denial
of service prevention.
• Chapter 6, "Configuring Device Interfaces,"describes defining port settings, LAG
management, LAG settings, and configuring LACP.
• Chapter 7, "Configuring VLANs," defines VLAN properties, VLAN memberships, interface
settings, and GVRP settings.
• Chapter 8, "Configuring IP Information," provides information for defining device IP
addresses.
• Chapter 9, "Defining Address Tables," contains information for defining both static and
dynamic Forwarding Database entries.
• Chapter 10, "Configuring Multicast Forwarding," contains information on configuring
IGMP snooping, defining multicast bridging groups, and multicast forwarding.
• Chapter 11, "Configuring Spanning Tree," contains information on configuring Spanning
Tree Protocol with classic STP, Rapid STP, and Multiple STP.
• Chapter 12, "Configuring SNMP," describes SNMP security and define trap management.
Chapter 1: Preface
Audience
1
Chapter
SFE1000P 8-port 10/100 Ethernet Switch with PoE Reference Guide
• Chapter 13, "Configuring Quality of Service," shows how to define Quality of Service
general settings, advanced mode settings, and basic mode settings. It also describes
configuring policy tables.
• Chapter 14, "Managing System Files," describes working with file management, logs, and
diagnostics.
• Chapter 15, "Managing System Logs," shows how to enable system logs, view device
memory logs, flash logs, and remote logs.
• Chapter 16, "Configuring System Time," provides information for configuring the system
time, and includes defining system time, SNTP settings, and SNTP authentication.
• Chapter 17, "Viewing Statistics," describes viewing and managing device statistics for
RMON, interfaces, GVRP, EAP, and Etherlike statistics.
• Chapter 18, "Managing Device Diagnostics," contains information for configuring port
mirroring, running cable tests, and viewing device operational information.
1
Chapter 1: Preface
Organization
2
Chapter
SFE1000P Gigabit Ethernet Switch Reference Guide
Getting Started
This section provides an introduction to the user interface, and includes the following topics:
• Starting the Application
• Understanding the Interface
• Using the Linksys Management Buttons
• Using Screen and Table Options
• Resetting the Device
• Logging Off The Device
Starting the Application
This section contains information for starting the Linksys User Interface.
2
NOTE: By default, the IP address of the device is assigned
dynamically. The IP address can be changed
Enter Network Password Page
Enter a user name and password. The default user name is "admin"
with a default password, and can be configured without entering a password. Passwords are both
case sensitive and alpha-numeric.
Chapter 2: Getting Started
Starting the Application
. The device is not configured
3
SFE1000P Gigabit Ethernet Switch Reference Guide
NOTE: If you have logged in automatically via the Service
Router user interface, the Tree and Device views appear
and allow you to navigate through the various areas of
the web interface. However, the following page will
appear within the frame provided by the Service Router
user interface.
Embedded Web System Home Page
Chapter
2
Understanding the Interface
The following table lists the interface components with their corresponding numbers:
Interface Components
Component Description
1
Tree View The Tree View provides easy navigation through the configurable
2 Device View The device view provides information about device ports, current
Chapter 2: Getting Started
Understanding the Interface
device features.The main branches expand to provide the subfeatures.
configuration and status, table information, and feature
components.The device view also displays other device information
and dialog boxes for configuring parameters.
4
Chapter
SFE1000P Gigabit Ethernet Switch Reference Guide
Component Description
3 Table Area The Table area enables navigating through the different device
features. Click the tabs to view all the components under a specific
feature.
4 EWS Information The EWS information tabs provide access to the online help, contains
information about the EWS.
Linksys User Interface Components
2
This section provides the following additional information:
•
Device Representation — Provides an explanation of the Linksys user interface buttons, including both
management buttons and task icons.
•
Using the Linksys Management Buttons — Provides instructions for adding, modifying, and deleting
device parameters.
Chapter 2: Getting Started
Understanding the Interface
5
Chapter
SFE1000P Gigabit Ethernet Switch Reference Guide
Device Representation
The Linksys home page displays a graphical representation of the device:
Device Representation
The Linksys home page contains a graphical SFE1000 and SFE1000P front panel illustration.
Using the Linksys Management Buttons
Device Management buttons and icons provide an easy method of configuring device information,
and include the following:
Device Management Buttons
Button Name Button Description
2
Apply Applies changes to the device.
Clear Counters Clears statistic counters
Clear Logs Clears log files
Add Opens an Add page
Delete Removes entries from tables
Reset Resets the settlings of a selected
port to the default settings
Test Performs cable tests immediately.
Chapter 2: Getting Started
Using the Linksys Management Buttons
6
Chapter
SFE1000P Gigabit Ethernet Switch Reference Guide
Using Screen and Table Options
Linksys contains screens and tables for configuring devices. This section contains the following
topics:
•Adding Device Information
• Modifying Device Information
• Deleting Device Information
Adding Device Information
User defined information can be added to specific EWS pages, by opening a new Add page.
Add SNTP Server
2
Modifying Device Information
User defined information can be modified on specific EWS pages, by opening the appropriate Edit
page.
Edit Interface Priority
Deleting Device Information
User defined information can be deleted on specific EWS pages, by opening the appropriate EWS
page, selecting a table row, checking the remove checkbox, and then clicking the Delete button.
Chapter 2: Getting Started
Using Screen and Table Options
7
Chapter
SFE1000P Gigabit Ethernet Switch Reference Guide
Resetting the Device
The Reset page enables the device to be reset from a remote location. Save all changes to the
Running Configuration file before resetting the device. This prevents the current device configuration
from being lost. To reset the device:
Reset Page
2
Logging Off The Device
Click . The system logs off. The Embedded Web System Home Page closes.
Chapter 2: Getting Started
Resetting the Device
8
Chapter
SFE1000P Gigabit Ethernet Switch Reference Guide
Managing Device Information
This section provides information for defining both basic and advanced system information. This
section contains the following topics:
• Understanding the Device Zoom View
• Defining General System Information
• Resetting the Device
Understanding the Device Zoom View
The Zoom Page is the main window used for viewing the device.
Zoom Page
3
The Zoom Page contains the following port indicators:
• Green — Indicates the port is currently operating.
Chapter 3: Managing Device Information
Understanding the Device Zoom View
9
Chapter
SFE1000P Gigabit Ethernet Switch Reference Guide
Defining General System Information
The System Information Page contains parameters for configuring general device information.
System Information Page
3
The System Information Page contains the following fields:
• Model Name — Displays the model name of the system.
• System Name — Displays the user configured name of the system.
• System Location — Defines the location where the system is currently running. The field
range is up-to 0-160 Characters.
• System Contact — Defines the name of the contact person.The field range is up to 0-160
Characters.
• System Object ID— Displays the vendor’s authoritative identification of the network
management subsystem contained in the entity.
• System Up Time — Displays the amount of time that has elapsed since the last device reset.
The system time is displayed in the following format: Days, Hours, Minutes and Seconds. For
example: 41 days, 2 hours, 22 minutes and 15 seconds.
• Base MAC Address — Displays the device MAC address.
• Hardware Version — Displays the hardware version number.
• Software Version — Displays the software version number.
• Boot Version — Indicates the system boot version currently running on the device.
Chapter 3: Managing Device Information
Defining General System Information
10
Chapter
SFE1000P Gigabit Ethernet Switch Reference Guide
Resetting the Device
The Reset page enables the device to be reset from a remote location. Save all changes to the
Startup Configuration file before resetting the device. This prevents the current device configuration
from being lost.
Reset Page
3
Chapter 3: Managing Device Information
Resetting the Device
11
Chapter
SFE1000P Gigabit Ethernet Switch Reference Guide
Managing Power-over-Ethernet Devices
Power-over-Ethernet (PoE) provides power to devices over existing LAN cabling, without updating or
modifying the network infrastructure. Power-over-Ethernet removes the necessity of placing network
devices next to power sources.
Power-over-Ethernet can be used in the following applications:
•IP Phones
• Wireless Access Points
•IP Gateways
•PDAs
• Audio and video remote monitoring
Powered Devices are devices which receive power from the device power supplies, for example IP
phones. Powered Devices are connected to the device via Ethernet ports. Guard Band protects the
device from exceeding the maximum power level. For example, if 400W is maximum power level,
and the Guard Band is 20W, if the total system power consumption exceeds 380W no additional
PoE components can be added. The accumulated PoE components power consumption is rounded
down for display purposes, therefore remove value after decimal point.
4
NOTE: Due to hardware limitations, the power
measurement accuracy is 4%.
Chapter 4: Managing Power-over-Ethernet Devices
12
Chapter
SFE1000P Gigabit Ethernet Switch Reference Guide
PoE Settings
The PoE Settings Page contains system PoE information for enabling PoE on the device, monitoring
the current power usage, and enabling PoE traps.
PoE Settings Page
4
The PoE Settings Page displays the currently configured PoE ports and contains the following
information:
• Port — Displays the selected port’s number.
• Admin Status — Indicates whether PoE is enabled or disabled on the port. The possible
values are:
– Enable — Enables PoE on the port. This is the default setting.
– Disable — Disables PoE on the port.
• Priority — Indicates the PoE ports’ priority. The possible values are Critical, High and Low.
The default is Low.
• Power Allocation (watts) — Indicates the power allocated to the port. The range is 3 - 15.4
watts.
• Power Consumption (milliwatts) — Indicates the amount of power assigned to the powered
device connected to the selected interface. Devices are classified by the powered device,
and the classification information used. The field values are represented in Watts. The
possible field values are:
– 0.44 – 12.95 — Indicates that the port is assigned a power consumption level of .44 to
12.95 watts.
Chapter 4: Managing Power-over-Ethernet Devices
PoE Settings
13
SFE1000P Gigabit Ethernet Switch Reference Guide
– 0.44 – 3.8 — Indicates that the port is assigned a power consumption level of .44 to 3.8
watts.
– 3.84 – 6.49 — Indicates that the port is assigned a power consumption level of 3.84 to
6.49 watts.
– 6.49 – 12.95 — Indicates that the port is assigned a power consumption level of 6.49 to
12.95 watts.
Edit PoE
Use the Edit PoE page to change settings for your devices.
Edit PoE
Chapter
4
The Edit PoE contains the following fields:
• Port — Indicates the specific interface for which PoE parameters are defined, and assigned
to the powered interface connected to the selected port.
• Enable PoE — Enables or disables PoE on the port. The possible values are:
– Enable — Enables PoE on the port. This is the default setting.
– Disable — Disables PoE on the port.
• Power Priority Level — Determines the port priority if the power supply is low. The port
power priority is used if the power supply is low. The field default is low. For example, if the
power supply is running at 99% usage, and port 1 is prioritized as high, but port 3 is
prioritized as low, port 1 is prioritized to receive power, and port 3 may be denied power.
The possible field values are:
– Low — Defines the PoE priority level as low. This is the default level.
Chapter 4: Managing Power-over-Ethernet Devices
PoE Settings
14
Chapter
SFE1000P Gigabit Ethernet Switch Reference Guide
– High — Defines the PoE priority level as high.
– Critical — Defines the PoE priority level as Critical. This is the highest PoE priority level.
• Power Consumption — Indicates the amount of power assigned to the powered device
connected to the selected interface. Devices are classified by the powered device, and the
classification information used. The field values are represented in Watts. The possible field
values are:
– 0.44 – 12.95 — Indicates that the port is assigned a power consumption level of 0.44 to
12.95 Watts.
– 0.44 – 3.8 — Indicates that the port is assigned a power consumption level of 0.44 to
3.8 Watts.
– 3.84 – 6.49 — Indicates that the port is assigned a power consumption level of 3.84 to
6.49 Watts.
– 6.49 – 12.95 — Indicates that the port is assigned a power consumption level of 6.49 to
12.95 Watts.
4
• Overload Counter — Indicates the total power overload occurrences.
• Short Counter — Indicates the total power shortage occurrences.
• Denied Counter — Indicates times the powered device was denied power.
• Absent Counter — Indicates the times the power supply was stopped to the powered device
because the powered device was no longer detected.
• Invalid Signature Counter — Indicate the times an invalid signature was received.
Signatures are the means by which the powered device identifies itself to the PSE. Signature
are generated during powered device detection, classification, or maintenance.
• Power Allocation — Indicates the power allocated to the port. The range is 3 - 15.4 watts.
Chapter 4: Managing Power-over-Ethernet Devices
PoE Settings
15
SFE1000P Gigabit Ethernet Switch Reference Guide
Configuring Device Security
The Security Suite contains the following sections:
• Passwords Management
• Defining Authentication
• Defining Access Method
• Defining Traffic Control
• Defining 802.1x
• Defining Access Control
• Defining DoS Prevention
Passwords Management
Chapter
5
This section contains information for defining passwords. Passwords are used to authenticate users
accessing the device.
NOTE: By default, a single user name is defined,
"admin", with no password. An additional user name/
password is configured for use in the system.
User Authentication Page
The User Authentication Page contains the following fields:
Chapter 5: Configuring Device Security
Passwords Management
16
SFE1000P Gigabit Ethernet Switch Reference Guide
• User Name — Displays the user name.
• Edit — Click to modify the user name and/or password.
• Add — Click to add a new user.
• Delete — To delete a user name, select the user name and click the Delete button.
Add Local User
Add Local User Page
Chapter
5
The Add Local User Page contains the following fields:
• User Name — Displays the user name.
• Password — Specifies the new password. The is not displayed. As it entered an "*"
corresponding to each character is displayed in the field. (Range: 1-159 characters)
• Confirm Password — Confirms the new password. The password entered into this field must
be exactly the same as the password entered in the Password field.
Modifying the Local User Settings
Edit Local User Page
The Edit Local User Page contains the following fields:
• User Name — Displays the user name.
Chapter 5: Configuring Device Security
Passwords Management
17
Chapter
SFE1000P Gigabit Ethernet Switch Reference Guide
• Password — Specifies the new password. The password is not displayed. As it entered an
"*" corresponding to each character is displayed in the field. (Range: 1-159 characters)
• Confirm Password — Confirms the new password. The password entered into this field must
be exactly the same as the password entered in the Password field.
Defining Authentication
The Authentication section contains the following pages:
• Defining Authentication Profiles
• Mapping Authentication Profiles
• Defining TACACS+
• Defining RADIUS
Defining Authentication Profiles
5
Authentication profiles allow network administrators to assign authentication methods for user
authentication. User authentication can be performed locally or on an external server. User
authentication occurs in the order the methods are selected. If the first authentication method is not
available, the next selected method is used. For example, if the selected authentication methods are
RADIUS and Local, and the RADIUS server is not available, then the user is authenticated locally.
Profiles Page
The Profiles Page contains the following fields:
• Profile Name — Displays the Profile name defined for the Login Table.
Chapter 5: Configuring Device Security
Defining Authentication
18
Chapter
SFE1000P Gigabit Ethernet Switch Reference Guide
• Methods — Specifies the authentication method used for port authentication. The possible
field values are:
– Local — Authenticates the user at the device level. The device checks the user name and
password for authentication.
– RADIUS — Authenticates the user at the RADIUS server.
– TACACS+ — Authenticates the user at the TACACS+ server.
– None — Indicates that no authentication method is used to authenticate the port.
Add Authentication Profile
Add Authentication Profile Page
5
The Add Authentication Profile Page contains the following fields:
• Profile Name — Displays the Authentication profile name.
• Authentication Method — Defines the user authentication methods. The order of the
authentication methods indicates the order in which authentication is attempted. For
example, if the authentication method order is RADIUS, Local, the system first attempts to
authenticate the user on a RADIUS server. If there is no available RADIUS server, then
authentication is attempted on the local data base. Note that if the RADIUS server is
available, but authentication fails, then the user is denied access. The possible field values
are:
– Local — Authenticates the user at the device level. The device checks the user name and
password for authentication.
– RADIUS — Authenticates the user at the RADIUS server.
– TACACS+ — Authenticates the user at the TACACS+ server.
– None — Indicates that no authentication method is used to authenticate the port.
Chapter 5: Configuring Device Security
Defining Authentication
19
SFE1000P Gigabit Ethernet Switch Reference Guide
Modify the Authentication Profile
Edit Authentication Profile Page
The Edit Authentication Profile Page contains the following fields:
Chapter
5
• Profile Name — Displays the Authentication profile name.
• Authentication Methods — Defines the user authentication methods. The possible field
values are:
– Local — Authenticates the user at the device level. The device checks the user name and
password for authentication.
– RADIUS — Authenticates the user at the RADIUS server.
– TACACS+ — Authenticates the user at the TACACS+ server.
– None — No user authentication is attempted.
Chapter 5: Configuring Device Security
Defining Authentication
20
Chapter
SFE1000P Gigabit Ethernet Switch Reference Guide
Mapping Authentication Profiles
After authentication profiles are defined, they can be applied to management access methods. For
example, console users can be authenticated by one authentication profile, while Telnet users are
authenticated by another authentication profile.
Authentication methods are selected using arrows. The order in which the methods are selected is
the order by which the authentication methods are used.
The Mapping Profiles Page contains parameters for mapping authentication methods.
Mapping Profiles Page
5
The Mapping Profiles Page contains the following fields:
• Console — Indicates that Authentication profiles are used to authenticate console users.
• Tel ne t — Indicates that Authentication profiles are used to authenticate Telnet users.
• Secure Telnet (SSH) — Indicates that Authentication profiles are used to authenticate Secure
Shell (SSH) users. SSH provides clients secure and encrypted remote connections to a
device.
• Secure HTTP — Configures the device Secure HTTP settings.
– Optional Methods — Lists available authentication methods.
– Local — Authenticates the user at the device level. The device checks the user name and
password for authentication.
– RADIUS — Remote Authorization Dial-In User Service (RADIUS) servers provide
additional security for networks.
Chapter 5: Configuring Device Security
Defining Authentication
21
Chapter
SFE1000P Gigabit Ethernet Switch Reference Guide
– TACACS+ — Terminal Access Controller Access Control System (TACACS+) provides
centralized security user access validation.
– None — Indicates that no authentication method is used to authenticate the port.
• Selected Methods — Selects authentication methods from the methods offered in the
Optional methods area.
• HTTP — Configures the device HTTP settings.
• Optional Methods — Lists available authentication methods.
– Local — Authenticates the user at the device level. The device checks the user name and
password for authentication.
– RADIUS — Remote Authorization Dial-In User Service (RADIUS) servers provide
additional security for networks.
– TACACS+ — Terminal Access Controller Access Control System (TACACS+) provides
centralized security user access validation.
5
– None — Indicates that no authentication method is used to authenticate the port.
• Selected Methods — Selects authentication methods from the methods offered in the
Optional methods area.
Defining TACACS+
The devices provide Terminal Access Controller Access Control System (TACACS+) client support.
TACACS+ provides centralized security for validation of users accessing the device. TACACS+
provides a centralized user management system, while still retaining consistency with RADIUS and
other authentication processes. TACACS+ provides the following services:
• Authentication — Provides authentication during login and via user names and userdefined passwords.
• Authorization — Performed at login. Once the authentication session is completed, an
authorization session starts using the authenticated user name. The TACACS server checks
the user privileges.
The TACACS+ protocol ensures network integrity through encrypted protocol exchanges between
the device and TACACS+ server.
The TACACS+ default parameters are user-assigned defaults. The default settings are applied to
newly defined TACACS+ servers. If default values are not defined, the system defaults are applied to
the new TACACS+ new servers. The TACACS+ Page contains fields for assigning the Default
Parameters for the TACACS+ servers.
Chapter 5: Configuring Device Security
Defining TACACS+
22
Loading...