ZyXEL Communications MES3500-24 User Manual
Chapter 38 Access Control
MES3500-24/24F User’s Guide
303
38.7 SSH Implementation on the Switch
Your Switch supports SSH version 2 using RSA authentication and three encryption methods (DES,
3DES and Blowfish). The SSH server is implemented on the Switch for remote management and file
transfer on port 22. Only one SSH connection is allowed at a time.
3DES and Blowfish). The SSH server is implemented on the Switch for remote management and file
transfer on port 22. Only one SSH connection is allowed at a time.
38.7.1 Requirements for Using SSH
You must install an SSH client program on a client computer (Windows or Linux operating system)
that is used to connect to the Switch over SSH.
that is used to connect to the Switch over SSH.
38.8 Introduction to HTTPS
HTTPS (HyperText Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a web protocol
that encrypts and decrypts web pages. Secure Socket Layer (SSL) is an application-level protocol
that enables secure transactions of data by ensuring confidentiality (an unauthorized party cannot
read the transferred data), authentication (one party can identify the other party) and data
integrity (you know if data has been changed).
that encrypts and decrypts web pages. Secure Socket Layer (SSL) is an application-level protocol
that enables secure transactions of data by ensuring confidentiality (an unauthorized party cannot
read the transferred data), authentication (one party can identify the other party) and data
integrity (you know if data has been changed).
It relies upon certificates, public keys, and private keys.
HTTPS on the Switch is used so that you may securely access the Switch using the web
configurator. The SSL protocol specifies that the SSL server (the Switch) must always authenticate
itself to the SSL client (the computer which requests the HTTPS connection with the Switch),
whereas the SSL client only should authenticate itself when the SSL server requires it to do so.
Authenticating client certificates is optional and if selected means the SSL-client must send the
Switch a certificate. You must apply for a certificate for the browser from a CA that is a trusted CA
on the Switch.
configurator. The SSL protocol specifies that the SSL server (the Switch) must always authenticate
itself to the SSL client (the computer which requests the HTTPS connection with the Switch),
whereas the SSL client only should authenticate itself when the SSL server requires it to do so.
Authenticating client certificates is optional and if selected means the SSL-client must send the
Switch a certificate. You must apply for a certificate for the browser from a CA that is a trusted CA
on the Switch.
Please refer to the following figure.
1
HTTPS connection requests from an SSL-aware web browser go to port 443 (by default) on the
Switch’s WS (web server).
Switch’s WS (web server).
2
HTTP connection requests from a web browser go to port 80 (by default) on the Switch’s WS (web
server).
server).
Figure 180
HTTPS Implementation