Guía De ReferenciaTabla de contenidosRegulatory Information for the Nortel Ethernet Routing Switch2500 Series1Contents11New in this release13Before You Begin15Before you begin15Installing the switch on a table or shelf15Installing the switch in an equipment rack16Power specifications18AC power specifications18Deutsche23Hinweise zur Verwendung23Installation des Switch auf einem Tisch oder Regal23Installation des Switch in einem Rack24Leistungsdaten26Leistungsdaten (Wechselstrom)26Wechselstrom-Anschluss26Sicherheitsinformationen28Español31Antes de comenzar31Instalación del conmutador en una mesa o estantería31Instalación del conmutador en un bastidor para equipos32Especificaciones eléctricas34Especificaciones eléctricas de CA34Conexión a CA34Mensajes de seguridad36Français39Avant de commencer39Installation du commutateur sur une table ou sur une étagère39Installation du commutateur dans un rack40Alimentation: Caractéristiques42Alimentation secteur: caractéristiques42Alimentation secteur: connexion42Messages de sécurité44Português47Antes de você comece47Instalando o ERS 2500 Series em uma tabela ou em uma prateleira47Instalando o ERS 2500 Series em uma cremalheira de equipamento48Especificações do poder50Especificações do poder de C.A.50Poder de C.A. conectando50Mensagens de segurança52Tables18Table 118Table 226Table 334Table 442Table 550Tamaño: 700 KBPáginas: 56Languages: English, Português, Deutsch, Español, FrançaisManuales abiertas
Guía Del UsuarioTabla de contenidosSecurity — Configuration and Management1Contents5New in this release9Features9Advanced Security features9Introduction11Before you begin11Text conventions11Related publications13How to get help14Getting help from the Nortel Web site14Getting help through a Nortel distributor or reseller14Getting help over the phone from a Nortel Solutions Center14Getting help from a specialist by using an Express Routing Code15Using security in your network17Setting management passwords17Console/TELNET/Web password Configuration17Username and password17Logging on18Configuring Security options18RADIUS-based network security20MAC address-based security21EAPOL-based security21EAPoL with Guest VLAN23EAPOL Security Configuration23Password security24Password length and valid characters24Password retry24Password history24Password display24Password verification24Password aging time25Read-Only and Read-Write passwords must be different25Applicable passwords25Enabling and disabling password security25Default passwords26HTTP port number change26Simple Network Management Protocol26SNMP Version 1 (SNMPv1)26Nortel Ethernet Routing Switch 2500 Series support for SNMP27SNMP MIB support27SNMP trap support28Advanced EAPOL features28Non-EAP hosts on EAP-enabled ports30Configuring Security using the CLI35Securing your system35Setting the username and password35Setting password security37Configuring the IP manager list39Changing the http port number43Setting Telnet access44Configuring Secure Shell (SSH)48Setting server for Web-based management55Configuring the RADIUS-based management password authentication56Setting SNMP parameters58Common SNMP and SNMPv3 CLI commands58CLI commands specific to SNMPv369Securing your network80Configuring MAC address filter-based security80Configuring EAPOL-based security87Configuring advanced EAPOL features94Configuring Security using Device Manager110EAPOL tab110General tab111SecurityList tab114Security, Insert SecurityList dialog box115AuthConfig tab116Security, Insert AuthConfig dialog box117AuthStatus tab119AuthViolation tab122SSH tab122SSH Sessions tab124Radius Server tab125Configuring EAPOL on ports126EAPOL tab for a port127EAPOL Advance tab for ports129EAPOL Stats tab for graphing ports136EAPOL Diag tab for graphing ports138Configuring SNMP141SNMP tab141Trap Receivers tab142Graphing SNMP statistics144Working with SNMPv3147Initial Login with an SNMPv3 User148User-based Security Model149View-based Access Control Model152Creating a community159Management Targets161The Notify Table166Configuring Security using web-based management169Configuring system security169Setting console, Telnet, and Web passwords169Configuring RADIUS dial-in access security172Accessing the management interface173Configuring MAC address-based security175Configuring MAC address-based security176Configuring ports179Adding MAC addresses181Clearing ports183Enabling security on ports184Deleting ports186Filtering MAC destination addresses186Deleting MAC DAs187About SNMP188Configuring SNMPv1188Configuring SNMPv3190Viewing SNMPv3 system information190Configuring user access to SNMPv3193Configuring an SNMPv3€system user group membership196Configuring SNMPv3€group access rights199Configuring an SNMPv3€management information view202Configuring an€SNMPv3 system notification entry205Configuring an SNMPv3€management target address208Configuring an€SNMPv3 management target parameter211Configuring an€SNMP trap receiver213SNMP MIB support217Index220Figures19Figure 1 Ethernet Routing Switch 2500 Series security feature19Figure 2 show ipmgr command output40Figure 3 show http-port command output43Figure 4 Telnet icon on Device Manager toolbar45Figure 5 show telnet-access command output46Figure 6 show ssh global command output49Figure 7 show ssh session command output50Figure 8 show ssh download-auth-key command output50Figure 9 show radius-server command output57Figure 10 show mac-security command output81Figure 11 show eapol command output88Figure 12 show eapol auth-diags interface command output90Figure 13 show eapol auth-stats interface command output90Figure 14 show eapol guest-vlan command output94Figure 15 show eapol multihost non-eap-mac status command output102Figure 16 EAPOL tab111Figure 17 General tab112Figure 18 SecurityList tab114Figure 19 Security, Insert SecurityList dialog box115Figure 20 AuthConfig tab116Figure 21 Security, Insert AuthConfig dialog box118Figure 22 AuthStatus tab120Figure 23 AuthViolation tab122Figure 24 SSH tab123Figure 25 SSH Sessions tab124Figure 26 Radius Server tab125Figure 27 EAPOL tab for a port127Figure 28 EAPOL Advance tab for a port130Figure 29 EAPOL MultiHosts screen -- Multi Host Status tab132Figure 30 EAPOL MultiHosts screen -- Multi Host Session tab133Figure 31 Non-EAPOL MAC screen -- Allowed non-EAP MAC tab134Figure 32 Insert Allowed non-EAP MAC screen134Figure 33 Non-EAPOL MAC screen -- Non-EAP Status tab135Figure 34 Graph port dialog box EAPOL Stats tab137Figure 35 Graph Port dialog box EAPOL Diag tab139Figure 36 Chassis dialog box SNMP tab142Figure 37 Chassis dialog box Trap Receivers tab143Figure 38 Chassis, Insert Trap Receivers dialog box144Figure 39 Graph Chassis dialog box SNMP tab145Figure 40 USM dialog box150Figure 41 USM, Insert USM Table dialog box151Figure 42 VACM dialog, Group Membership tab153Figure 43 Group Access Right tab155Figure 44 VACM, Insert Group Access Right dialog box156Figure 45 MIB View tab157Figure 46 VACM, Insert MIB View dialog box158Figure 47 Community Table dialog box159Figure 48 Community Table, Insert Community Table dialog box160Figure 49 Target Table dialog box, Target Address Table tab162Figure 50 Target Table, Insert Target Address Table dialog box163Figure 51 Target Params Table tab164Figure 52 Target Table, Insert Target Params Table dialog box165Figure 53 NotifyTable dialog box166Figure 54 Notify Table, Insert dialog box167Figure 55 Console password setting page170Figure 56 Radius page172Figure 57 Web-based management interface log on page174Figure 58 System Information Page174Figure 59 Security Configuration page176Figure 60 Port Lists page179Figure 61 Port List View, Port List page180Figure 62 Security Table page182Figure 63 Port List View, Clear By Ports page184Figure 64 Port Configuration page185Figure 65 DA MAC Filtering page186Figure 66 SNMPv1 page189Figure 67 System Information page191Figure 68 User Specification page194Figure 69 Group Membership page197Figure 70 Group Access Rights page200Figure 71 Management Information View page203Figure 72 SNMP Trap Receiver page213Tables36Table 1 username command parameters and variables36Table 2 cli password command parameters and variables37Table 3 ipmgr command for system management parameters and variables40Table 4 no ipmgr command for management system41Table 5 ipmgr command for source IP addresses parameters and variables42Table 6 no ipmgr command for source IP addresses parameters and variables43Table 7 http-port command parameters and variables44Table 8 telnet-access command parameters and variables46Table 9 no telnet-access command parameters and variables48Table 10 ssh timeout command parameters and variables52Table 11 ssh port command parameters and variables54Table 12 ssh download-auth-key command parameters and variables54Table 13 default ssh command parameters and variables55Table 14 web-server command parameters and variables56Table 15 radius-server command parameters and variables57Table 16 snmp-server command parameters and variables60Table 17 snmp-server authentication-trap command parameters and variables60Table 18 snmp-server community for read/write command parameters and variables62Table 19 no snmp-server community command parameters and variables63Table 20 default snmp-server community command parameters and variables63Table 21 snmp-server contact command parameters and variables64Table 22 snmp-server location command parameters and variables65Table 23 no snmp-server location command parameters and variables65Table 24 snmp-server name command parameters and variables66Table 25 no snmp-server name command parameters and variables67Table 26 default snmp-server name command parameters and variables67Table 27 snmp trap link-status command parameters and variables68Table 28 no snmp trap link-status command parameters and variables68Table 29 default snmp trap link-status command parameters and variables69Table 30 snmp-server user command parameters and variables70Table 31 no snmp-server user command parameters and variables73Table 32 snmp-server view command parameters and variables73Table 33 no snmp-server view command parameters and variables74Table 34 snmp-server host for the new-style table command parameters and variables75Table 35 no snmp-server host for the new-style command parameters and variables76Table 36 snmp-server community command parameters and variables77Table 37 show snmp-server command parameters and variables79Table 38 snmp-server bootstrap command parameters and variables79Table 39 show mac-security command parameters and variables81Table 40 mac-security command parameters and variables82Table 41 mac-security mac-address-table address parameters and variables83Table 42 mac-security security-list command parameters and variables84Table 43 no mac-security mac-address-table command parameters and variables84Table 44 no mac-security security-list command parameters and variables85Table 45 mac-security command for a single port parameters and variables86Table 46 mac-security mac-da-filter command parameters and values86Table 47 show eapol command output parameters and variables88Table 48 eapol command parameters and variables91Table 49 eapol command for modifying parameters and variables91Table 50 eapol guest-vlan command parameters and variables93Table 51 General tab fields112Table 52 SecurityList tab fields115Table 53 Security, Insert SecurityList dialog box fields116Table 54 AuthConfig tab fields117Table 55 Security, Insert AuthConfig dialog box fields118Table 56 AuthStatus tab fields120Table 57 SSH tab fields123Table 58 SSH Sessions tab fields125Table 59 Radius Server tab fields126Table 60 EAPOL tab fields for a port128Table 61 EAPOL Advance tab fields for a port131Table 62 EAPOL Stats tab fields137Table 63 EAPOL Diag tab fields139Table 64 SNMP tab fields142Table 65 Trap Receivers tab fields143Table 66 SNMP tab fields145Table 67 SNMPv3 user configuration method149Table 68 USM dialog box fields150Table 69 USM, Insert USM Table dialog box fields152Table 70 View-based access control mapping153Table 71 Group Membership tab fields154Table 72 VACM dialog box Group Access Right tab fields155Table 73 VACM dialog box MIB View tab fields158Table 74 Community Table dialog box fields160Table 75 Management target tables161Table 76 Target Address Table fields162Table 77 Target Params Table tab fields165Table 78 Notify Table dialog box fields166Table 79 Console page fields171Table 80 Password Types172Table 81 RADIUS page fields173Table 82 User levels and access levels175Table 83 Security Configuration page items177Table 84 Port Lists page items180Table 85 Security Table page items182Table 86 Port Configuration page items185Table 87 DA MAC Filtering page items187Table 88 SNMPv1 page items189Table 89 System Information section fields191Table 90 SNMPv3 Counters section fields192Table 91 User Specification Table section items194Table 92 User Specification Creation section items195Table 93 Group Membership page items197Table 94 Group Access Rights page items200Table 95 Management Information View page fields204Table 96 Notification page items206Table 97 Target Address page items209Table 98 Target Parameter page items211Table 99 SNMP Trap Receiver page fields214Table 100 SNMP MIB support217Table 101 Support SNMP traps219Tamaño: 3 MBPáginas: 228Language: EnglishManuales abiertas