User Guide
Page 17
...Access Control Overview 233 29.2 The Access Control Main Screen 233 29.3 About SNMP ...234 29.3.1 SNMP v3 and Security 235 29.3.2 Supported MIBs 235 29.3.3 SNMP Traps ...236 29.3.4 Configuring SNMP 240 29.3.5 Configuring SNMP Trap Group 243 29.3.6 Setting Up Login Accounts 244 29.4 SSH Overview ......245 29.5 How SSH works ...246 29.6 SSH Implementation on the Switch 247 29.6.1 Requirements for Using SSH 247 29.7 Introduction to HTTPS ...247 ES...
...Access Control Overview 233 29.2 The Access Control Main Screen 233 29.3 About SNMP ...234 29.3.1 SNMP v3 and Security 235 29.3.2 Supported MIBs 235 29.3.3 SNMP Traps ...236 29.3.4 Configuring SNMP 240 29.3.5 Configuring SNMP Trap Group 243 29.3.6 Setting Up Login Accounts 244 29.4 SSH Overview ......245 29.5 How SSH works ...246 29.6 SSH Implementation on the Switch 247 29.6.1 Requirements for Using SSH 247 29.7 Introduction to HTTPS ...247 ES...
User Guide
Page 23
ES-2024 Series User's Guide 23 You can connect computers and servers directly to the Switch's port or connect other switches to Know Your Switch This .... CHAPTER 1 Getting to the Switch. See Appendix A on page 279 for a full list of software features available on the console port, or third-party SNMP management. The ES-2024PWR comes with 24 10/100Mbps ports and two Gigabit Ethernet/mini-GBIC ports. The Switch can be used standalone for small networks where...
ES-2024 Series User's Guide 23 You can connect computers and servers directly to the Switch's port or connect other switches to Know Your Switch This .... CHAPTER 1 Getting to the Switch. See Appendix A on page 279 for a full list of software features available on the console port, or third-party SNMP management. The ES-2024PWR comes with 24 10/100Mbps ports and two Gigabit Ethernet/mini-GBIC ports. The Switch can be used standalone for small networks where...
User Guide
Page 26
... commands offer an alternative to the Web Configurator and may be monitored and/or managed by all ports in a safe place. 26 ES-2024 Series User's Guide See Section 28.8 on page 41. • Command Line Interface. This is recommended for firmware upgrades and configuration backup/...to configure advanced features. Chapter 1 Getting to Know Your Switch Shared resources such as the server. In the following methods to be used by an SNMP manager. See the CLI Reference Guide. • FTP. Ports can belong to manage the Switch more secure and to other VLAN groups too. Figure...
... commands offer an alternative to the Web Configurator and may be monitored and/or managed by all ports in a safe place. 26 ES-2024 Series User's Guide See Section 28.8 on page 41. • Command Line Interface. This is recommended for firmware upgrades and configuration backup/...to configure advanced features. Chapter 1 Getting to Know Your Switch Shared resources such as the server. In the following methods to be used by an SNMP manager. See the CLI Reference Guide. • FTP. Ports can belong to manage the Switch more secure and to other VLAN groups too. Figure...
User Guide
Page 45
...Port Authentication DiffServ DSCP Setting DHCP Global Relay VLAN Setting Firmware Upgrade Restore Configuration Backup Configuration Load Factory Default Save Configuration Reboot System Access Control SNMP Trap Group Logins Service Access Control Remote Management Diagnostic Syslog Syslog Server Setup Cluster Management 802.1x Port Security Clustering Management Configuration Queuing Method ... Clone AAA RADIUS Server Setup TACACS+ Server Setup AAA Setup IP Source Guard Static Binding ARP Inspection Status LogStatus Configure Port VLAN Loop Guard ES-2024 Series User's Guide 45
...Port Authentication DiffServ DSCP Setting DHCP Global Relay VLAN Setting Firmware Upgrade Restore Configuration Backup Configuration Load Factory Default Save Configuration Reboot System Access Control SNMP Trap Group Logins Service Access Control Remote Management Diagnostic Syslog Syslog Server Setup Cluster Management 802.1x Port Security Clustering Management Configuration Queuing Method ... Clone AAA RADIUS Server Setup TACACS+ Server Setup AAA Setup IP Source Guard Static Binding ARP Inspection Status LogStatus Configure Port VLAN Loop Guard ES-2024 Series User's Guide 45
User Guide
Page 47
IP Source Guard This link takes you to screens where you can change the system login password and configure SNMP and remote management. Access Control This link takes you to a screen where you can configure filtering of your network. Cluster Management This link takes you ... link takes you to a screen where you can configure protection against network loops that occur on the edge of unauthorized ARP packets in your network. ES-2024 Series User's Guide 47 Loop Guard This link takes you to a screen where you can view the MAC addresses - MAC Table This link takes...
IP Source Guard This link takes you to screens where you can change the system login password and configure SNMP and remote management. Access Control This link takes you to a screen where you can configure filtering of your network. Cluster Management This link takes you ... link takes you to a screen where you can configure protection against network loops that occur on the edge of unauthorized ARP packets in your network. ES-2024 Series User's Guide 47 Loop Guard This link takes you to a screen where you can view the MAC addresses - MAC Table This link takes...
User Guide
Page 204
... option to all ports. This field displays a port number. Table 65 Advanced Application > Loop Guard LABEL DESCRIPTION Active Select this screen afresh. 204 ES-2024 Series User's Guide Chapter 24 Loop Guard The following table describes the labels in this row first and then make them. Port * The Switch... generates syslog, internal log messages as well as SNMP traps when it is connected to make the setting the same for all the ports as soon as you are copied to enable loop guard...
... option to all ports. This field displays a port number. Table 65 Advanced Application > Loop Guard LABEL DESCRIPTION Active Select this screen afresh. 204 ES-2024 Series User's Guide Chapter 24 Loop Guard The following table describes the labels in this row first and then make them. Port * The Switch... generates syslog, internal log messages as well as SNMP traps when it is connected to make the setting the same for all the ports as soon as you are copied to enable loop guard...
User Guide
Page 207
...can also use router R2 to send traffic to remote management stations that is not reachable through the default gateway. Figure 107 Static Routing Overview ES-2024 Series User's Guide 207 The Switch needs a static route to tell it back to test IP connectivity. This figure shows a Telnet session... coming in from network N1. Use IP static routes to have the Switch respond to an SNMP trap server on network N2. CHAPTER 25 Static Route This chapter shows you how to configure static routes. 25.1 Static Routing Overview The Switch ...
...can also use router R2 to send traffic to remote management stations that is not reachable through the default gateway. Figure 107 Static Routing Overview ES-2024 Series User's Guide 207 The Switch needs a static route to tell it back to test IP connectivity. This figure shows a Telnet session... coming in from network N1. Use IP static routes to have the Switch respond to an SNMP trap server on network N2. CHAPTER 25 Static Route This chapter shows you how to configure static routes. 25.1 Static Routing Overview The Switch ...
User Guide
Page 233
Figure 126 Management > Access Control ES-2024 Series User's Guide 233 CHAPTER 29 Access Control This chapter describes how to ...session sessions Web Up to five Web sessions (five different usernames and passwords) and/or limitless SNMP access control sessions are allowed. Table 77 Access Control Overview Console Port SSH Telnet FTP One session Share up ...to five accounts SNMP No limit A console port access control session and Telnet access control session cannot coexist when multi-login...
Figure 126 Management > Access Control ES-2024 Series User's Guide 233 CHAPTER 29 Access Control This chapter describes how to ...session sessions Web Up to five Web sessions (five different usernames and passwords) and/or limitless SNMP access control sessions are allowed. Table 77 Access Control Overview Console Port SSH Telnet FTP One session Share up ...to five accounts SNMP No limit A console port access control session and Telnet access control session cannot coexist when multi-login...
User Guide
Page 234
... agent is used to communicate for the purpose of two main components: agents and a manager. Figure 127 SNMP Management Model An SNMP managed network consists of accessing these objects. 234 ES-2024 Series User's Guide SNMP allows a manager and agents to manage and monitor TCP/IP-based devices. The managed devices contain object variables...
... agent is used to communicate for the purpose of two main components: agents and a manager. Figure 127 SNMP Management Model An SNMP managed network consists of accessing these objects. 234 ES-2024 Series User's Guide SNMP allows a manager and agents to manage and monitor TCP/IP-based devices. The managed devices contain object variables...
User Guide
Page 235
...IP, RFC 2012 SNMPv2 MIB for TCP, RFC 2013 SNMPv2 MIB for UDP ES-2024 Series User's Guide 235 Trap Used by the agent to set values for SNMP management. When the contents of the SNMP messages are encrypted, only the intended recipients can be required to retrieve the ...next object variable from an agent, it initiates a Get operation, followed by encrypting the SNMP messages sent from the agent. Set Allows the manager to inform the manager of GetNext operations. The Switch supports the following protocol operations: ...
...IP, RFC 2012 SNMPv2 MIB for TCP, RFC 2013 SNMPv2 MIB for UDP ES-2024 Series User's Guide 235 Trap Used by the agent to set values for SNMP management. When the contents of the SNMP messages are encrypted, only the intended recipients can be required to retrieve the ...next object variable from an agent, it initiates a Get operation, followed by encrypting the SNMP messages sent from the agent. Set Allows the manager to inform the manager of GetNext operations. The Switch supports the following protocol operations: ...
User Guide
Page 236
...SNMP Traps The Switch sends traps to the normal operating range. 1.3.6.1.4.1.890.1.5.8.16.2 This trap is sent when the 7.2.1 Switch automatically resets. ControlledResetEventOn RebootEvent 1.3.6.1.4.1.890.1.5.8.27.2 7.2.1 1.3.6.1.4.1.890.1.5.8.16.2 7.2.1 1.3.6.1.4.1.890.1.5.8.27.2 7.2.1 This trap is sent when the Switch resets by category. An OID (Object ID) that begins with "1.3.6.1.4.1.890.1.5.8.16" (ES-2024A...) or "1.3.6.1.4.1.890.1.5.8.27" (ES-2024PWR) is defined in private MIBs.
...SNMP Traps The Switch sends traps to the normal operating range. 1.3.6.1.4.1.890.1.5.8.16.2 This trap is sent when the 7.2.1 Switch automatically resets. ControlledResetEventOn RebootEvent 1.3.6.1.4.1.890.1.5.8.27.2 7.2.1 1.3.6.1.4.1.890.1.5.8.16.2 7.2.1 1.3.6.1.4.1.890.1.5.8.27.2 7.2.1 This trap is sent when the Switch resets by category. An OID (Object ID) that begins with "1.3.6.1.4.1.890.1.5.8.16" (ES-2024A...) or "1.3.6.1.4.1.890.1.5.8.27" (ES-2024PWR) is defined in private MIBs.
User Guide
Page 237
... peer Ethernet interface. loopguard LoopguardEventOn 1.3.6.1.4.1.890.1.5.8.27.2 7.2.1 1.3.6.1.4.1.890.1.5.8.16.2 This trap is sent when 7.2.1 loopguard shuts down a port. 1.3.6.1.4.1.890.1.5.8.27.2 7.2.1 Table 80 SNMP Interface Traps OPTION OBJECT LABEL linkup linkUp LinkDownEventClear OBJECT ID DESCRIPTION 1.3.6.1.6.3.1.1.5.4 This trap is sent when the Ethernet link is up. 1.3.6.1.4.1.890.1.5.8.16.27 This....1.5.8.16.27 This trap is sent when the .2.1 Ethernet link is sent when the Switch gets the time and date from a time server. ES-2024 Series User's Guide 237
... peer Ethernet interface. loopguard LoopguardEventOn 1.3.6.1.4.1.890.1.5.8.27.2 7.2.1 1.3.6.1.4.1.890.1.5.8.16.2 This trap is sent when 7.2.1 loopguard shuts down a port. 1.3.6.1.4.1.890.1.5.8.27.2 7.2.1 Table 80 SNMP Interface Traps OPTION OBJECT LABEL linkup linkUp LinkDownEventClear OBJECT ID DESCRIPTION 1.3.6.1.6.3.1.1.5.4 This trap is sent when the Ethernet link is up. 1.3.6.1.4.1.890.1.5.8.16.27 This....1.5.8.16.27 This trap is sent when the .2.1 Ethernet link is sent when the Switch gets the time and date from a time server. ES-2024 Series User's Guide 237
User Guide
Page 238
... LABEL OBJECT ID DESCRIPTION authenticati authenticationFailure on 1.3.6.1.6.3.1.1.5.5 This trap is sent when the RADIUS server can be reached. 238 ES-2024 Series User's Guide transceiverddmiEventClea r 1.3.6.1.4.1.890.1.5.8.45.27 .2.2 This trap is sent when the nge LLDP (Link Layer... Discovery Protocol) remote topology changes. Chapter 29 Access Control Table 80 SNMP Interface Traps (continued) OPTION OBJECT LABEL OBJECT ID DESCRIPTION lldp LLDPRemoteTopologyCha 1.0.8802.1.1.2.0.0.1 This trap is sent when all device...
... LABEL OBJECT ID DESCRIPTION authenticati authenticationFailure on 1.3.6.1.6.3.1.1.5.5 This trap is sent when the RADIUS server can be reached. 238 ES-2024 Series User's Guide transceiverddmiEventClea r 1.3.6.1.4.1.890.1.5.8.45.27 .2.2 This trap is sent when the nge LLDP (Link Layer... Discovery Protocol) remote topology changes. Chapter 29 Access Control Table 80 SNMP Interface Traps (continued) OPTION OBJECT LABEL OBJECT ID DESCRIPTION lldp LLDPRemoteTopologyCha 1.0.8802.1.1.2.0.0.1 This trap is sent when all device...
User Guide
Page 239
Table 82 SNMP IP Traps OPTION OBJECT LABEL ping pingProbeFailed pingTestFailed OBJECT ID 1.3.6.1.2.1.80.0.1 1.3.6.1.2.1.80.0.2 pingTestCompleted 1.3.6.1.2.1.80.0.3 traceroute traceRouteTestFailed 1.3.6.1.2.1.81.0.2 traceRouteTestCompleted 1.3.6.1.2.1.81...is completed. This trap is sent when the MSTP 07.70.2 root switch changes. 1.3.6.1.4.1.890.1.5.8.27.1 07.70.2 ES-2024 Series User's Guide 239 Table 83 SNMP Switch Traps OPTION OBJECT LABEL stp STPNewRoot MSTPNewRoot STPTopologyChange MSTPTopologyChange OBJECT ID DESCRIPTION 1.3.6.1.2.1.17.0.1 This trap is sent when ...
Table 82 SNMP IP Traps OPTION OBJECT LABEL ping pingProbeFailed pingTestFailed OBJECT ID 1.3.6.1.2.1.80.0.1 1.3.6.1.2.1.80.0.2 pingTestCompleted 1.3.6.1.2.1.80.0.3 traceroute traceRouteTestFailed 1.3.6.1.2.1.81.0.2 traceRouteTestCompleted 1.3.6.1.2.1.81...is completed. This trap is sent when the MSTP 07.70.2 root switch changes. 1.3.6.1.4.1.890.1.5.8.27.1 07.70.2 ES-2024 Series User's Guide 239 Table 83 SNMP Switch Traps OPTION OBJECT LABEL stp STPNewRoot MSTPNewRoot STPTopologyChange MSTPTopologyChange OBJECT ID DESCRIPTION 1.3.6.1.2.1.17.0.1 This trap is sent when ...
User Guide
Page 240
....1.5.1.1.15 This trap is sent when a variable goes over the RMON "rising" threshold. 1.3.6.1.4.1.890.1.5.1.1.16 This trap is used . Figure 128 Management > Access Control > SNMP 240 ES-2024 Series User's Guide MacTableFullEventClear 1.3.6.1.4.1.890.1.5.8.16.2 This trap is sent when less than 99% of the MAC table is sent when the variable falls...
....1.5.1.1.15 This trap is sent when a variable goes over the RMON "rising" threshold. 1.3.6.1.4.1.890.1.5.1.1.16 This trap is used . Figure 128 Management > Access Control > SNMP 240 ES-2024 Series User's Guide MacTableFullEventClear 1.3.6.1.4.1.890.1.5.8.16.2 This trap is sent when less than 99% of the MAC table is sent when the variable falls...
User Guide
Page 241
...> Access Control > Logins screen). Index Username Note: Use the username and password of up to four managers to send your SNMP traps to specify the SNMP version and community (password) values. Get Community Enter the Get Community string, which is a read-only number identifying a login... account on the Switch. ES-2024 Series User's Guide 241 Enter the Set Community, which is backwards compatible with each trap to the SNMP manager. This is the password for SNMP traps. This field displays the username of the SNMP trap messages. requests from the Switch....
...> Access Control > Logins screen). Index Username Note: Use the username and password of up to four managers to send your SNMP traps to specify the SNMP version and community (password) values. Get Community Enter the Get Community string, which is a read-only number identifying a login... account on the Switch. ES-2024 Series User's Guide 241 Enter the Set Community, which is backwards compatible with each trap to the SNMP manager. This is the password for SNMP traps. This field displays the username of the SNMP trap messages. requests from the Switch....
User Guide
Page 242
...128-bit key to authenticate SNMP data. to implement authentication and/or encryption for SNMP communication from this user. This is another method for SNMP messages sent by this user. • priv - Specify the encryption method for SNMP messages sent by this screen afresh. 242 ES-2024 Series User's Guide ...The Switch loses these changes if it is generally considered stronger than the security level settings on the top navigation panel to save your changes to the Get, Set and Trap Community in SNMP v2c. Click Cancel ...
...128-bit key to authenticate SNMP data. to implement authentication and/or encryption for SNMP communication from this user. This is another method for SNMP messages sent by this user. • priv - Specify the encryption method for SNMP messages sent by this screen afresh. 242 ES-2024 Series User's Guide ...The Switch loses these changes if it is generally considered stronger than the security level settings on the top navigation panel to save your changes to the Get, Set and Trap Community in SNMP v2c. Click Cancel ...
User Guide
Page 243
... when you do not want the Switch to send to the SNMP station. Apply Cancel The traps are Destination IP the IP addresses of SNMP traps that SNMP manager. Click Cancel to specify the types of the SNMP managers. ES-2024 Series User's Guide 243 Use the Trap Group screen to... begin configuring this screen. These are grouped by category. Select the individual SNMP traps that you are done configuring...
... when you do not want the Switch to send to the SNMP station. Apply Cancel The traps are Destination IP the IP addresses of SNMP traps that SNMP manager. Click Cancel to specify the types of the SNMP managers. ES-2024 Series User's Guide 243 Use the Trap Group screen to... begin configuring this screen. These are grouped by category. Select the individual SNMP traps that you are done configuring...
User Guide
Page 253
... box if you are done configuring. Click Apply to save your changes to the nonvolatile memory when you wish to temporarily disable the set . ES-2024 Series User's Guide 253 The Switch immediately disconnects the session if it does not match. Select services that may use a service to begin...save your changes to the Switch's run-time memory. Click Access Control to return to manage the Switch. End Address Telnet/FTP/ HTTP/ICMP/ SNMP/SSH/ HTTPS Apply Cancel The Switch checks if the client IP address of one or more "trusted computers" from which an administrator may be used...
... box if you are done configuring. Click Apply to save your changes to the nonvolatile memory when you wish to temporarily disable the set . ES-2024 Series User's Guide 253 The Switch immediately disconnects the session if it does not match. Select services that may use a service to begin...save your changes to the Switch's run-time memory. Click Access Control to return to manage the Switch. End Address Telnet/FTP/ HTTP/ICMP/ SNMP/SSH/ HTTPS Apply Cancel The Switch checks if the client IP address of one or more "trusted computers" from which an administrator may be used...
User Guide
Page 283
..., Value). Because link layer Ethernet OAM operates at layer two of the OSI (Open Systems Interconnection Basic Reference) model, neither IP or SNMP are directly connected to the network device. Bridging 8K MAC addresses (2 way set associative) Static MAC address forwarding 256 entries Broadcast storm control...capabilities on the local network. It also allows the device to maintain and store information from 10 to 3000 sec default 300 sec ES-2024 Series User's Guide 283 Device information carried in the received LLDPDUs is encapsulated in the LLDPDUs (LLDP data units) in the...
..., Value). Because link layer Ethernet OAM operates at layer two of the OSI (Open Systems Interconnection Basic Reference) model, neither IP or SNMP are directly connected to the network device. Bridging 8K MAC addresses (2 way set associative) Static MAC address forwarding 256 entries Broadcast storm control...capabilities on the local network. It also allows the device to maintain and store information from 10 to 3000 sec default 300 sec ES-2024 Series User's Guide 283 Device information carried in the received LLDPDUs is encapsulated in the LLDPDUs (LLDP data units) in the...