H3c-technologies H3C S5120 Series Switches User Manual Page 408
- Page / 745
- Table of contents
- TROUBLESHOOTING
- BOOKMARKS
Rated. / 5. Based on customer reviews
1-2
z Authorization: Grants different users different rights. For example, a user logging into the server
can be granted the permission to access and print the files in the server.
z Accounting: Records all network service usage information of users, including the service type,
start and end time, and traffic. In this way, accounting can be used for not only charging, but also
network security surveillance.
You can use AAA to provide only one or two security functions, if desired. For example, if your company
only wants employees to be authenticated before they access specific resources, you only need to
configure an authentication server. If network usage information is expected to be recorded, you also
need to configure an accounting server.
As described above, AAA provides a uniform framework to implement network security management. It
is a security mechanism that enables authenticated and authorized entities to access specific resources
and records operations of the entities. As the AAA framework thus allows for excellent scalability and
centralized user information management, it has gained wide application.
AAA can be implemented through multiple protocols. Currently, the device supports using RADIUS for
AAA.
Introduction to RADIUS
Remote Authentication Dial-In User Service (RADIUS) is a distributed information interaction protocol in
a client/server model. RADIUS can protect networks against unauthorized access and is often used in
network environments where both high security and remote user access are required. Based on UDP,
RADIUS uses UDP port 1812 for authentication and 1813 for accounting. RADIUS defines the RADIUS
packet format and message transfer mechanism.
RADIUS was originally designed for dial-in user access. With the diversification of access methods,
RADIUS has been extended to support more access methods, for example, Ethernet access and ADSL
access. It uses authentication and authorization in providing access services and uses accounting to
collect and record usage information of network resources.
Client/Server Model
z Client: The RADIUS client runs on the NASs located throughout the network. It passes user
information to designated RADIUS servers and acts on the responses (for example, rejects or
accepts user access requests).
z Server: The RADIUS server runs on the computer or workstation at the network center and
maintains information related to user authentication and network service access. It listens to
connection requests, authenticates users, and returns the processing results (for example,
rejecting or accepting the user access request) to the clients.
In general, the RADIUS server maintains three databases, namely, Users, Clients, and Dictionary, as
shown in Figure 1-2
:
- Configuration Guide 1
- All Rights Reserved 2
- Trademarks 2
- Preface 3
- 1 About This Document 4
- Conventions 8
- 2 Documentation Guide 9
- Technical Support 10
- Documentation Feedback 10
- 3 Product Features 11
- Distribution Layer Switches 12
- Access Switches 12
- S9500/S7500E 13
- S5120-SI 13
- Core/Aggregation 13
- 1 CLI Configuration 15
- Entering CLI Through Telnet 20
- Command Conventions 21
- CLI View Description 22
- Command View Reference 23
- Login command views 24
- Tips on Using the CLI 28
- Typing and Editing Commands 29
- Undo Form of a Command 31
- Controlling CLI Display 31
- Saving Configurations 34
- Supported User Interfaces 37
- User Interface Number 37
- Common Configuration 42
- Password 47
- Logging In Through SSH 66
- Management System 67
- Displaying Web Users 68
- 5 Logging In Through NMS 70
- Packets 72
- 7 Controlling Login Users 73
- [Sysname] ip http acl 2030 80
- Ethernet Port Configuration 82
- Configuring a Port Group 86
- Configuration 95
- Null Interface 96
- Operational key 100
- Configuration classes 100
- Reference port 101
- LACP protocol 101
- Link aggregation modes 102
- Selecting a reference port 103
- Configuration Guidelines 106
- Network requirements 110
- Configuration procedure 110
- Table of Contents 115
- Port Isolation Configuration 116
- Networking requirements 117
- Port Mirroring Configuration 120
- 1 LLDP Configuration 125
- LLDPDUs 127
- How LLDP Works 129
- LLDP Configuration Task List 130
- Enabling LLDP 131
- Enabling LLDP Polling 132
- Configuration Prerequisites 135
- Configuring LLDP Trapping 136
- LLDP Configuration Examples 137
- LLDP status on Switch A 139
- 3) Verify the configuration 141
- 1 VLAN Configuration 143
- VLAN Fundamentals 144
- Types of VLAN 145
- Port link type 147
- Default VLAN 147
- interface vlan-interface 151
- [ vlan-interface-id ] 151
- [ interface-type 151
- VLAN Configuration Example 152
- Verification 153
- 2 Voice VLAN Configuration 154
- Voice VLAN Assignment Modes 155
- Configuring a Voice VLAN 158
- 1 MSTP Configuration 166
- Basic Concepts in STP 167
- How STP works 168
- STP timers 173
- Introduction to RSTP 174
- Introduction to MSTP 174
- Basic Concepts in MSTP 175
- Common root bridge 177
- Boundary port 177
- Roles of ports 177
- Port states 178
- How MSTP Works 179
- MSTP Configuration Task List 180
- Configuring MSTP 181
- Configuring Timers of MSTP 185
- Configuration example 190
- Configuring Port Priority 191
- Enabling the MSTP Feature 193
- Performing mCheck 194
- Configuration Procedure 195
- Configuration Example 195
- Configuring Digest Snooping 196
- GE1/0/2 GE1/0/2 198
- Configuration prerequisites 200
- Enabling BPDU guard 200
- Enabling Root guard 201
- Enabling Loop guard 202
- Enabling TC-BPDU guard 203
- MSTP Configuration Example 204
- Figure 1-13 207
- IP Addressing Configuration 210
- Special IP Addresses 211
- Subnetting and Masking 211
- Configuring IP Addresses 212
- Directly Connected Network 215
- Configuring TCP Attributes 216
- 1 ARP Configuration 222
- ARP Operation 223
- Configuring ARP 224
- Enabling the ARP Entry Check 226
- ARP Configuration Example 226
- Configuring Gratuitous ARP 227
- Introduction 229
- Configuring ARP Detection 231
- Man-in-the-middle attack 232
- ARP detection mechanism 232
- Application Environment 241
- Fundamentals 241
- Enabling DHCP 243
- Prerequisites 247
- Symptom 251
- Analysis 251
- Solution 251
- 2 DHCP Client Configuration 252
- DHCP Snooping Configuration 254
- Untrusted Untrusted 255
- BOOTP Client Configuration 262
- Through BOOTP 263
- Network requirement 264
- 1 FTP Configuration 266
- Configuring the FTP Client 267
- Configuring the FTP Server 273
- 2 TFTP Configuration 278
- Configuring the TFTP Client 279
- IP Routing and Routing Table 284
- Static Routing Configuration 288
- Configuring a Static Route 289
- 1 Multicast Overview 295
- Broadcast 296
- Multicast 297
- Features of Multicast 298
- Advantages of multicast 299
- Applications of multicast 299
- Multicast Models 300
- Multicast Architecture 300
- Multicast Addresses 301
- Multicast Protocols 303
- Layer 2 multicast protocols 304
- IGMP Snooping Configuration 306
- GE1/0/1 GE1/0/2 307
- How IGMP Snooping Works 308
- IGMP Snooping Proxying 310
- Protocols and Standards 311
- Enabling IGMP Snooping 312
- Configuring Static Ports 315
- Multicast VLAN Configuration 338
- Configuring Multicast VLAN 339
- Network requirements 342
- Network diagram 343
- 1 QoS Overview 348
- QoS Techniques Overview 349
- 2 QoS Policy Configuration 350
- Defining a Traffic Behavior 352
- Defining a Policy 352
- Applying the QoS Policy 353
- Priority Mapping Overview 355
- Priority Mapping Tables 356
- Priority Mapping Procedure 356
- Configuring Priority Mapping 357
- 4 Line Rate Configuration 361
- <Sysname> system-view 362
- SP queuing 364
- WRR queuing 364
- Configuring SP Queuing 366
- Configure WRR Queuing 367
- Configuring SP+WRR Queuing 368
- Traffic Filtering Overview 370
- Traffic Redirecting Overview 373
- 8 Appendix 374
- 802.1p Priority 376
- 1 802.1X Configuration 379
- Basic Concepts of 802.1X 380
- EAP over LAN 381
- EAP Packet Format 382
- EAP over RADIUS 383
- EAP relay 384
- EAP termination 386
- 802.1X Access Control Method 387
- 802.1X Timers 387
- VLAN assignment 388
- Guest VLAN 389
- Auth-Fail VLAN 389
- ACL assignment 390
- 802.1X Basic Configuration 391
- Enabling 802.1X for a port 392
- Enabling the Quiet Timer 394
- Configuring a Guest VLAN 395
- 802.1X Configuration Example 397
- Internet 400
- 1 AAA Configuration 407
- Introduction to RADIUS 408
- RADIUS Packet Format 410
- AAA Configuration Task List 414
- Configuring AAA 415
- [ flow ] 416
- Configuring RADIUS 424
- Creating a RADIUS Scheme 425
- 430
- AAA Configuration Examples 434
- Troubleshooting AAA 444
- 1 PKI Configuration 447
- Architecture of PKI 448
- Applications of PKI 449
- Operation of PKI 449
- PKI Configuration Task List 450
- Configuring an Entity DN 450
- Configuring a PKI Domain 452
- Deleting a Certificate 457
- PKI Configuration Examples 459
- Troubleshooting PKI 467
- Failed to Retrieve CRLs 468
- 1 SSL Configuration 470
- SSL Protocol Stack 471
- SSL Configuration Task List 472
- Troubleshooting SSL 476
- 1 SSH2.0 Configuration 479
- Version negotiation 480
- Authentication 481
- Session request 482
- Interaction 482
- Configuring an SSH User 485
- 192.168.0.2/24 490
- Vlan-int1 490
- 192.168.0.1/24 490
- 2 SFTP Service 501
- Configuring an SFTP Client 502
- Working with SFTP Files 504
- Displaying Help Information 504
- 1 Public Key Configuration 512
- 2) Configure Device B 517
- 1 HABP Configuration 522
- Configuring HABP 523
- HABP Configuration Example 524
- 1 ACL Configuration 527
- ACL Classification 528
- ACL Numbering and Naming 528
- Match Order 528
- ACL Rule Numbering Step 529
- ACL Configuration Task List 530
- Configuring an ACL 531
- Configuring an Advanced ACL 533
- Copying an ACL 535
- ACL Configuration Examples 537
- 1 Device Management 539
- Rebooting a Device 540
- Upgrading Device Software 542
- 1 NTP Configuration 550
- Advantages of NTP 551
- How NTP Works 551
- NTP Message Format 552
- Operation Modes of NTP 554
- Broadcast mode 555
- Multicast mode 555
- NTP Configuration Task List 556
- NTP Configuration Examples 565
- Root delay: 31.00 ms 571
- delay disper 571
- 1 SNMP Configuration 577
- SNMP Protocol Version 578
- MIB Overview 578
- SNMP Configuration 579
- Configuring SNMP Logging 581
- Configuring SNMP Trap 582
- Configuring Trap Parameters 583
- SNMPv3 Configuration Example 586
- 2 MIB Style Configuration 589
- 1 RMON Configuration 591
- Working Mechanism 592
- RMON Groups 592
- Private alarm group 593
- History group 593
- Ethernet statistics group 593
- 1 File System Management 602
- Directory Operations 603
- File Operations 604
- Copying a File 605
- Moving a File 605
- Deleting a File 605
- Batch Operations 606
- Storage Medium Operations 606
- Checking files 607
- <Sysname> cd 609
- <Sysname> pwd 609
- Configuration File Overview 610
- Configuration Task List 613
- Configuring Ping 620
- Ping Configuration Example 621
- Tracert 623
- System Debugging 624
- Configuring System Debugging 625
- 1 Basic Configurations 628
- Configuring the Device Name 629
- Configuring the System Clock 629
- Displaying the system clock 630
- " is in 632
- Configuring a Banner 633
- Configuring CLI Hotkeys 634
- Modifying command level 641
- Information Center Overview 644
- System Information Format 648
- Overview 665
- Mac address aging time: 500s 671
- Cluster Management Overview 673
- How a Cluster Works 674
- Introduction to NDP 675
- Introduction to NTDP 675
- DisconnectConnect 676
- Management VLAN 677
- Configuring NDP Parameters 679
- Configuring NTDP Parameters 680
- Establishing a Cluster 681
- Devices Within a Cluster 683
- Cluster Member Management 684
- Member Devices 685
- 1 HTTP Configuration 695
- Enabling the HTTP Service 696
- HTTP Configuration Example 697
- 2 HTTPS Configuration 699
- Enabling the HTTPS Service 700
- Control Policy 701
- HTTPS Configuration Example 702
- 1 Stack Configuration 707
- Establishing a Stack 708
- Configuring Stack Ports 709
- Creating a Stack 709
- Stack Configuration Example 710
- 1 PoE Configuration 714
- PoE Configuration Task List 715
- Enabling PoE 716
- Detecting PDs 717
- Configuring the PoE Power 718
- Monitoring PD 720
- Configuring PoE Profile 720
- Applying PoE Profile 721
- PoE Configuration Example 722
- Troubleshooting PoE 724
- IP Source Guard Overview 726
Related products and manuals for Routers H3c-technologies H3C S5120 Series Switches
(13 pages)
Routers H3c-technologies H3C SR8800 User Manual
(431 pages)
(431 pages)
Routers H3c-technologies H3C SR8800 User Manual
(410 pages)
(410 pages)
Routers H3c-technologies H3C SR8800 User Manual
(149 pages)
(149 pages)
Routers H3c-technologies H3C SR8800 User Manual
(135 pages)
(135 pages)
Routers H3c-technologies H3C SR8800 User Manual
(210 pages)
(210 pages)
© 2020, manymanuals.com. All rights reserved. | 3.368 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals