Installation guide
Table Of Contents
- Chapter 1: Introduction
- Chapter 2: Initial Configuration
- Chapter 3: Configuring the Switch
- Using the Web Interface
- Navigating the Web Browser Interface
- Panel Display
- Main Menu
- Basic Configuration
- Displaying System Information
- Displaying Switch Hardware/Software Versions
- Displaying Bridge Extension Capabilities
- Setting the Switch’s IP Address
- Enabling Jumbo Frames
- Managing Firmware
- Saving or Restoring Configuration Settings
- Console Port Settings
- Telnet Settings
- Configuring Event Logging
- Resetting the System
- Setting the System Clock
- Simple Network Management Protocol
- User Authentication
- Configuring User Accounts
- Configuring Local/Remote Logon Authentication
- Configuring Encryption Keys
- AAA Authorization and Accounting
- Configuring HTTPS
- Replacing the Default Secure-site Certificate
- Configuring the Secure Shell
- Configuring Port Security
- Configuring 802.1X Port Authentication
- Web Authentication
- Network Access - MAC Address Authentication
- MAC Authentication
- Access Control Lists
- Port Configuration
- Address Table Settings
- Spanning Tree Algorithm Configuration
- VLAN Configuration
- Link Layer Discovery Protocol
- Class of Service Configuration
- Quality of Service
- VoIP Traffic Configuration
- Multicast Filtering
- Multicast VLAN Registration
- DHCP Snooping
- IP Source Guard
- IP Clustering
- UPnP
- Chapter 4: Command Line Interface
- Using the Command Line Interface
- Entering Commands
- Command Groups
- Line Commands
- General Commands
- System Management Commands
- Flash/File Commands
- Authentication Commands
- Access Control List Commands
- SNMP Commands
- Interface Commands
- Mirror Port Commands
- Rate Limit Commands
- Link Aggregation Commands
- Address Table Commands
- LLDP Commands
- lldp
- lldp holdtime-multiplier
- lldp medFastStartCount
- lldp notification-interval
- lldp refresh-interval
- lldp reinit-delay
- lldp tx-delay
- lldp admin-status
- lldp notification
- lldp mednotification
- lldp basic-tlv management-ip-address
- lldp basic-tlv port-description
- lldp basic-tlv system-capabilities
- lldp basic-tlv system-description
- lldp basic-tlv system-name
- lldp dot1-tlv proto-ident
- lldp dot1-tlv proto-vid
- lldp dot1-tlv pvid
- lldp dot1-tlv vlan-name
- lldp dot3-tlv link-agg
- lldp dot3-tlv mac-phy
- lldp dot3-tlv max-frame
- lldp dot3-tlv poe
- lldp medtlv extpoe
- lldp medtlv inventory
- lldp medtlv location
- lldp medtlv med-cap
- lldp medtlv network-policy
- show lldp config
- show lldp info local-device
- show lldp info remote-device
- show lldp info statistics
- UPnP Commands
- Spanning Tree Commands
- spanning-tree
- spanning-tree mode
- spanning-tree forward-time
- spanning-tree hello-time
- spanning-tree max-age
- spanning-tree priority
- spanning-tree pathcost method
- spanning-tree transmission-limit
- spanning-tree mst-configuration
- mst vlan
- mst priority
- name
- revision
- max-hops
- spanning-tree spanning-disabled
- spanning-tree cost
- spanning-tree port-priority
- spanning-tree edge-port
- spanning-tree portfast
- spanning-tree link-type
- spanning-tree loopback-detection
- spanning-tree loopback-detection release-mode
- spanning-tree loopback-detection trap
- spanning-tree mst cost
- spanning-tree mst port-priority
- spanning-tree protocol-migration
- show spanning-tree
- show spanning-tree mst configuration
- VLAN Commands
- Priority Commands
- Quality of Service Commands
- Voice VLAN Commands
- Multicast Filtering Commands
- Multicast VLAN Registration Commands
- IP Interface Commands
- IP Source Guard Commands
- DHCP Snooping Commands
- IP Cluster Commands
- Appendix A: Software Specifications
- Appendix B: Troubleshooting
- Glossary
- Index
User Authentication
3-73
3
4. Set the Optional Parameters – On the SSH Settings page, configure the
optional parameters, including the authentication timeout, the number of retries,
and the server key size.
5. Enable SSH Service – On the SSH Settings page, enable the SSH server on
the switch.
6. Authentication – One of the following authentication methods is employed:
Password Authentication (for SSH v1.5 or V2 Clients)
a. The client sends its password to the server.
b. The switch compares the client's password to those stored in memory.
c. If a match is found, the connection is allowed.
Note:
To use SSH with only password authentication, the host public key must still be
given to the client, either during initial connection or manually entered into the
known host file. However, you do not need to configure the client’s keys.
Public Key Authentication – When an SSH client attempts to contact the switch,
the SSH server uses the host key pair to negotiate a session key and encryption
method. Only clients that have a private key corresponding to the public keys
stored on the switch can access it. The following exchanges take place during
this process:
Authenticating SSH v1.5 Clients
a. The client sends its RSA public key to the switch.
b. The switch compares the client's public key to those stored in memory.
c. If a match is found, the switch uses its secret key to generate a random
256-bit string as a challenge, encrypts this string with the user’s public key,
and sends it to the client.
d. The client uses its private key to decrypt the challenge string, computes the
MD5 checksum, and sends the checksum back to the switch.
e. The switch compares the checksum sent from the client against that
computed for the original string it sent. If the two checksums match, this
means that the client's private key corresponds to an authorized public key,
and the client is authenticated.
Authenticating SSH v2 Clients
a. The client first queries the switch to determine if DSA public key
authentication using a preferred algorithm is acceptable.
b. If the specified algorithm is supported by the switch, it notifies the client to
proceed with the authentication process. Otherwise, it rejects the request.
c. The client sends a signature generated using the private key to the switch.
d. When the server receives this message, it checks whether the supplied key
is acceptable for authentication, and if so, it then checks whether the
signature is correct. If both checks succeed, the client is authenticated.
Note:
The SSH server supports up to four client sessions. The maximum number of
client sessions includes both current Telnet sessions and SSH sessions.