Security

Access Control

This section describes how to control access to the Switch. See Access Control Overview for more information.

What You Can Do

• Use the Service Access Control screen (Service Access Control Screen) to decide what services you may use to access the Switch.

• Use the Remote Management screens (Remote Management (IPv4)) to specify a group of one or more “trusted computers” from which an administrator may use a service to manage the Switch.

• Use the Storm Control screen (Storm Control Setup) to limit the number of broadcast, multicast and destination lookup failure (DLF) packets the Switch receives per second on the ports.

Service Access Control Screen

Service Access Control allows you to decide what services you may use to access the Switch. You may also change the default service port and configure “trusted computers” for each service in the Remote Management screen.

The following table describes the fields in this screen.

SECURITY > Access Control > Service Access Control
LABEL	Description
Services	Services you may use to access the Switch are listed here.
Active	Select this option for the corresponding services that you want to allow to access the Switch.
Service Port	For Telnet, SSH, FTP, HTTP or HTTPS services, you may change the default service port by typing the new port number in the Service Port field. If you change the default port number then you will have to let people (who wish to use the service) know the new port number for that service.
Timeout	Enter how many minutes (from 1 to 255) a management session can be left idle before the session times out. After it times out you have to log in with your password again. Very long idle timeouts may have security risks.
Login Timeout	The Telnet or SSH server do not allow multiple user logins at the same time. Enter how many seconds (from 30 to 300 seconds) a login session times out. After it times out you have to start the login session again. Very long login session timeouts may have security risks. For example, if User A attempts to connect to the Switch (through SSH), but during the login stage, do not enter the user name and/or password, User B cannot connect to the Switch (through SSH) before the Login Timeout for User A expires (default 150 seconds).
Apply	Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Cancel	Click Cancel to begin configuring this screen afresh.

Remote Management (IPv4)

Use this screen to specify a group of one or more “trusted computers using IPv4 addresses” from which an administrator may use a service to manage the Switch.

The following table describes the labels in this screen.

SECURITY > Access Control > Remote Management > Remote Management
label	Description
Entry	This is the client set index number. A “client set” is a group of one or more “trusted computers” from which an administrator may use a service to manage the Switch.
Active	Enable the switch button to activate this secured client set. Clear the checkbox if you wish to temporarily disable the set without deleting it.
Start Address End Address	Configure the IPv4 address range of trusted computers from which you can manage this Switch. The Switch checks if the client IPv4 address of a computer requesting a service or protocol matches the range set here. The Switch immediately disconnects the session if it does not match.
Telnet / FTP / HTTP / ICMP / SNMP / SSH / HTTPS	Select services that may be used for managing the Switch from the specified trusted computers.
Apply	Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Cancel	Click Cancel to begin configuring this screen afresh.

Remote Management (IPv6)

Use this screen to specify a group of one or more “trusted computers using IPv6 addresses” from which an administrator may use a service to manage the Switch.

The following table describes the labels in this screen.

SECURITY > Access Control > Remote Management > Remote Management IPv6
label	Description
Entry	This is the client set index number. A “client set” is a group of one or more “trusted computers” from which an administrator may use a service to manage the Switch.
Active	Enable the switch button to activate this secured client set. Clear the checkbox if you wish to temporarily disable the set without deleting it.
Start Address End Address	Configure the IPv6 address range of trusted computers from which you can manage this Switch. The Switch checks if the client IPv6 address of a computer requesting a service or protocol matches the range set here. The Switch immediately disconnects the session if it does not match.
Telnet / FTP / HTTP / ICMP / SNMP / SSH / HTTPS	Select services that may be used for managing the Switch from the specified trusted computers.
Apply	Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Cancel	Click Cancel to begin configuring this screen afresh.

Storm Control Overview

Storm Control Setup

The following table describes the labels in this screen.

SECURITY > Storm Control > Storm Control
label	description
Active	Enable the switch button to enable traffic storm control on the Switch. Disable the switch button to disable this feature.
Port	This field displays the port number.
*	Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Changes in this row are copied to all the ports as soon as you make them.
Broadcast (pkt/s)	Select this option and specify how many broadcast packets the port receives per second.
Multicast (pkt/s)	Select this option and specify how many multicast packets the port receives per second.
DLF (pkt/s)	Select this option and specify how many destination lookup failure (DLF) packets the port receives per second.
Apply	Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Cancel	Click Cancel to reset the fields.