SECURITY
The following sections introduce the SECURITY screens.
Access Control
A console port and FTP are allowed one session each, Telnet and SSH share nine sessions, up to five Web sessions (five different user names and passwords) and/or limitless SNMP access control sessions are allowed.
Console Port | SSH | Telnet | FTP | Web | SNMP |
One session | Share up to 9 sessions | One session | Up to 5 accounts | No limit | |
A console port access control session and Telnet access control session cannot coexist when multi-login is disabled. See the CLI Reference Guide for more information on disabling multi-login.
This section describes how to control access to the Switch.
What You Can Do
• Use the Service Access Control screen (Service Access Control) to decide what services you may use to access the Switch.
• Use the Remote Management screen (Remote Management (IPv4)) to specify a group of one or more “trusted computers” from which an administrator may use a service to manage the Switch.
Service Access Control
Service Access Control allows you to decide what services you may use to access the Switch. You may also change the default service port and configure “trusted computers” for each service in the Remote Management screen (discussed earlier).
The following table describes the fields in this screen.
LABEL | Description |
|---|---|
Services | Services you may use to access the Switch are listed here. |
Active | Enable the switch button for the corresponding services that you want to allow to access the Switch. |
Service Port | For Telnet, SSH, FTP, HTTP or HTTPS services, you may change the default service port by typing the new port number in the Service Port field. If you change the default port number then you will have to let people (who wish to use the service) know the new port number for that service. |
Timeout | Enter how many minutes (from 1 to 255) a management session can be left idle before the session times out. After it times out you have to log in with your password again. Very long idle timeouts may have security risks. |
Login Timeout | The Telnet or SSH server do not allow multiple user logins at the same time. Enter how many seconds (from 30 to 300 seconds) a login session times out. After it times out you have to start the login session again. Very long login session timeouts may have security risks. For example, if User A attempts to connect to the Switch (through SSH), but during the login stage, do not enter the user name and/or password, User B cannot connect to the Switch (through SSH) before the Login Timeout for User A expires (default 150 seconds). |
Redirect to HTTPS | This option allows your web browser to automatically redirect to a secure page, from HTTP to HTTPS (secure hypertext transfer protocol). SSL (Secure Sockets Layer) in HTTPS encrypts the transferred data by changing plain text to random letters and numbers. |
Apply | Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. |
Cancel | Click Cancel to begin configuring this screen afresh. |
Remote Management (IPv4)
Use this screen to specify a group of one or more “trusted computers using IPv4 addresses” from which an administrator may use a service to manage the Switch.
The following table describes the labels in this screen.
label | Description |
|---|---|
Entry | This is the client set index number. A “client set” is a group of one or more “trusted computers” from which an administrator may use a service to manage the Switch. |
Active | Enable the switch button to activate this secured client set. Clear the checkbox if you wish to temporarily disable the set without deleting it. |
Start Address End Address | Configure the IPv4 address range of trusted computers from which you can manage this Switch. The Switch checks if the client IPv4 address of a computer requesting a service or protocol matches the range set here. The Switch immediately disconnects the session if it does not match. |
Telnet / FTP / HTTP / ICMP / SNMP / SSH / HTTPS | Select services that may be used for managing the Switch from the specified trusted computers. |
Apply | Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. |
Cancel | Click Cancel to begin configuring this screen afresh. |
Remote Management (IPv6)
Use this screen to specify a group of one or more “trusted computers using IPv6 addresses” from which an administrator may use a service to manage the Switch.
The following table describes the labels in this screen.
label | Description |
|---|---|
Entry | This is the client set index number. A “client set” is a group of one or more “trusted computers” from which an administrator may use a service to manage the Switch. |
Active | Enable the switch button to activate this secured client set. Clear the checkbox if you wish to temporarily disable the set without deleting it. |
Start Address End Address | Configure the IPv6 address range of trusted computers from which you can manage this Switch. The Switch checks if the client IPv6 address of a computer requesting a service or protocol matches the range set here. The Switch immediately disconnects the session if it does not match. |
Telnet / FTP / HTTP / ICMP / SNMP / SSH / HTTPS | Select services that may be used for managing the Switch from the specified trusted computers. |
Apply | Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. |
Cancel | Click Cancel to begin configuring this screen afresh. |
Storm Control
Storm control limits the number of broadcast, multicast and destination lookup failure (DLF) packets the Switch receives per second on the ports. When the maximum number of allowable broadcast, multicast and/or DLF packets is reached per second, the subsequent packets are discarded. Enable this feature to reduce broadcast, multicast and/or DLF packets in your network. You can specify limits for each packet type on each port.
The following table describes the labels in this screen.
label | description |
|---|---|
Active | Enable the switch button to enable traffic storm control on the Switch. Disable the switch button to disable this feature. |
Port | This field displays the port number. |
* | Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis.  Changes in this row are copied to all the ports as soon as you make them. |
Broadcast (pkt/s) | Select this option and specify how many broadcast packets the port receives per second. |
Multicast (pkt/s) | Select this option and specify how many multicast packets the port receives per second. |
DLF (pkt/s) | Select this option and specify how many destination lookup failure (DLF) packets the port receives per second. |
Apply | Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. |
Cancel | Click Cancel to reset the fields. |