The System Time Page opens:. The possible field values are:. For example: Select the system time mode. Click Apply in each section.
The local system clock settings are saved, and the device is updated. SNTP assures accurate network device clock time synchronization up to the millisecond. Time synchronization is performed by a network SNTP server.
The device operates only as an SNTP client, and cannot provide time services to other systems. The device can poll the following server types for the server time:. Time sources are established by stratums. Stratums define the accuracy of the reference clock. The higher the stratum where zero is the highest , the more accurate the clock. The device receives time from stratum 1 and above. The following is an example of stratums:. Stratum 0 — A real time clock such as a GPS system is used as the time source.
Stratum 1 — A server that is directly linked to a Stratum 0 time source is used. Stratum 1 time servers provide primary network time standards. Stratum 2 — The time source is distanced from the Stratum 1 server over a network path. For example, a Stratum 2 server receives the time over a network link, via NTP, from a Stratum 1 server. Polling for Unicast information is used for polling a server for which the IP address is known.
T1 - T4 are used to determine the server time. This is the preferred method for synchronizing device time. The first Anycast server to return a response is used to set the time value. Time levels T3 and T4 are used to determine the server time. Using Anycast time information for synchronizing device time is preferred to using Broadcast time information. Broadcast information is used when the server IP address is unknown. The SNTP client neither sends time information requests nor receives responses from the Broadcast server.
MD5 is an algorithm that produces a bit hash. MD5 verifies the integrity of the communication, authenticates the origin of the communication. The System Time Page opens. The Poll Interval default is seconds. The SNTP global settings are defined, and the device is updated. There are two types of daylight settings, either by a specific date in a particular year or a recurring setting irrespective of the year.
For a specific setting in a particular year complete the Daylight Savings area, and for a recurring setting, complete the Recurring area. If Custom is selected, the From and To fields must be defined. The default time is 60 minutes. The range is minutes. The possible field range is The possible field range is Jan. The field format is HH:MM. The possible field range is Jan-Dec.
The possible field range is SundaySaturday. The field format is Hour:Minute. The possible field range is Sunday-Saturday. If you select Other , you must define its From and To fields. The DST settings are saved, and the device is updated. This section describes setting security parameters for ports, device management methods, users, and servers.
This section contains the following topics:. This section provides information for configuring device management security: device authentication methods, users and passwords.
Access profiles are profiles and rules for accessing the device. Access to management functions can be limited to user groups. User groups are defined for interfaces according to IP addresses or IP subnets.
Access profiles contain management methods for accessing and managing the device. The device management methods include:. Management access to different management methods may differ between user groups.
The Access Profile Page contains the currently configured access profiles and their activity status. Assigning an access profile to an interface denies access via other interfaces. If an access profile is assigned to any interface, the device can be accessed by all interfaces.
Click Mgmt. The Access Profile Page opens:. The Access Profile Page contains a table listing the currently defined profiles and their active status:.
The access profile name can contain up to 32 characters. Access Profiles cannot be deleted when active. The Add Access Profile Page opens:. The Add Access Profile Page contains the following fields:. When the packet is matched to a rule, user groups are either granted permission or denied device management access.
The rule number is essential to matching packets to rules, as packets are matched on a first-fit basis. The rule priorities are assigned in the Profile Rules Page. Users with this access profile can access the device using the management method selected. If selected, users accessing the device using Telnet meeting access profile criteria are permitted or denied access to the device. If selected, users accessing the device using HTTP meeting access profile criteria are permitted or denied access to the device.
If selected, users accessing the device using HTTPS meeting access profile criteria are permitted or denied access to the device. If selected, users accessing the device using SNMP meeting access profile criteria are permitted or denied access to the device. The Source IP Address field is valid for a subnetwork. This is the default.
The access profile is saved and the device is updated. Access profiles can contain up to rules that determine which users can manage the device module, and by which methods. Users can also be blocked from accessing the device. Rules are composed of filters including:.
The Add Profile Rule Page opens:. The profile rule is added to the access profile, and the device is updated. The Profiles Rules Configuration Page opens:. The profile rule is saved, and the device is updated. Authentication profiles allow network administrators to assign authentication methods for user authentication.
User authentication can be performed either locally or on an external server. User authentication occurs in the order the methods are selected. If the first authentication method is not available, the next selected method is used. The Authentication Profiles Page opens:. The Authentication Profiles Page contains two tables which display the currently defined profiles:.
The default configuration displays as: Console Default, and Network Default. The possible authentication methods are:. The device checks the user name and password for authentication. If the session cannot be authenticated locally, the session is blocked. If the session cannot be authenticated locally, the session is permitted. The Add Authentication Profile Page opens:. Select the type of function to configure for the profile: Method or Login. Using the arrows, move the method s from the Optional Method list to the Selected Method list.
The authentication profile is defined. The profile is added to the profiles table and the device is updated.
The Authentication Profiles Page opens. The Authentication Profile Configuration Page opens:. Select the Profile Name from the list. The profile settings are saved and the device is updated. After authentication profiles are defined, they can be applied to management access methods.
For example, console users can be authenticated by Authentication Profile List 1, while Telnet users are authenticated by Authentication Profile List 2. Authentication methods are selected using arrows.
The order in which the methods are selected is the order by which the authentication methods are used. The Authentication Mapping Page opens:. The Authentication Mapping Page comprises three sections:. The Authentication Mapping Page contains the following fields:. SSH provides clients secure and encrypted remote connections to a device. The possible methods are:. Possible methods are:. Map the authentication method s in the HTTP selection box.
Network administrators assign authentication methods for user authentication. User authentication can be performed locally, or on an external server. Once the authentication session is completed, an authorization session starts using the authenticated user name.
The field range is seconds and the default is 10 seconds. The field range is The default is 0. Click Create. Possible field values are The range is The possible values are , where 1 is the highest value. The authenticated port default is The default is 0 minutes. The default value is All.
Network administrators can define users, passwords, and access levels for users using the Local Users Page. To configure local users and passwords:. The Local Users Page opens:. The Local Users Page displays the list of currently defined local users and contains the following fields:. The lowest user access level is 1 and the highest is User assigned a access level of 15 have read-only access.
The Add Local User Page opens:. Local user passwords can contain up to characters. The user is added to the Local Users table and the device is updated. The Local Users Page opens. The Local User Configuration Page opens:.
The local user settings are defined, and the device is updated. Network security manages locked ports. Port-based authentication provides traditional Guest VLANs limited network access to authorized ports. If a port is denied network access via port-based authorization, but the Guest VLAN is enabled, the port receives limited network access.
For example, a network administrator can use Guest VLANs to deny network access via port-based authentication, but grant Internet access to unauthorized users. Network security can be increased by limiting access on a specific port only to users with specific MAC addresses.
The MAC addresses can be dynamically learned or statically configured. Locked port security monitors both received and learned packets that are received on specific ports. Access to the locked port is limited to users with specific MAC addresses. These addresses are either manually defined on the port, or learned on that port up to the point when it is locked.
When a packet is received on a locked port, and the packet D-Link source MAC address is not tied to that port either it was learned on a different port, or it is unknown to the system , the protection mechanism is invoked, and can provide various options. Unauthorized packets arriving at a locked port are either:. Locked port security also enables storing a list of MAC addresses in the configuration file. The MAC address list can be restored after the device has been reset.
Disabled ports are activated from the Port Security Page. To define port security. The Port Security Page enhances network security by providing port locking management to network administrators.
The Port Security Page opens:. The possible port indicators are:. Port is not selected — Indicates that security is currently not enabled on the port.
Port is selected — Indicates that security is currently enabled on the port. Select the ports to lock. The port indicator changes to selected. The Port Security Configuration Page opens:. The Port Security Configuration Page contains the following fields:. The port is immediately locked, regardless of the number of addresses that have already been learned.
The port learns up to the maximum addresses allowed on the port. Both relearning and aging MAC addresses are enabled. The possible values are:. The possible field range is ,, seconds, and the default is 10 seconds.
Indicates the action to be applied to packets arriving on a locked port. This is the default value. The port remains shut down until reactivated, or until the device is reset. The default is 1. Select the security mode for the selected port s. The port security settings are saved and the device is updated.
The If the port is not authenticated, then no authentication method is used, and the session is permitted. If a port is denied network access via port-based authorization, but the Guest VLAN field is enabled, the port receives limited network access.
Welcome to ManualMachine. We have sent a verification link to to complete your registration. Log In Sign Up. Forgot password? Enter your email address and check your inbox. Please check your email for further instructions. Enter a new password. Allied Telesis. Table of Contents Table of Contents Preface Caution Indicates potential damage to hardware or software, or loss of data.
Warning Indicates a risk of personal injury. Contacting Allied Telesis This section provides Allied Telesis contact information for technical support as well as sales or corporate information. Online Suppor t You can request technical support online by accessing the Allied Telesis Knowledge Base from the following web site: www. You can use the Knowledge Base to submit questions to our technical support staff and review answers to previously asked questions.
To open the application: 1. Open a web browser. The Port Settings Page opens: Figure 4: Port Settings Page The port status indicators vary with context, for example the general port status indicators are as in the figure above while port mirror indicators are different.
Figure 5: System General Page The following table lists the interface components with their corresponding numbers: Table 1: Interface Components Component Description 1 Menu The Menu provides easy navigation through the main management software features.
In addition, the Menu provides general navigation options. Create Opens a page which creates new configuration entries. Modify Modifies the configuration settings. The configuration change is saved to the Running Configuration file and is maintained until reset or power-up. Apply Saves configuration changes to the device. Configure Opens a page which creates or modifies configuration entries. Delete Deletes the selected table and configuration entries. Refresh Refreshes information displayed on the current page.
Reset Device reset. Resets the device information for all device parameters according to current configuration. Defaults Configuration reset. Test Performs a diagnostic test. Clear All Counters Removes all counters. The application menu includes the following general purpose buttons: Configuration Opens the default configuration page System General. Login Signs the user into the WBI, starts the management session. Logout Signs the user out of the WBI, ending the management session.
Help Opens the online help page. Exit Help Closes the online help page. Save Config Used when configuration changes to the device need to be saved as permanent. The configuration is saved as permanent by copying the current Running Configuration file to the Startup Configuration file. To add information to tables or WBI pages: 1. Open a WBI page. Define the fields. To modify information in tables or WBI pages: 1.
Select a table entry. Open the WBI page. Select a table row. Saving Configurations User-defined information can be saved for permanent use or until next update, not just for the current session.
Logging Out The Logout option enables the user to log out of the device thereby terminating the running session. The current management session is ended and the Login Page opens: Figure 8: Login Page For more information about login, refer to Starting the Application. Note Save all changes to the Running Configuration file before resetting the device. Recommended User Work Around: Do not use spaces and avoid using the maximum allows length of the description. Recommended User Work Around: Use the multiple connection option default setting.
Recommended User Work Around: No work around. Recommended User Work Around: Use md5 as default of the radius server. You must have the correct software and bootloader installed on your switch before beginning the upgrade process to Version 3. Perform the following procedure:. If you have a stacked configuration, all switches must be running the latest bootloader and the same software version before you upgrade the software for the stack.
You can download Version 3. All of the file names referenced below are contained in the zip file that you download. For a successful software upgrade of your ATS switch, it is mandatory that you first install the latest boot loader file s94bv Verify that your switches are running the correct boot loader and management software by using the following command:.
If your ATS series switch has Version 1. Using this number as the password, extract the ats Assuming your switch is running the correct bootloader, you have the correct password to extract the ats If this is the case, you can proceed with the Version 3.
If this is not the case,. Verify that your switches are running the correct boot loader by using the following command:. Before rebooting the stand alone switch or stack, you must change the active image, including each slave switch in the stack.
To check the active image for each switch use the following command. The resulting display will tell you which image is active on each switch. Depending on your configuration, you can now issue one of the following commands, substituting x and y from the Show bootvar command:.
This command will cause the switch to reboot. By the end of the reboot process, Version 3. If you accidentally install the Version 3.
To recover from this situation, you must obtain a previous version of software V3. Welcome to ManualMachine. We have sent a verification link to to complete your registration. Log In Sign Up. Forgot password? Enter your email address and check your inbox. Please check your email for further instructions. Enter a new password.
0コメント