Configure Security for Catalyst Express 500 Switch with Cisco Network Assistant
|
|
|
|
Introduction
This document explains how to configure security settings for a
Catalyst Express 500 switch with Cisco Network Assistant (CNA).
Back to Top
Requirements
To perform the steps described in this document, you need to have these
items:
Back to Top
Configure Security for Catalyst Express 500 Switch
This document explains how to configure security settings for a
Catalyst Express 500 switch.
Configure the Catalyst Express 500 switch
Follow these steps to configure the Catalyst Express 500
switch:
-
Connect a straight-through Ethernet cable from the PC to an
available port on the Catalyst Express 500 switch.
-
Ensure that your PC has an IP address that matches the switch IP
address from field W19 of the Wireless Worksheet. For example, if the IP
address of the switch is 192.168.10.9, configure the PC with an IP address
between 192.168.10.10 and 192.168.10.254. For more detailed instructions on how
to configure an IP address on your PC, refer to
Configure
an IP Address on Your PC.
Connect to the Switch with CNA
Follow these steps to log in to the switch with CNA:
-
To launch CNA, go to Start >
Programs > Cisco Network Assistant >
Cisco Network Assistant.
-
When the Connect window opens, type
Switch IP address
in the Connect To
field, and click Connect. For
switch-IP-address
, use the switch IP
address that you entered in field L8 of the LAN Addressing
Worksheet.
-
In the Authentication window, enter the
administrative user name and password information that you entered in fields
B10 and B11 of your Internet Worksheet respectively.
Click Ok.
Note: If you are unable to connect to the switch with CNA, see
Troubleshoot the Procedure for help.
Configure Network Security
CNA allows you, to set the host access security level to Low, Medium,
or High.
-
The Medium level adds a security feature called MAC
authentication. This means that a desktop, server, printer, IP phone, access
point, switch, or router is connected to the community through a Catalyst
Express 500 port. The MAC address must be explicitly added to the MAC
authentication table before the MAC address is allowed to access the
community.
Note: You must configure Smartports feature before you configure Medium
level security. To configure Smartports, refer to
Configure
the Catalyst Express 500 Switch.
-
The High level configures 802.1x on Catalyst Express
500 switches. 802.1x is an authentication protocol that requires hosts to
provide their usernames and passwords to access the network. The usernames and
passwords are forwarded to a RADIUS server, which stores the approved usernames
and passwords.
Note: It is not possible to configure both Medium and High security level
at the same time.
Configure Low Level Security
Follow these steps to configure Low level security:
-
On the Features tab, click Configure >
Security > Network Security
Settings.
-
The Network Security Settings window comes up, and
both broadcast storm control and port security are enabled by
default.
Configure Medium level Security
Follow these steps to configure medium level security:
-
In the Network Security Settings window, next to
Select the Host Access Security Level, click and drag the security slider to
Medium.
-
Click Add a MAC Address.
-
In the Add a MAC Address window, enter the MAC
address of the devices that are allowed to access the network.
Note: The MAC address is the 6- byte physical address of the host
device. Enter the MAC Address in this format 0011.8565.4B75 :
Click Ok.
-
Repeat steps 2 and 3 to add multiple MAC
addresses.
Click OK.
Configure High level Security
Follow these steps to configure high level security:
-
In the Network Security Settings window, next to
Select the Host Access Security Level, click and drag the security slider to
High.
-
Configure the high level security with these values:
-
RADIUS Server IP Address: Enter the IP address
of your RADIUS server.
-
RADIUS Key: Enter the RADIUS key that Catalyst
Express 500 switch uses to communicate with the RADIUS server.
-
RADIUS Authorization UDP Port: Enter a UDP port
from 0 to 65535 for RADIUS authorization. If you run Cisco Secure ACS version
4.0 or later, 1645 is the default UDP port. For earlier versions, 1812 is the
default UDP port.
Note: Cisco provides the parameters required to set up the RADIUS
server, but does not provide full instructions for any particular RADIUS
implementation.
Click OK.
Back to Top
Next Step
You have completed the configuration of your Catalyst Express 500
switch.
To make other changes to your switch, refer to
Switch
Support Page.
Back to Top
Troubleshoot the Procedure
This section provides information about common problems that you may
encounter. If this information does not solve your problem, contact the
SMB
Technical Assistance Center (SMB TAC) for assistance.
Problem
|
Cause(s) and Suggested Solution(s)
|
You connected a PC directly to the switch, but you are unable
to launch CNA
|
-
Ensure that the power-on self test (POST) is completed
successfully. The SYSTEM LED must be solid green.
-
After you connect the switch to the PC, you must wait for 30
seconds before you can try to connect. Wait for 30 seconds, and then try to
connect again.
-
Make sure you type the correct IP address for the switch into
the CNA Connect window.
-
Ensure that you use the correct cable. You must use a
straight-through cable, not a crossover cable. Refer to
Cable
Descriptions for more
information.
|
Back to Top
Related Information
