Manual Allied Telesis Layer 3 Switches

31 pages 0.3 mb
Download

Go to site of 31

Summary
  • Allied Telesis Layer 3 Switches - page 1

    C613-16103-00 REV A www .alliedtelesis.com How T o | Intr oduction Allied T elesis switches include a range of sophisti cated security features at la y er 2 and la yer 3. This How T o Note des cribes these featur es and includes brief examples of ho w to configure them. The implementations shown in this Ho w T o Note should be thought of as industr ...

  • Allied Telesis Layer 3 Switches - page 2

    Which pr oducts and software v ersions does this information apply to? Creat e A Secure Netw ork With Allied T elesis Managed La yer 3 Switches 2 Appendix: Configuration scripts for MA C-for ced forwarding example ... ................................ 27 Edge switch 1 ............... ............................ ........................... ......... ...

  • Allied Telesis Layer 3 Switches - page 3

    Create A Secure Netw ork With Allied T elesis Managed La yer 3 Sw itches 3 Securing the de vice Securing the de vice The first step towar ds making a secur e network is to secur e the netw orking equipment itself. There ar e two aspects to this. Firstly , ph ysical security is vital—lock your netw orking equ ipment a wa y . Secondly , straight af ...

  • Allied Telesis Layer 3 Switches - page 4

    Pr otecting the network Creat e A Secure Netw ork With Allied T elesis Managed La yer 3 Switches 4 Ser vice pro viders need to pre vent storms fr om disrupting ser vices to customers. AlliedW are offe rs t he fo llow ing op ti ons for m iti gat in g st orm s: z limiting broadcasts and m ulticasts on a por t ( “Bandwidth limiting” on page 4 ) z ...

  • Allied Telesis Layer 3 Switches - page 5

    Create A Secure Netw ork With Allied T elesis Managed La yer 3 Sw itches 5 Pr otecting the network Using QoS policy-based storm pr otection P olicy-based storm protection lets y ou specify one of a range of actions for the s witch to take when it detects a br oadcast storm. It is a par t of the QoS functionality . P olicy-based storm protection is ...

  • Allied Telesis Layer 3 Switches - page 6

    Pr otecting the network Creat e A Secure Netw ork With Allied T elesis Managed La yer 3 Switches 6 Example The following example applie s storm protection to classified br oadcast traffic on por t 1 . If there is a storm, it tak es the link down f or 60 seconds. set switch enhancedmode=qoscounters Reboot after turning on enhanced mode. create class ...

  • Allied Telesis Layer 3 Switches - page 7

    Create A Secure Netw ork With Allied T elesis Managed La yer 3 Sw itches 7 Pr otecting the network 2. Set the sensitivity in detecting rapid MA C mo vement, by using the f ollowing command to tell the switch how many times a MA C addr ess can move ports in one second: set switch thrashlimit=5..255 Configuration on trunk groups Rapid MA C movement p ...

  • Allied Telesis Layer 3 Switches - page 8

    Pr otecting the network Creat e A Secure Netw ork With Allied T elesis Managed La yer 3 Switches 8 IGMP filtering IGMP filtering lets you dictate exac tly which multicast gr oups a spec ific port can receiv e , by cr eating a fil ter list and applying it to the port. Differ ent por ts ma y ha ve diff erent filter lists applied to them. If desire d, ...

  • Allied Telesis Layer 3 Switches - page 9

    Create A Secure Netw ork With Allied T elesis Managed La yer 3 Sw itches 9 Managing the de vice securel y Mana ging the de vice securel y In Ethernet and br oadc ast netw orks the pri vacy of traffic is not g uaranteed. Hubs and networks outside the administrator's contr ol ma y leak sensitive data to unwanted r ecipients. A hack er ma y even ...

  • Allied Telesis Layer 3 Switches - page 10

    Managing the de vice securel y Creat e A Secure Netw ork With Allied T elesis Managed La yer 3 Switches 10 Using SSL for secur e w eb access If you pr efer to configur e the switch using the conv enient we b-based GUI, then this is un encr ypted by default. SSL lets y ou use the GUI securely , by using HTTPS instead of HTTP . 1. Add a security offi ...

  • Allied Telesis Layer 3 Switches - page 11

    Create A Secure Netw ork With Allied T elesis Managed La yer 3 Sw itches 11 Managing the de vice securel y Examples T o allow the user “ste ve” full r ead, write and notify SNMP access to the switch: enable snmp add snmp view=full oid=1.3.6.1 type=include add snmp group=super-users securitylevel=authPriv readview=full writeview=full notifyview= ...

  • Allied Telesis Layer 3 Switches - page 12

    Managing the de vice securel y Creat e A Secure Netw ork With Allied T elesis Managed La yer 3 Switches 12 Whitelisting telnet hosts For an y remote management of a netw ork de vice, Allied T elesis recommends y ou use SSH, Secure HTTP ( SSL), or SNMPv3. Theref ore, we recommend y ou block all telnet access to the switch by disabling the telnet ser ...

  • Allied Telesis Layer 3 Switches - page 13

    Create A Secure Netw ork With Allied T elesis Managed La yer 3 Sw itches 13 Managing the de vice securel y Building a whitelist thr ough QoS On A T -8948, A T -9900, A T -990 0s, and x900 Series switches, use classifiers to build a whitelist and QoS to apply it. 1. Create classifiers to mat ch telnet traffic fr om permitted IP addr esses to the swi ...

  • Allied Telesis Layer 3 Switches - page 14

    Identifying the user Creat e A Secure Netw ork With Allied T elesis Managed La yer 3 Switches 14 Identifying the user This section describes methods for authorising and tracking users and pre venting them fr om changing their identi ty on the netw ork. IP spoofing and tracking Unknown users who attempt to change IP ad dres s—to cir cumvent billin ...

  • Allied Telesis Layer 3 Switches - page 15

    Create A Secure Netw ork With Allied T elesis Managed La yer 3 Sw itches 15 Identifying the user Rejecting Gratuitous ARP (GARP) Hosts can use GARP to anno unce th eir presence on a subnet. It is a helpfu l mechanism, par ticularly when ther e is a chance of duplicate addresses. Ho wev er , attack ers can use GARP to penetrate the networ k b y addi ...

  • Allied Telesis Layer 3 Switches - page 16

    Identifying the user Creat e A Secure Netw ork With Allied T elesis Managed La yer 3 Switches 16 For mor e information about setting up DHCP snooping, see How T o Use DHCP Snooping, Option 82 and Filtering on Rapier , A T -8800 and A T -8600 Ser ies Switc hes or How T o Use DHCP Snooping, Option 82 and Filtering on x900 Ser ies Switches . These How ...

  • Allied Telesis Layer 3 Switches - page 17

    Create A Secure Netw ork With Allied T elesis Managed La yer 3 Sw itches 17 Identifying the user Using DHCP snooping to track clients If yo u r D H C P s e r ve r s u p po r ts i t , yo u c an u s e “option 82” to record mor e information about DHCP clients. This enhances y o ur ability to track users. The switch can pass option 82 information ...

  • Allied Telesis Layer 3 Switches - page 18

    Pro tecting the user Creat e A Secure Netw ork With Allied T elesis Managed La yer 3 Switches 18 Pr otecting the user This section describes the following methods of pr otecting users fr om other users on the network: z “Using private VLANs” on page 18 . This feature isolates s witch por ts in a VLAN from other switch ports in the same VLAN. z ...

  • Allied Telesis Layer 3 Switches - page 19

    Create A Secure Netw ork With Allied T elesis Managed La yer 3 Sw itches 19 Pro tecting the user Example T o create a private VLAN with por ts 2-6 in it, with an uplink trunk group of por ts 24 and 2 5: create vlan=example vid=2 private add vlan=2 port=24-25 frame=tagged uplink add vlan=2 port=2-6 T o re move ports from the VLAN: # remove port 4: d ...

  • Allied Telesis Layer 3 Switches - page 20

    Pro tecting the user Creat e A Secure Netw ork With Allied T elesis Managed La yer 3 Switches 20 The following figur e shows a network that can use either local pr oxy ARP or MA C-for ced forwar ding—the examples in both the fo llowing sections r efer to this netw ork. Local pr oxy ARP In a network configuration lik e the pre vious figure, each e ...

  • Allied Telesis Layer 3 Switches - page 21

    Create A Secure Netw ork With Allied T elesis Managed La yer 3 Sw itches 21 Pro tecting the user Configuration of edge swi tc hes 1. Create the VLANs, specifying that the y are pr ivate. Mak e a different VLAN for each type of traffic that y o u want to contr ol differentl y . 2. Add the uplink and private por ts to the VLANs as tagged ports. 3. Co ...

  • Allied Telesis Layer 3 Switches - page 22

    Pro tecting the user Creat e A Secure Netw ork With Allied T elesis Managed La yer 3 Switches 22 Use the following configuration f or edge s witches 2 and 3 (A T -8648 s witches in this example): ena stp=default set stp=default mode=rapid create vlan="voice" vid=101 private add vlan=101 port=49-50 uplink frame=tagged add vlan=101 port=1-4 ...

  • Allied Telesis Layer 3 Switches - page 23

    Create A Secure Netw ork With Allied T elesis Managed La yer 3 Sw itches 23 Pro tecting the user # Create a classifier to match all traffic in VLANs 101-104 create class=10 ipsa=192.168.0.0/16 ipda=192.168.0.0/16 # Create a classifier to match voice traffic create class=100 ipsa=192.168.1.0/24 ipda=192.168.1.0/24 # Create a classifier to match mana ...

  • Allied Telesis Layer 3 Switches - page 24

    Pro tecting the user Creat e A Secure Netw ork With Allied T elesis Managed La yer 3 Switches 24 Configuration of edge swi tc hes 1. Create a VLAN f or each type of ser vice (for example , voice, video, and data). With so ftw are vers io ns 2 91 -04 and ea rli er , th e V LAN s mu st b e pr iv ate VLA Ns . W ith so ftw are versions 291-05 and later ...

  • Allied Telesis Layer 3 Switches - page 25

    Create A Secure Netw ork With Allied T elesis Managed La yer 3 Sw itches 25 Pro tecting the user z Ho w T o Configure Micr osoft® Windows XP Vir tual Private Network (V PN) c lient inter operability without NA T -T suppor t z Ho w T o Configure Micr osoft® Windows XP Vir tual Private Network (V PN) c lient inter operability with NA T -T suppor t ...

  • Allied Telesis Layer 3 Switches - page 26

    Pro tecting the user Creat e A Secure Netw ork With Allied T elesis Managed La yer 3 Switches 26 T o block the W32.Slammer worm on port 1 , which does not ha ve an SQL client or s er ver attached to it: create classifier=1 udpdport=1434 protocol=ip iport=1 add switch hwfilter classifier=1 action=discard Blocking worms thr ough QoS actions On A T -8 ...

  • Allied Telesis Layer 3 Switches - page 27

    Create A Secure Netw ork With Allied T elesis Managed La yer 3 Sw itches 27 Appendix: Configuration scripts for MA C-forced f orwarding example Appendix: Configuration scripts for MA C-for ced forwar ding example In this example (fr om page 23 ), the edge switches can be an y of the following switches: z Rapier 1 6fi and Rapier 24i (but not Rapier ...

  • Allied Telesis Layer 3 Switches - page 28

    Appendix: Configuration scripts for MA C-forced f orwarding example Creat e A Secure Netw ork With Allied T elesis Managed La yer 3 Switches 28 Edge s witch 2 Edge switch 2 is connected to port 50 of edge switch 1 . The configuration is similar to edge swi tc h 1 —differ enc es are in bold : # System configuration set system name="Edge Swit ...

  • Allied Telesis Layer 3 Switches - page 29

    Create A Secure Netw ork With Allied T elesis Managed La yer 3 Sw itches 29 Appendix: Configuration scripts for MA C-forced f orwarding example Edge s witch 3 Edge switch 3 is connected to port 49 of edge switch 1 . The configuration is similar to edge swi tc h 1 —differ enc es are in bold : # System configuration set system name="Edge Swit ...

  • Allied Telesis Layer 3 Switches - page 30

    Appendix: Configuration scripts for MA C-forced f orwarding example Creat e A Secure Netw ork With Allied T elesis Managed La yer 3 Switches 30 Access Router set system name="Access Ro uter" # Create a VLAN for access ing the Internet, SIP server and multicast groups create vlan=CoreNetwork vi d=28 # Create the other VLANs create vlan=Voi ...

  • Allied Telesis Layer 3 Switches - page 31

    USA Headq u ar ters | 19800 Nor th Cr eek Parkwa y | S u ite 200 | Bothell | WA 98011 | USA | T: +1 800 424 4284 | F: +1 425 481 3895 E u r opea n Headq u ar ters | Via Motta 24 | 6830 Chiasso | Switzerla n d | T: +41 91 69769.00 | F: +41 91 69769.11 Asia-Paci f ic Headq u ar ters | 11 T ai Se ng Li n k | Si ng apor e | 534182 | T : +65 6383 3832 | ...

Manufacturer Allied Telesis Category Switch

Documents that we receive from a manufacturer of a Allied Telesis Layer 3 Switches can be divided into several groups. They are, among others:
- Allied Telesis technical drawings
- Layer 3 Switches manuals
- Allied Telesis product data sheets
- information booklets
- or energy labels Allied Telesis Layer 3 Switches
All of them are important, but the most important information from the point of view of use of the device are in the user manual Allied Telesis Layer 3 Switches.

A group of documents referred to as user manuals is also divided into more specific types, such as: Installation manuals Allied Telesis Layer 3 Switches, service manual, brief instructions and user manuals Allied Telesis Layer 3 Switches. Depending on your needs, you should look for the document you need. In our website you can view the most popular manual of the product Allied Telesis Layer 3 Switches.

A complete manual for the device Allied Telesis Layer 3 Switches, how should it look like?
A manual, also referred to as a user manual, or simply "instructions" is a technical document designed to assist in the use Allied Telesis Layer 3 Switches by users. Manuals are usually written by a technical writer, but in a language understandable to all users of Allied Telesis Layer 3 Switches.

A complete Allied Telesis manual, should contain several basic components. Some of them are less important, such as: cover / title page or copyright page. However, the remaining part should provide us with information that is important from the point of view of the user.

1. Preface and tips on how to use the manual Allied Telesis Layer 3 Switches - At the beginning of each manual we should find clues about how to use the guidelines. It should include information about the location of the Contents of the Allied Telesis Layer 3 Switches, FAQ or common problems, i.e. places that are most often searched by users in each manual
2. Contents - index of all tips concerning the Allied Telesis Layer 3 Switches, that we can find in the current document
3. Tips how to use the basic functions of the device Allied Telesis Layer 3 Switches - which should help us in our first steps of using Allied Telesis Layer 3 Switches
4. Troubleshooting - systematic sequence of activities that will help us diagnose and subsequently solve the most important problems with Allied Telesis Layer 3 Switches
5. FAQ - Frequently Asked Questions
6. Contact detailsInformation about where to look for contact to the manufacturer/service of Allied Telesis Layer 3 Switches in a specific country, if it was not possible to solve the problem on our own.

Do you have a question concerning Allied Telesis Layer 3 Switches?

Use the form below

If you did not solve your problem by using a manual Allied Telesis Layer 3 Switches, ask a question using the form below. If a user had a similar problem with Allied Telesis Layer 3 Switches it is likely that he will want to share the way to solve it.

Copy the text from the picture

Comments (0)