Bedienungsanleitung Allied Telesis Layer 3 es

Bedienungsanleitung für das Gerät Allied Telesis Layer 3 es

Gerät: Allied Telesis Layer 3 es
Kategorie: Umschalter
Produzent: Allied Telesis
Größe: 0.31 MB
Datum des Hinzufügens: 3/12/2013
Seitenanzahl: 31
Anleitung drucken

Herunterladen

Wie kann man es nutzen?

Unser Ziel ist Ihnen einen schnellen Zugang zu Inhalten in Bedienungsanleitungen zum Gerät Allied Telesis Layer 3 es zu garantieren. Wenn Sie eine Online-Ansicht nutzten, können Sie den Inhaltsverzeichnis schnell durchschauen und direkt zu der Seite gelangen, auf der Sie die Lösung zu Ihrem Problem mit Allied Telesis Layer 3 es finden.

Für Ihre Bequemlichkeit

Wenn das direkte Durchschauen der Anleitung Allied Telesis Layer 3 es auf unserer Seite für Sie unbequem ist, können sie die folgende zwei Möglichkeiten nutzen:

  • Vollbildsuche – Um bequem die Anleitung durchzusuchen (ohne sie auf den Computer herunterzuladen) können Sie den Vollbildsuchmodus nutzen. Um das Durchschauen der Anleitung Allied Telesis Layer 3 es im Vollbildmodus zu starten, nutzen Sie die Schaltfläche Vollbild
  • Auf Computer herunterladen – Sie können die Anleitung Allied Telesis Layer 3 es auch auf Ihren Computer herunterladen und sie in Ihren Sammlungen aufbewahren. Wenn Sie jedoch keinen Platz auf Ihrem Gerät verschwenden möchten, können Sie sie immer auf ManualsBase herunterladen.
Allied Telesis Layer 3 es Handbuch - Online PDF
Advertisement
« Page 1 of 31 »
Advertisement
Druckversion

Viele Personen lesen lieber Dokumente nicht am Bildschirm, sondern in gedruckter Version. Eine Druckoption der Anleitung wurde ebenfalls durchdacht, und Sie können Sie nutzen, indem Sie den Link klicken, der sich oben befindet - Anleitung drucken. Sie müssen nicht die ganze Allied Telesis Layer 3 es Anleitung drucken, sondern nur die Seiten, die Sie brauchen. Schätzen Sie das Papier.

Zusammenfassungen

Unten finden Sie Trailer des Inhalts, der sich auf den nächsten Anleitungsseiten zu Allied Telesis Layer 3 es befindet. Wenn Sie den Seiteninhalt der nächsten Seiten schnell durchschauen möchten, können Sie sie nutzen.

Inhaltszusammenfassungen
Inhaltszusammenfassung zur Seite Nr. 1

How To | Create A Secure Network With Allied Telesis
Managed Layer 3 Switches
Introduction
Allied Telesis switches include a range of sophisticated security features at layer 2 and layer 3.
This How To Note describes these features and includes brief examples of how to configure
them.
The implementations shown in this How To Note should be thought of as industry-standard
best practices.
Contents
Introduction ...................................................................................

Inhaltszusammenfassung zur Seite Nr. 2

Which products and software versions does this information apply to? Appendix: Configuration scripts for MAC-forced forwarding example ................................... 27 Edge switch 1 .................................................................................................................. 27 Edge switch 2 .................................................................................................................................. 28 Edge switch 3 ................................

Inhaltszusammenfassung zur Seite Nr. 3

Securing the device Securing the device The first step towards making a secure network is to secure Products the networking equipment itself. All switches listed on page 2 Software Versions There are two aspects to this. Firstly, physical security is vital—lock your networking equipment away. All Secondly, straight after powering up any new piece of networking equipment, change the default administrator user’s password. On an Allied Telesis managed layer 3 switch, the default user is “manager

Inhaltszusammenfassung zur Seite Nr. 4

Protecting the network Service providers need to prevent storms from disrupting services to customers. AlliedWare offers the following options for mitigating storms: limiting broadcasts and multicasts on a port (“Bandwidth limiting” on page 4) detecting a storm and disabling that port or VLAN (“Using QoS policy-based storm protection” on page 5) Bandwidth limiting ARP packets are the most frequent trigger for broadcast Products storms. One ARP packet is flooded around and around a All swit

Inhaltszusammenfassung zur Seite Nr. 5

Protecting the network Using QoS policy-based storm protection Policy-based storm protection lets you specify one of a Products range of actions for the switch to take when it detects a AT-8948 broadcast storm. It is a part of the QoS functionality. x900-48 Series AT-9900 Series Policy-based storm protection is more powerful than simple AT-9924Ts bandwidth limiting. It lets you restrict storm damage to x900-24 Series within the storming VLAN, and it gives you the flexibility to define what t

Inhaltszusammenfassung zur Seite Nr. 6

Protecting the network Example The following example applies storm protection to classified broadcast traffic on port 1. If there is a storm, it takes the link down for 60 seconds. set switch enhancedmode=qoscounters Reboot after turning on enhanced mode. create classifier=1 macdaddr=ff-ff-ff-ff-ff-ff create qos trafficclass=1 stormstatus=enable stormwindow=100 stormrate=100 stormaction=linkdown stormtimeout=60 The rest of the QoS configuration is as normal, so: create qos flowgroup=1 add qos

Inhaltszusammenfassung zur Seite Nr. 7

Protecting the network 2. Set the sensitivity in detecting rapid MAC movement, by using the following command to tell the switch how many times a MAC address can move ports in one second: set switch thrashlimit=5..255 Configuration Rapid MAC movement protection also works with trunk groups. If one switch in a trunk fails, on trunk the switches probably cannot negotiate STP or any other trunks that they belong to. This groups immediately causes a broadcast storm. Rapid MAC movement protection

Inhaltszusammenfassung zur Seite Nr. 8

Protecting the network IGMP filtering IGMP filtering lets you dictate exactly which multicast Products groups a specific port can receive, by creating a filter list and All switches listed on page 2 applying it to the port. Different ports may have different that support 2.7.5 or later filter lists applied to them. Software Versions If desired, you can select the type of message to filter. By 2.7.5 or later default, filters apply to IGMP reports. You can create extra entries to also filter

Inhaltszusammenfassung zur Seite Nr. 9

Managing the device securely Managing the device securely In Ethernet and broadcast networks the privacy of traffic is not guaranteed. Hubs and networks outside the administrator's control may leak sensitive data to unwanted recipients. A hacker may even be able to force a switch to flood unicast traffic. Because you cannot guarantee traffic privacy, you cannot be certain that management sessions are private. Therefore, you should always use encrypted sessions when remotely administering n

Inhaltszusammenfassung zur Seite Nr. 10

Managing the device securely Using SSL for secure web access Products If you prefer to configure the switch using the convenient All switches listed on page 2, web-based GUI, then this is unencrypted by default. SSL lets except AT-8948 and x900-48 you use the GUI securely, by using HTTPS instead of HTTP. Series which have no Configuration 1. Add a security officer to your switch’s list of users. graphical user interface 2. Create an encryption key for SSL to use. Software Versions 3. Create

Inhaltszusammenfassung zur Seite Nr. 11

Managing the device securely Examples To allow the user “steve” full read, write and notify SNMP access to the switch: enable snmp add snmp view=full oid=1.3.6.1 type=include add snmp group=super-users securitylevel=authPriv readview=full writeview=full notifyview=full add snmp user=steve group=super-users authprotocol=md5 authpassword=cottonsox privprotocol=des privpassword=woollytop To also give the user “jane” read and notify access to everything on the switch, add the following commands:

Inhaltszusammenfassung zur Seite Nr. 12

Managing the device securely Whitelisting telnet hosts For any remote management of a network device, Allied Telesis recommends you use SSH, Secure HTTP (SSL), or SNMPv3. Therefore, we recommend you block all telnet access to the switch by disabling the telnet server. However, if you persist with telnet, you should make a whitelist of the hosts that are permitted to telnet to the switch. This does not make telnet secure, but it does reduce the associated risks. Building a whitelist through

Inhaltszusammenfassung zur Seite Nr. 13

Managing the device securely Building a whitelist through QoS On AT-8948, AT-9900, AT-9900s, and x900 Series switches, Products use classifiers to build a whitelist and QoS to apply it. AT-8948 x900-48 Series Configuration 1. Create classifiers to match telnet traffic from permitted IP addresses to the switch’s IP address. AT-9900 Series AT-9924Ts 2. Create a classifier to match all telnet traffic to the x900-24 Series switch’s IP address. 3. Create a flow group and add the classifiers for per

Inhaltszusammenfassung zur Seite Nr. 14

Identifying the user Identifying the user This section describes methods for authorising and tracking users and preventing them from changing their identity on the network. IP spoofing and tracking Unknown users who attempt to change IP address—to circumvent billing or to hide their identity—can be a problem for administrators. Changing IP address for malicious reasons is most commonly called IP spoofing, and is also known as ARP spoofing, ARP poisoning, and ARP poison routing (APR). The net

Inhaltszusammenfassung zur Seite Nr. 15

Identifying the user Rejecting Gratuitous ARP (GARP) Products Hosts can use GARP to announce their presence on a All switches listed on page 2 subnet. It is a helpful mechanism, particularly when there is a chance of duplicate addresses. However, attackers can use Software Versions GARP to penetrate the network by adding themselves to 2.5.1 and later the switch’s ARP table. You can configure Allied Telesis switches and routers to ignore GARP packets. Ignoring GARPs does not completely preve

Inhaltszusammenfassung zur Seite Nr. 16

Identifying the user For more information about setting up DHCP snooping, see How To Use DHCP Snooping, Option 82 and Filtering on Rapier, AT-8800 and AT-8600 Series Switches or How To Use DHCP Snooping, Option 82 and Filtering on x900 Series Switches. These How To Notes are available from www.alliedtelesis.com/resources/literature/howto.aspx. Setting up DHCP snooping This section describes a minimal configuration for DHCP snooping. With this configuration, the switch snoops DHCP packets to

Inhaltszusammenfassung zur Seite Nr. 17

Identifying the user Using DHCP snooping to track clients If your DHCP server supports it, you can use “option 82” to record more information about DHCP clients. This enhances your ability to track users. The switch can pass option 82 information to the DHCP server so that the server can record the switch MAC, switch port, VLAN number and subscriber-ID that the client is a member of. Example To pass option 82 information to the server, including the information that port 1 is room 101, use t

Inhaltszusammenfassung zur Seite Nr. 18

Protecting the user Protecting the user This section describes the following methods of protecting users from other users on the network: “Using private VLANs” on page 18. This feature isolates switch ports in a VLAN from other switch ports in the same VLAN. “Using local proxy ARP and MAC-forced forwarding” on page 19. These features force all traffic in a network to go via an access router. “Using IPsec to make VPNs” on page 24. This feature creates secure tunnels through an insecure net

Inhaltszusammenfassung zur Seite Nr. 19

Protecting the user Example To create a private VLAN with ports 2-6 in it, with an uplink trunk group of ports 24 and 25: create vlan=example vid=2 private add vlan=2 port=24-25 frame=tagged uplink add vlan=2 port=2-6 To remove ports from the VLAN: # remove port 4: delete vlan=2 port=4 # remove all private ports and the uplink ports: delete vlan=2 port=all Using local proxy ARP and MAC-forced forwarding Both these features ensure the integrity of ARP in your network and let you take granular co

Inhaltszusammenfassung zur Seite Nr. 20

Protecting the user The following figure shows a network that can use either local proxy ARP or MAC-forced forwarding—the examples in both the following sections refer to this network. Internet Management PC 24 Access 5 Router 20 12 SIP and Multicast server LACP Residential 12 Gateway 1 Edge 15 Switch 1 49 50 Client 1 50 Edge Switch 3 49 Residential Gateway 2 49 50 Edge Client 2 14 Switch 2 15 Residential Gateway 3 Client 3 macff.eps Local proxy ARP In a network configuration like the previo


Ähnliche Anleitungen
# Bedienungsanleitung Kategorie Herunterladen
1 Allied Telesis 24i Handbuch Umschalter 24
2 Allied Telesis AT -8000S/24 Handbuch Umschalter 182
3 Allied Telesis 8100S Handbuch Umschalter 28
4 Allied Telesis 4000 Series Handbuch Umschalter 9
5 Allied Telesis 48W Handbuch Umschalter 5
6 Allied Telesis AT -8000S/48 Handbuch Umschalter 33
7 Allied Telesis 86241-06 Handbuch Umschalter 0
8 Allied Telesis 613-001480 Handbuch Umschalter 4
9 Allied Telesis 8PS Handbuch Umschalter 1
10 Allied Telesis AT-8100L/8POE Handbuch Umschalter 3
11 Allied Telesis AT-8100S/24F-LC Handbuch Umschalter 0
12 Allied Telesis AT-8000GS/48 Handbuch Umschalter 34
13 Allied Telesis AT-8100S/16F8-SC Handbuch Umschalter 3
14 Allied Telesis AT-8100S/16F8-LC Handbuch Umschalter 0
15 Allied Telesis AT-8100S/48 Handbuch Umschalter 6
16 Sony 4-296-436-11 (2) Handbuch Umschalter 0
17 3Com 10/100BASE-TX Handbuch Umschalter 61
18 3Com 2226-SFP Handbuch Umschalter 688
19 3Com 16985ua.bk Handbuch Umschalter 10
20 3Com 10BASE-T Handbuch Umschalter 4