Allied Telesis Layer 3 esの取扱説明書

デバイスAllied Telesis Layer 3 esの取扱説明書

デバイス: Allied Telesis Layer 3 es
カテゴリ: スイッチ
メーカー: Allied Telesis
サイズ: 0.31 MB
追加した日付: 3/12/2013
ページ数: 31
説明書を印刷

ダウンロード

使い方は?

私たちの目的は、皆様方にデバイスAllied Telesis Layer 3 esの取扱説明書に含まれたコンテンツを可能な限り早く提供することです。オンラインプレビューを使用すると、Allied Telesis Layer 3 esに関してあなたが抱えている問題に対する解決策の内容が素早く表示されます。

便宜上

説明書Allied Telesis Layer 3 esをこちらのサイトで閲覧するのに不都合がある場合は、2つの解決策があります:

  • フルスクリーン表示 – 説明書を(お使いのコンピュータにダウンロードすることなく)便利に表示させるには、フルスクリーン表示モードをご使用ください。説明書Allied Telesis Layer 3 esのフルスクリーン表示を起動するには、全画面表示ボタンを押してください。
  • コンピュータにダウンロード - Allied Telesis Layer 3 esの説明書をお使いのコンピュータにダウンロードし、ご自身のコレクションに加えることもできます。デバイス上のスペースを無駄にしたくない場合は、いつでもManualsBaseサイトでダウンロードすることもできます。
Allied Telesis Layer 3 es 取扱説明書 - Online PDF
Advertisement
« Page 1 of 31 »
Advertisement
印刷版

多くの人々は画面表示ではなく印刷された説明書を読むほうを好みます。説明書を印刷するオプションも提供されており、上記のリンクをクリックすることによりそれを利用できます - 説明書を印刷。説明書Allied Telesis Layer 3 esを全部印刷する必要はなく、選択したページだけを印刷できます。紙を節約しましょう。

要旨

次のページにある説明書Allied Telesis Layer 3 esの内容のプレビューは、以下にあります。次のページにある説明書の内容をすぐに表示したい場合は、こちらをご利用ください。

内容要旨
ページ1に含まれる内容の要旨

How To | Create A Secure Network With Allied Telesis
Managed Layer 3 Switches
Introduction
Allied Telesis switches include a range of sophisticated security features at layer 2 and layer 3.
This How To Note describes these features and includes brief examples of how to configure
them.
The implementations shown in this How To Note should be thought of as industry-standard
best practices.
Contents
Introduction ...................................................................................

ページ2に含まれる内容の要旨

Which products and software versions does this information apply to? Appendix: Configuration scripts for MAC-forced forwarding example ................................... 27 Edge switch 1 .................................................................................................................. 27 Edge switch 2 .................................................................................................................................. 28 Edge switch 3 ................................

ページ3に含まれる内容の要旨

Securing the device Securing the device The first step towards making a secure network is to secure Products the networking equipment itself. All switches listed on page 2 Software Versions There are two aspects to this. Firstly, physical security is vital—lock your networking equipment away. All Secondly, straight after powering up any new piece of networking equipment, change the default administrator user’s password. On an Allied Telesis managed layer 3 switch, the default user is “manager

ページ4に含まれる内容の要旨

Protecting the network Service providers need to prevent storms from disrupting services to customers. AlliedWare offers the following options for mitigating storms: limiting broadcasts and multicasts on a port (“Bandwidth limiting” on page 4) detecting a storm and disabling that port or VLAN (“Using QoS policy-based storm protection” on page 5) Bandwidth limiting ARP packets are the most frequent trigger for broadcast Products storms. One ARP packet is flooded around and around a All swit

ページ5に含まれる内容の要旨

Protecting the network Using QoS policy-based storm protection Policy-based storm protection lets you specify one of a Products range of actions for the switch to take when it detects a AT-8948 broadcast storm. It is a part of the QoS functionality. x900-48 Series AT-9900 Series Policy-based storm protection is more powerful than simple AT-9924Ts bandwidth limiting. It lets you restrict storm damage to x900-24 Series within the storming VLAN, and it gives you the flexibility to define what t

ページ6に含まれる内容の要旨

Protecting the network Example The following example applies storm protection to classified broadcast traffic on port 1. If there is a storm, it takes the link down for 60 seconds. set switch enhancedmode=qoscounters Reboot after turning on enhanced mode. create classifier=1 macdaddr=ff-ff-ff-ff-ff-ff create qos trafficclass=1 stormstatus=enable stormwindow=100 stormrate=100 stormaction=linkdown stormtimeout=60 The rest of the QoS configuration is as normal, so: create qos flowgroup=1 add qos

ページ7に含まれる内容の要旨

Protecting the network 2. Set the sensitivity in detecting rapid MAC movement, by using the following command to tell the switch how many times a MAC address can move ports in one second: set switch thrashlimit=5..255 Configuration Rapid MAC movement protection also works with trunk groups. If one switch in a trunk fails, on trunk the switches probably cannot negotiate STP or any other trunks that they belong to. This groups immediately causes a broadcast storm. Rapid MAC movement protection

ページ8に含まれる内容の要旨

Protecting the network IGMP filtering IGMP filtering lets you dictate exactly which multicast Products groups a specific port can receive, by creating a filter list and All switches listed on page 2 applying it to the port. Different ports may have different that support 2.7.5 or later filter lists applied to them. Software Versions If desired, you can select the type of message to filter. By 2.7.5 or later default, filters apply to IGMP reports. You can create extra entries to also filter

ページ9に含まれる内容の要旨

Managing the device securely Managing the device securely In Ethernet and broadcast networks the privacy of traffic is not guaranteed. Hubs and networks outside the administrator's control may leak sensitive data to unwanted recipients. A hacker may even be able to force a switch to flood unicast traffic. Because you cannot guarantee traffic privacy, you cannot be certain that management sessions are private. Therefore, you should always use encrypted sessions when remotely administering n

ページ10に含まれる内容の要旨

Managing the device securely Using SSL for secure web access Products If you prefer to configure the switch using the convenient All switches listed on page 2, web-based GUI, then this is unencrypted by default. SSL lets except AT-8948 and x900-48 you use the GUI securely, by using HTTPS instead of HTTP. Series which have no Configuration 1. Add a security officer to your switch’s list of users. graphical user interface 2. Create an encryption key for SSL to use. Software Versions 3. Create

ページ11に含まれる内容の要旨

Managing the device securely Examples To allow the user “steve” full read, write and notify SNMP access to the switch: enable snmp add snmp view=full oid=1.3.6.1 type=include add snmp group=super-users securitylevel=authPriv readview=full writeview=full notifyview=full add snmp user=steve group=super-users authprotocol=md5 authpassword=cottonsox privprotocol=des privpassword=woollytop To also give the user “jane” read and notify access to everything on the switch, add the following commands:

ページ12に含まれる内容の要旨

Managing the device securely Whitelisting telnet hosts For any remote management of a network device, Allied Telesis recommends you use SSH, Secure HTTP (SSL), or SNMPv3. Therefore, we recommend you block all telnet access to the switch by disabling the telnet server. However, if you persist with telnet, you should make a whitelist of the hosts that are permitted to telnet to the switch. This does not make telnet secure, but it does reduce the associated risks. Building a whitelist through

ページ13に含まれる内容の要旨

Managing the device securely Building a whitelist through QoS On AT-8948, AT-9900, AT-9900s, and x900 Series switches, Products use classifiers to build a whitelist and QoS to apply it. AT-8948 x900-48 Series Configuration 1. Create classifiers to match telnet traffic from permitted IP addresses to the switch’s IP address. AT-9900 Series AT-9924Ts 2. Create a classifier to match all telnet traffic to the x900-24 Series switch’s IP address. 3. Create a flow group and add the classifiers for per

ページ14に含まれる内容の要旨

Identifying the user Identifying the user This section describes methods for authorising and tracking users and preventing them from changing their identity on the network. IP spoofing and tracking Unknown users who attempt to change IP address—to circumvent billing or to hide their identity—can be a problem for administrators. Changing IP address for malicious reasons is most commonly called IP spoofing, and is also known as ARP spoofing, ARP poisoning, and ARP poison routing (APR). The net

ページ15に含まれる内容の要旨

Identifying the user Rejecting Gratuitous ARP (GARP) Products Hosts can use GARP to announce their presence on a All switches listed on page 2 subnet. It is a helpful mechanism, particularly when there is a chance of duplicate addresses. However, attackers can use Software Versions GARP to penetrate the network by adding themselves to 2.5.1 and later the switch’s ARP table. You can configure Allied Telesis switches and routers to ignore GARP packets. Ignoring GARPs does not completely preve

ページ16に含まれる内容の要旨

Identifying the user For more information about setting up DHCP snooping, see How To Use DHCP Snooping, Option 82 and Filtering on Rapier, AT-8800 and AT-8600 Series Switches or How To Use DHCP Snooping, Option 82 and Filtering on x900 Series Switches. These How To Notes are available from www.alliedtelesis.com/resources/literature/howto.aspx. Setting up DHCP snooping This section describes a minimal configuration for DHCP snooping. With this configuration, the switch snoops DHCP packets to

ページ17に含まれる内容の要旨

Identifying the user Using DHCP snooping to track clients If your DHCP server supports it, you can use “option 82” to record more information about DHCP clients. This enhances your ability to track users. The switch can pass option 82 information to the DHCP server so that the server can record the switch MAC, switch port, VLAN number and subscriber-ID that the client is a member of. Example To pass option 82 information to the server, including the information that port 1 is room 101, use t

ページ18に含まれる内容の要旨

Protecting the user Protecting the user This section describes the following methods of protecting users from other users on the network: “Using private VLANs” on page 18. This feature isolates switch ports in a VLAN from other switch ports in the same VLAN. “Using local proxy ARP and MAC-forced forwarding” on page 19. These features force all traffic in a network to go via an access router. “Using IPsec to make VPNs” on page 24. This feature creates secure tunnels through an insecure net

ページ19に含まれる内容の要旨

Protecting the user Example To create a private VLAN with ports 2-6 in it, with an uplink trunk group of ports 24 and 25: create vlan=example vid=2 private add vlan=2 port=24-25 frame=tagged uplink add vlan=2 port=2-6 To remove ports from the VLAN: # remove port 4: delete vlan=2 port=4 # remove all private ports and the uplink ports: delete vlan=2 port=all Using local proxy ARP and MAC-forced forwarding Both these features ensure the integrity of ARP in your network and let you take granular co

ページ20に含まれる内容の要旨

Protecting the user The following figure shows a network that can use either local proxy ARP or MAC-forced forwarding—the examples in both the following sections refer to this network. Internet Management PC 24 Access 5 Router 20 12 SIP and Multicast server LACP Residential 12 Gateway 1 Edge 15 Switch 1 49 50 Client 1 50 Edge Switch 3 49 Residential Gateway 2 49 50 Edge Client 2 14 Switch 2 15 Residential Gateway 3 Client 3 macff.eps Local proxy ARP In a network configuration like the previo


類似の説明書
# 取扱説明書 カテゴリ ダウンロード
1 Allied Telesis 24i 取扱説明書 スイッチ 24
2 Allied Telesis AT -8000S/24 取扱説明書 スイッチ 182
3 Allied Telesis 8100S 取扱説明書 スイッチ 28
4 Allied Telesis 4000 Series 取扱説明書 スイッチ 9
5 Allied Telesis 48W 取扱説明書 スイッチ 5
6 Allied Telesis AT -8000S/48 取扱説明書 スイッチ 33
7 Allied Telesis 86241-06 取扱説明書 スイッチ 0
8 Allied Telesis 613-001480 取扱説明書 スイッチ 4
9 Allied Telesis 8PS 取扱説明書 スイッチ 1
10 Allied Telesis AT-8100L/8POE 取扱説明書 スイッチ 3
11 Allied Telesis AT-8100S/24F-LC 取扱説明書 スイッチ 0
12 Allied Telesis AT-8000GS/48 取扱説明書 スイッチ 34
13 Allied Telesis AT-8100S/16F8-SC 取扱説明書 スイッチ 3
14 Allied Telesis AT-8100S/16F8-LC 取扱説明書 スイッチ 0
15 Allied Telesis AT-8100S/48 取扱説明書 スイッチ 6
16 Sony 4-296-436-11 (2) 取扱説明書 スイッチ 0
17 3Com 10/100BASE-TX 取扱説明書 スイッチ 61
18 3Com 2226-SFP 取扱説明書 スイッチ 688
19 3Com 16985ua.bk 取扱説明書 スイッチ 10
20 3Com 10BASE-T 取扱説明書 スイッチ 4