Allied-telesis AT-S63 Manual do Utilizador Página 353
- Página / 514
- Índice
- MARCADORES
Avaliado. / 5. Com base em avaliações de clientes
AT-S63 Management Software Features Guide
Section VIII: Port Security 353
Invalid Frames and Intrusion Actions
When a port receives an invalid frame, it has to select an intrusion action,
which defines the port’s response to the packet. But before defining the
intrusion actions, it helps to understand what constitutes an invalid frame.
This differs for each security level, as explained here:
Limited Security Level - An invalid frame for this security level is an
ingress frame with a source MAC address not already learned by a
port after the port had reached its maximum number of dynamic MAC
addresses, or that was not assigned to the port as a static address.
Secured Security Level - An invalid frame for this security level is an
ingress frame with a source MAC address that was not entered as a
static address on the port.
Locked - An invalid frame for this security level is an ingress frame with
a source MAC address that the port has not already learned or that
was not assigned as a static address.
Intrusion action defines what a port does when it receives an invalid frame.
For a port operating under either the Secured or Locked security mode,
the intrusion action is always the same. The port discards the frame.
But with the Limited security mode you can specify the intrusion action.
Here are the options:
Discard the invalid frame.
Discard the invalid frame and send an SNMP trap. (SNMP must be
enabled on the switch for the trap to be sent.)
Discard the invalid frame, send an SNMP trap, and disable the port.
- Features Guide 1
- Contents 10
- How This Guide is Organized 18
- Product Documentation 20
- Where to Go First 21
- Starting a Management Session 22
- Document Conventions 23
- Contacting Allied Telesis 25
- Basic Operations 27
- Chapter 1: Overview 32
- AT-S63 Management Software 35
- Menus interface 36
- Command line interface 36
- Web browser interface 36
- Management Access Methods 41
- Remote SNMP 42
- Management 42
- Manager Access Levels 43
- Stand-alone 44
- Enhanced 44
- Stacking 44
- IP Configuration 46
- Redundant Twisted Pair Ports 47
- AT-9448Ts/XP switches 48
- History of New Features 49
- Guest VLAN. For background 51
- VLAN Assignment and Secure 51
- MAC address-based 51
- Supplicant Mode for 53
- Master and Slave Switches 58
- Common VLAN 59
- Chapter 2: Enhanced Stacking 60
- Slave Switches 61
- Enhanced Stacking Guidelines 63
- SNMPv1 and SNMPv2c 65
- Community String Attributes 68
- Chapter 3: SNMPv1 and SNMPv2c 70
- Chapter 4: MAC Address Table 74
- Static Port Trunks 75
- Load Distribution Methods 78
- LACP Port Trunks 81
- Chapter 6: LACP Port Trunks 84
- LACP System Priority 87
- Adminkey Parameter 88
- LACP Port Priority Value 88
- Port Mirror 93
- Chapter 7: Port Mirror 96
- Advanced Operations 97
- Overview 100
- Boot Configuration Files 101
- File Naming Conventions 102
- Chapter 8: File System 104
- Chapter 9 105
- Supported Platforms 106
- Event Messages 107
- Syslog Client 108
- Classifiers 109
- Service” on page 139 112
- Classifier Criteria 113
- VLAN ID (Layer 2) 114
- Protocol (Layer 2) 114
- IP Protocol (Layer 3) 116
- Source IP Addresses (Layer 3) 116
- Source IP Mask (Layer 3) 116
- Destination IP Mask (Layer 3) 116
- TCP Source Ports (Layer 4) 117
- UDP Source Ports (Layer 4) 117
- TCP Flags 117
- Guidelines 118
- Access Control Lists 119
- Parts of an ACL 123
- Examples 125
- Figure 7. ACL Example 2 126
- Figure 8. ACL Example 3 127
- Figure 11. ACL Example 6 129
- Class of Service 131
- Chapter 12: Class of Service 134
- Scheduling 136
- Quality of Service 139
- Flow Groups 144
- Traffic Classes 145
- Policies 146
- QoS Policy Guidelines 147
- Packet Processing 148
- Bandwidth Allocation 148
- Packet Prioritization 148
- Replacing Priorities 150
- VLAN Tag User Priorities 150
- DSCP Values 150
- DiffServ Domains 151
- Applications 155
- Component 158
- Hierarchy 158
- Denial of Service Defenses 161
- SYN Flood Attack 164
- Smurf Attack 165
- Land Attack 166
- Teardrop Attack 168
- Ping of Death Attack 169
- IP Options Attack 170
- Mirroring Traffic 171
- Snooping Protocols 173
- IGMP Snooping 175
- Chapter 15: IGMP Snooping 178
- MLD Snooping 179
- Chapter 16: MLD Snooping 182
- RRP Snooping 183
- Snooping 187
- Restrictions 191
- Section IV 195
- 196 Section IV: SNMPv3 196
- Chapter 19 197
- Chapter 19: SNMPv3 200
- 200 Section IV: SNMPv3 200
- SNMPv3 Privacy Protocol 201
- SNMPv3 MIB Views 202
- Section IV: SNMPv3 203 203
- SNMPv3 Storage Types 204
- SNMPv3 Message Notification 205
- SNMPv3 Tables 206
- 208 Section IV: SNMPv3 208
- Section IV: SNMPv3 209 209
- SNMPv3 Configuration Example 210
- Spanning Tree Protocols 211
- Protocols 213
- Path Costs and 217
- Port Costs 217
- Hello Time and 220
- Bridge Protocol 220
- Data Units 220
- Point-to-Point 221
- Edge Port 222
- Point-to-Point and Edge Port 222
- Workstation 222
- (Full-duplex Mode) 222
- Mixed STP and RSTP Networks 223
- Spanning Tree and VLANs 224
- Chapter 21 225
- AT-9424T/SP 229
- AT-9424T/GB 229
- MSTI Guidelines 232
- VLAN and MSTI Associations 233
- Ports in Multiple MSTIs 234
- Summary of Guidelines 239
- Associating VLANs to MSTIs 241
- Virtual LANs 245
- 246 Section VI: Virtual LANs 246
- Port-based and Tagged VLANs 247
- 250 Section VI: Virtual LANs 250
- Port-based VLANs 250
- Tagged VLANs 250
- Port-based VLAN Overview 251
- Port VLAN 252
- Identifier 252
- Port-based 254
- Example 1 254
- Example 2 255
- 256 Section VI: Virtual LANs 256
- Tagged VLAN Overview 257
- Tagged VLAN 259
- 260 Section VI: Virtual LANs 260
- Chapter 23 261
- 264 Section VI: Virtual LANs 264
- Section VI: Virtual LANs 265 265
- GVRP and Network Security 267
- 268 Section VI: Virtual LANs 268
- Section VI: Virtual LANs 269 269
- 270 Section VI: Virtual LANs 270
- Section VI: Virtual LANs 271 271
- 272 Section VI: Virtual LANs 272
- Multiple VLAN Modes 273
- 276 Section VI: Virtual LANs 276
- Section VI: Virtual LANs 277 277
- 278 Section VI: Virtual LANs 278
- Protected Ports VLANs 279
- 282 Section VI: Virtual LANs 282
- 284 Section VI: Virtual LANs 284
- MAC Address-based VLANs 285
- Egress Ports 288
- Section VI: Virtual LANs 289 289
- 290 Section VI: Virtual LANs 290
- VLANs That Span Switches 291
- 292 Section VI: Virtual LANs 292
- VLAN Hierarchy 293
- 294 Section VI: Virtual LANs 294
- Section VII 297
- Chapter 27 299
- 302 Section VII: Routing 302
- Routing Interfaces 303
- Interface 304
- IP Address and 304
- Subnet Mask 304
- Section VII: Routing 305 305
- Interface Names 306
- Static Routes 307
- 308 Section VII: Routing 308
- Section VII: Routing 309 309
- Default Routes 311
- 312 Section VII: Routing 312
- Section VII: Routing 313 313
- Routing Table 314
- Section VII: Routing 315 315
- 1024 static entries 315
- 1024 dynamic entries 315
- 316 Section VII: Routing 316
- Section VII: Routing 317 317
- Section VII: Routing 319 319
- Pinging a Remote 320
- BOOTP Server 320
- Local Interface 321
- 322 Section VII: Routing 322
- Section VII: Routing 323 323
- Routing Command Example 324
- Creating the 325
- Interfaces 325
- Adding a Static 326
- Route and 326
- Default Route 326
- Selecting the 327
- Non-routing Command Example 328
- Section VII: Routing 329 329
- 330 Section VII: Routing 330
- BOOTP Relay Agent 331
- Chapter 28: BOOTP Relay Agent 334
- 334 Section VII: Routing 334
- 336 Section VII: Routing 336
- Chapter 29 337
- Master Switch 340
- Backup Switches 341
- Interface Monitoring 342
- Port Monitoring 343
- VRRP on the Switch 344
- 346 Section VII: Routing 346
- Port Security 347
- Chapter 30 349
- Chapter 31 355
- Authentication Process 359
- Port Roles 360
- Operational Settings 361
- Single Operating 363
- Multiple 367
- Operating Mode 367
- Guest VLAN 372
- RADIUS Accounting 373
- General Steps 374
- Management Security 379
- Web Server 381
- Chapter 32: Web Server 384
- Encryption Keys 387
- Encryption Key Length 390
- Encryption Key Guidelines 391
- Technical Overview 392
- Authentication 394
- Key Exchange 395
- Algorithms 395
- Chapter 33: Encryption Keys 396
- PKI Certificates and SSL 397
- Types of Certificates 399
- Distinguished Names 401
- SSL and Enhanced Stacking 403
- X.509 Certificates 408
- Elements of a 409
- Public Key 409
- Infrastructure 409
- Certificate 410
- Validation 410
- Revocation Lists 410
- Implementation 411
- Secure Shell (SSH) 413
- Support for SSH 416
- SSH Server 417
- SSH Clients 418
- SSH and Enhanced Stacking 419
- SSH Configuration Guidelines 421
- TACACS+ and RADIUS Protocols 423
- Chapter 37 431
- Parts of a Management ACE 434
- Settings 439
- “Telnet Server” on page 471 440
- “VLANs” on page 473 440
- “Web Server” on page 474 440
- ARP Cache Setting Default 441
- ARP Cache Timeout 150 seconds 441
- Boot Configuration File 442
- Enhanced Stacking 448
- EPSR Setting Default 449
- EPSR State Disabled 449
- Event Logs 450
- MAC Address Table 455
- Status Disabled 456
- Manager and Operator Account 457
- Public Key Infrastructure 459
- Port Settings 460
- RJ-45 Serial Terminal Port 461
- RRP Snooping Setting Default 462
- RRP Snooping Status Disabled 462
- Server-based 463
- Simple Network Time Protocol 465
- Spanning Tree 467
- Protocol 467
- Secure Shell Server 468
- Secure Sockets Layer 469
- IP Setting Default 470
- System Name None 470
- Administrator None 470
- Comments None 470
- Telnet Server 471
- VRRP Setting Default 472
- SNMPv3 Configuration Examples 475
- Operator 477
- Configuration 477
- Worksheet 478
- Security Model 480
- Security Level 480
- Storage Type 480
- SNMPv3 Parameters (Continued) 480
- Features and Standards 481
- File System 483
- DHCP and BOOTP Clients 483
- Management Interfaces 485
- Management MIBs 485
- Port Trunking and Mirroring 486
- System Monitoring 486
- Traffic Control 487
- MIB Objects 489
- Date, Time, and SNTP Client 492
- Appendix D: MIB Objects 496
- Miscellaneous 499
- Port Mirroring 500
- Port Configuration and Status 503
- Static Port Trunk 505
- Numerics 509
Manuais e produtos relacionados com Hardware de computador Allied-telesis AT-S63
(100 páginas)© 2020, manymanuals-pt.com. Todos os direitos reservados. | 0.050 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentários a estes Manuais