Allied Telesis x900 Advanced Gigabit Layer 3+ Expandable Switches manual Configuration

Page 5

NETWORK RESILIENCY SOLUTIONS VCStack + Link aggregation

8600 Configuration

To enable secure HTTP management to use certificates, a distinguished name is required and system security must be enabled

Storm control is configured to prevent downstream loops from affecting the inner layers of the network

By default, all ports are put into VLAN 171

Spanning tree needs to be disabled on the edge-facing ports, as it cannot co-exist with 802.1x authentication

The two gigabit ports are aggregated together to create a resilient link to the network core

802.1x authentication is enabled on all the client-facing ports. Clients cannot access the network without being authenticated

DHCP snooping guards against rogue server attacks, server exhaustion attacks, arp poisoning attacks and IP spoofing attacks. Any ARP poisoning attempt will be logged

Attach a management IP address to VLAN171, and provide a default gateway address

The Radius server is used for authenticating management sessions and also for authenticating 802.1x clients.

Management access is ONLY possible via the core- connected aggregated link. Access via insecure methods Telnet and HTTP are blocked

set system distinguished="cn=switch1, o=alliedtelesis, c=nz" enable system security

set switch port=1-24 bclimit=3000 mclimit=3000 dlflimit=3000

create vlan="edge" vid=171 add vlan="171" port=1-26

enable stp="default"

set stp="default" mode=rapid disable stp="default" port=1-24

create switch trunk=aggregation port=25-26 speed=1000m

enable portauth=8021x

enable portauth=8021x port=1-24 type=authenticator

enable dhcpsnooping

enable dhcpsnooping arpsecurity enable dhcpsnooping log=arpsecurity set dhcpsnooping port=25 trusted=yes set dhcpsnooping port=26 trusted=yes

enable ip

add ip int=vlan171 ip=192.168.171.34

add ip route=0.0.0.0 interface=vlan171 nexthop=192.168.171.1

add radius server=192.168.10.34 secret="testing123-2" port=1812 accport=1813

add switch l3filter match=dipaddress dclass=host

add switch l3filter=1 entry dipaddress=192.168.171.34 action=deny

add switch l3filter match=none import=true

add switch l3filter=2 entry iport=26 action=nodrop add switch l3filter=2 entry iport=25 action=nodrop

disable telnet server

Allied Telesis

www.alliedtelesis.com

Page 4 Page 6
Image 5
Page 4 Page 6
Contents Key Benefits of the solution Network Resiliency SolutionsAllied Telesis Products Customers benefitsLog host 192.168.10.11 level debugging X900 ConfigurationNetwork Resiliency Solutions VCStack + Link aggregation Configuration Https Exit Dot1x system-auth-control 8000S ConfigurationLogging 192.168.10.11 logging buffered errors About Allied Telesis
Related manuals
Manual 8 pages 39.31 Kb Manual 23 pages 4.11 Kb

x900, x900 Advanced Gigabit Layer 3+ Expandable Switches specifications

The Allied Telesis x908 and the SwitchBlade x900 series of network switches are cutting-edge solutions designed to address the demands of modern networking environments. These switches are known for their high performance, reliability, and robust feature sets, making them ideal for enterprise and service provider networks.

The Allied Telesis x908 series consists of modular and chassis-based systems that can accommodate a variety of network configurations. One of the main features of the x908 series is its ability to offer high scalability with support for a large number of ports. This makes it suitable for data centers and large enterprise networks where space and bandwidth optimization are critical.

In addition to scalability, the x908 series supports advanced Layer 2 and Layer 3 switching capabilities. This allows for efficient traffic management and routing, ensuring that data is delivered swiftly and reliably. The x908 also incorporates intelligent features such as Quality of Service (QoS), which prioritizes critical network traffic, ensuring that time-sensitive data—like voice and video—maintains its quality during transmission.

The SwitchBlade x900 series takes this functionality further with its innovative modular architecture. This allows organizations to configure their networks to meet specific needs by choosing from a variety of interface cards and service modules. The SwitchBlade x900 also supports advanced security features such as Access Control Lists (ACLs) and VLAN segmentation, which provide enhanced protection against unauthorized access and network threats.

Another hallmark of the x908 and SwitchBlade series is their support for high-speed Ethernet technologies, including 10G and 40G Ethernet. This enables organizations to keep pace with the increasing bandwidth demands of applications and services, particularly in cloud computing and data-intensive workloads.

Both the x908 and the SwitchBlade x900 series are designed with energy efficiency in mind, featuring power-saving technologies that reduce overall operational costs. Coupled with Allied Telesis' management tools, which provide detailed analytics and monitoring, network administrators can optimize performance and energy consumption simultaneously.

In summary, the Allied Telesis x908 and SwitchBlade x900 series offer a comprehensive suite of features, high performance, scalability, and advanced networking technologies. They represent a strategic investment for organizations looking to build resilient, efficient, and future-proof network infrastructures.
Top Page Image Contents