Allied Telesis AR44xS series manual Securing a Single Vlan through Switch Filters CR00011271

Page 69

Securing a Single VLAN through Switch Filters (CR00011271)

69

Securing a Single VLAN through Switch Filters (CR00011271)

On AT-8824, Rapier 24i, AT-8724XL and AT-8624 switches, this enhancement enables you to use switch filters to secure only the current VLAN, instead of securing all VLANs on the switch. To turn on this feature, a new command disables “vlansecure” for filters (see “Configuring vlansecure” on page 70). Without this enhancement (the default situation) a switch filter only allows a host to access the network through a particular port on the switch. For example, if you have a PC connected to port 15 in vlan2, and define the following filter, the PC can only communicate when it is connected to port 15:

add switch filter entry=0 dest=pc-mac-addressvlan=2 port=15 action=forward

With this enhancement, the above filter limits the host to accessing vlan2 through port 15, but does not prevent the host from accessing other VLANs through other ports in vlan2. For example, if the above filter exists and you move the PC to another port in vlan2, this enhancement prevents the PC from communicating with devices in vlan2 but allows it access to other VLANs on the switch. The following figure shows a PC that has been moved from port 15 to port 16 to illustrate the effect.

Default behaviour

Securing only the VLAN

(vlansecure enabled)

(vlansecure disabled)

port 15

port 16

port 15

port 16

vlan2

 

vlan2

 

vlan1

 

vlan1

 

 

 

 

swi-filter

Version 276-05

C613-10474-00 REV D

Image 69
Contents AR440S, AR441S, AR450S AR400 54276-05.rez September 4512716 Models Series Release File Date Size bytes GUI fileEnabling and Installing this Release Enabling and Installing this ReleaseCR00013147 FeaturesATM CR00013288Module This issue has been resolvedModule Level Description Advance through the channel listIP Gateway CR00012881It reduces wastage of IP addresses on point-to-point links CR00013444PIM SwitchDvmrp CR00013457 CR00013413Vlan CR00013743MLD SnoopingPpp=number over=ethx-any Firewall Priority information This issue has been resolvedFile Uses fewer memory buffersModule Level MLD SnoopingPIM Igmp IPv6, PIMv6 IPv6, MLDCore, File Longer attempts to send more Queries CR00012743CR00012825 CR00013458ASYN, Log CR00012846CR00012868 EncoCR00012991 CR00012952CR00013023 CR00013077CR00013096 CR00013083CR00013718 CR00013234CR00013529 CR00013437PIMv6 CR00013785Asyn Interface=port-numbercounter commandPIM, PIM6 CR00012708 CR00012287Many CR00012786IPv6, PIM MacdisparityCR00013473 CR00013421CR00013516 CR00013525Firewall, Utility Eth, BridgeInstall Rtelnet enables remote telnetCommand, the switch gave an incorrect error message KbytesTo show erroneous information CR00012774CR00013174 ShowCR00012015 CR00011490CR00012369 FullCR00013109 CR00012850CR00013683 CR00013004CR00013388 CR00012654SFPs or reflect the correct link state Heavy load is removedCR00011691 CR00011694CR00012097 PIM6 IPv6CR00008992 CR00008699CR00009201 CR00009280VLANs This issue has been resolved Interface This issue has been resolvedUtility AsynPIM on IPv6 SYNCR00011746 CR00011665CR00011780 CR00011809CR00011940 CR00011855CR00011991 WAN loadSwitch, Utility Command disable switch port=port-numberlink=disable did notLbstate=closing CR00012167 CR00012140CR00012204 CR000122320x00 and operate as normal CR00012304CR00012319 CR00012396CR00012482 Core, UtilityCR00012533 CR00012613 Routers group This issue has been resolvedCR00012649 CR00012689Appletalk Seconds Logical IP interfaces are configuredFor that field Dynam=triggerCR00011659 CR00011510CR00011687 CR00011774CR00011931 CR00011888CR00011943 CR00011969CR00012040 CR00012036CR00012175 CR00012265CR00012305 CR00012283CR00012307 CR00012314Destroy and create commands LoggingOutput=permanent full Stop passing data This issue has been resolved CR00012468CR00012594 CR00003286 CR00011995CR00012043 When the AT-ACC01 accelerator card is installed All currently-configured MSTIs, in a single stepDevice that the destination was unknown Communicating with devices that are slow to respondCommand show bgp peer=ip-address CR00012620 BridgingCR00012692 Did not include that command This issue has been resolved CR00008244 SwitchCR00008046 Applied to locally generated control traffic Starts learning againBeing sent This issue has been resolved AuthenticationTime value This issue has been resolved They were set to a fixed speed This issue has been resolvedImplementation This issue has been resolved PingMultipath routes as follows Be selectedIsakmp Environment MonitoringMIB Service discovery Multicast traffic unless UPnP is enabledThey were idle This issue has been resolved Packet This issue has been resolved GUISoftware filter tables Route map Over buffersBecause of this address mismatch Virtual router that was pingedAccording to the same UDP or TCP port range Displays an error messageCR00011004 QoS CR00011056CR00010196 On the AR024 PIC. This PIC provides 4 asynchronous portsCR00011355 CR00011614Enhancements to MLD and MLD Snooping CR00011490 Enhancements to MLD and MLD Snooping CR00011490Previous example output from the show mldsnooping command Adding Static ARP Entries Show ip Securing a Single Vlan through Switch Filters CR00011271 Securing a Single Vlan through Switch Filters CR00011271Configuring vlansecure Making Asynchronous Ports Respond More Quickly CR00011565 Making Asynchronous Ports Respond More Quickly CR00011565Ten timer value 100 Displaying the Number of Routes from a Peer Route Update Queue Length CR00010196 Route Update Queue Length CR00010196Queue default New parameters in the output of the show switch commandParameter Meaning Updating hardware statusPermanent Assignments CR00011355 Permanent Assignments CR00011355Example Name Local Remote IP address Main office 172.20.34.9 Command Reference Delete perm Reset perm Set perm Show perm Parameters in output of the show perm commandAdd perm delete perm reset perm set perm

AR44xS series specifications

The Allied Telesis AR44xS series represents a significant advancement in network technology, designed to meet the demands of modern enterprises. Known for its distinctive features, robust performance, and reliability, this series enables organizations to enhance their network infrastructure efficiently.

One of the standout characteristics of the AR44xS series is its focus on high-performance routing capabilities. These routers are equipped with advanced Layer 3 routing, offering the ability to handle large volumes of traffic seamlessly. This ensures minimal latency and maximizes throughput, making it ideal for bandwidth-intensive applications such as video conferencing and cloud computing.

The AR44xS series integrates an intuitive user interface, enabling easy management and configuration. The web-based management system provides insights into network performance and health, allowing administrators to quickly respond to issues. Additionally, the support for command-line interface (CLI) offers advanced users the flexibility to execute configurations and scripts tailored to specific needs.

Security is a paramount concern in today's digital landscape, and the AR44xS series addresses this with comprehensive security features. It incorporates next-generation firewall capabilities, intrusion detection and prevention systems (IDPS), and secure virtual private network (VPN) support. With these solutions, organizations can safeguard their networks from emerging threats and unauthorized access.

The series also supports various connectivity options, including Ethernet and fiber optics, making it suitable for diverse network architectures. With the availability of multiple interfaces, including Gigabit options, the AR44xS series allows for scalable deployment, ensuring organizations can adapt as their needs evolve.

Moreover, the AR44xS series is built to support advanced technologies such as IPv6, which is critical for future-proofing network infrastructure as the number of internet devices continues to grow. This ensures compatibility with next-generation Internet technologies.

In summary, the Allied Telesis AR44xS series stands out for its high-performance routing, robust security features, intuitive management interface, and support for modern networking technologies. These attributes make it a solid choice for organizations looking to strengthen their network infrastructure while ensuring scalability and security in an ever-changing digital landscape. This series is an essential tool for businesses aiming to future-proof their networking capabilities and drive operational efficiency.