Allied Telesis Layer 3 Switches manual Edge switch Access Router

Page 2

Which products and software versions does this information apply to?
Appendix: Configuration scripts for MAC-forced forwarding example	27
Edge switch 1	27
Edge switch 2	28
Edge switch 3	29
Access Router	30

For information about the AlliedWare firewall, see the Firewall chapter of your Software Reference, and the following How To Notes:

zHow To Configure Some Basic Firewall And VPN Scenarios

zHow To Apply Firewall Policies And Rules

How To Notes are available from www.alliedtelesis.com/resources/literature/howto.aspx.

Which products and software versions does this information apply to?

This How To Note applies to the following Allied Telesis switch series:

zAT-8600

zAT-8700XL

zAT-8800

zRapier i

zSwitchBlade

zAT-9800

zAT-8948 and x900-48

zAT-9900

zAT-9900s and x900-24

Some features are only available on some switches and/or some software versions. Therefore, when this How To Note describes each feature, it lists the applicable switches and versions.

Create A Secure Network With Allied Telesis Managed Layer 3 Switches

2

Image 2

Contents Contents IntroductionEdge switch Access Router Protecting against packet flooding Securing the deviceProtecting the network Bandwidth limiting Using QoS policy-based storm protection Configuration To use storm protectionConfiguration on one or more ports Reboot after turning on enhanced modeRest of the QoS configuration is as normal, so Protecting against rapid MAC movementControlling multicast traffic Igmp snoopingIgmp throttling Configuration For each portIgmp filtering Managing the device securely Using Secure Shell SSHConfiguration Configuration 1. Enable Snmp Using SSL for secure web accessUsing SNMPv3 Managing the device securely Whitelisting telnet hosts Building a whitelist through layer 3 filtersBuilding a whitelist through QoS Trouble with ARP Identifying the userIP spoofing and tracking Rejecting Gratuitous ARP Garp Dhcp snoopingSetting up Dhcp snooping Using static binding for rigid controlUsing ARP security Using 802.1x port authenticationUsing Dhcp snooping to track clients Using private VLANs Protecting the userUsing local proxy ARP and MAC-forced forwarding To remove ports from the VlanLocal proxy ARP Configuration of access router Example Add ip int=vlan104 ip=address-in-192.168.4.0-subnet MAC-Forced Forwarding Macff Access Using IPsec to make VPNsSwitches EdgeProtecting against worms Blocking worms through classifier-based filtersBlocking worms through QoS actions Edge switch Edge switch 1 is directly connected to the access routerEdge switch Add ip int=vlan500 ip=172.16.5.103 mask=255.255.255.0 Access Router C613-16103-00 REV a