Allied Telesis Layer 3 Switches manual Blocking worms through QoS actions

Page 26

Protecting the user

Example To block the W32.Slammer worm on port 1, which does not have an SQL client or server attached to it:

create classifier=1 udpdport=1434 protocol=ip iport=1 add switch hwfilter classifier=1 action=discard

Blocking worms through QoS actions

On AT-8948, AT-9900, AT-9900s, and x900 Series switches, use QoS to block traffic from a worm.

Configuration 1. Find out which UDP or TCP port the worm attacks.

2.Create a classifier to match traffic using that UDP or TCP port.

3.Create a flow group with an action of discard and add the classifier to it.

4.Create the rest of the QoS framework—traffic class and policy.

Products

AT-8948

x900-48 Series

AT-9900 Series

AT-9924Ts x900-24 Series

Software Versions

2.7.3 or later

5.Apply the policy to the target switch ports (but not to ports that are attached to clients who legitimately need to access the UDP or TCP port).

On these switches, AlliedWare classifiers offer a large range of matchable fields, including destination port, source port, IPX, interface, TOS, DSCP value, and MAC source or destination addresses. Once the classifier has selected a matched packet, what happens to it can vary from discarding or forwarding it, to marking the DSCP value, and many other alternatives.

Example To block the W32.Slammer worm on port 1, which does not have an SQL client or server attached to it:

create class=1 udpd=1434

create qos flow=1 action=discard create qos trafficclass=1 create qos policy=1

add qos flow=1 class=1

add qos trafficclass=1 flow=1 set qos port=1 policy=1

Create A Secure Network With Allied Telesis Managed Layer 3 Switches

26

Page 25 Page 27
Image 26
Page 25 Page 27
Contents Contents IntroductionEdge switch Access Router Protecting against packet flooding Securing the deviceProtecting the network Bandwidth limiting Using QoS policy-based storm protection Configuration To use storm protectionConfiguration on one or more ports Reboot after turning on enhanced modeRest of the QoS configuration is as normal, so Protecting against rapid MAC movementControlling multicast traffic Igmp snoopingIgmp throttling Configuration For each portIgmp filtering Managing the device securely Using Secure Shell SSHConfiguration Configuration 1. Enable Snmp Using SSL for secure web accessUsing SNMPv3 Managing the device securely Whitelisting telnet hosts Building a whitelist through layer 3 filtersBuilding a whitelist through QoS Trouble with ARP Identifying the userIP spoofing and tracking Rejecting Gratuitous ARP Garp Dhcp snoopingSetting up Dhcp snooping Using static binding for rigid controlUsing ARP security Using 802.1x port authenticationUsing Dhcp snooping to track clients Using private VLANs Protecting the userUsing local proxy ARP and MAC-forced forwarding To remove ports from the VlanLocal proxy ARP Configuration of access router Example Add ip int=vlan104 ip=address-in-192.168.4.0-subnet MAC-Forced Forwarding Macff Access Using IPsec to make VPNsSwitches EdgeProtecting against worms Blocking worms through classifier-based filtersBlocking worms through QoS actions Edge switch Edge switch 1 is directly connected to the access routerEdge switch Add ip int=vlan500 ip=172.16.5.103 mask=255.255.255.0 Access Router C613-16103-00 REV a
Top Page Image Contents