Allied Telesis Layer 3 Switches manual C613-16103-00 REV a

Page 31

#Configure PIM sparse mode for multicast routing add pim interface=vlan28

add pim interface=vlan200

add pim bsrcandidate interface=vlan28

add pim rpcandidate group=224.0.0.0 mask=240.0.0.0 interface=vlan28 enable pim

#Configure the DCHP server

create dhcp poli=Voice_DHCP lease=7200

add dhcp poli=Voice_DHCP subn=255.255.255.0 router=172.16.1.254 dnss=10.0.0.100,10.0.0.101 maskdiscovery=off masksupplier=off

create dhcp range=Voice_range poli=Voice_DHCP ip=172.16.1.200 number=5 add dhcp range=Voice_range ip=172.16.1.201 a=00-0d-da-00-0b-11

add dhcp range=Voice_range ip=172.16.1.202 a=00-0d-da-00-00-37 add dhcp range=Voice_range ip=172.16.1.203 a=00-0d-da-00-02-eb create dhcp poli=Video_DHCP lease=3600

add dhcp poli=Video_DHCP subn=255.255.255.0 router=172.16.2.254 maskdiscovery=off masksupplier=off

create dhcp range=Video_range poli=Video_DHCP ip=172.16.2.200 number=5 create dhcp poli=Data_DHCP lease=300

add dhcp poli=Data_DHCP subn=255.255.255.0 router=172.16.3.254 dnss=10.0.0.100,10.0.0.101 maskdiscovery=off masksupplier=off

create dhcp range=Data_range poli=Data_DHCP ip=172.16.3.200 number=5 enable dhcp

delete lacp port=3-24 enable lacp

USA Headquarters 19800 North Creek Parkway Suite 200 Bothell WA 98011 USA T: +1 800 424 4284 F: +1 425 481 3895

European Headquarters Via Motta 24 6830 Chiasso Switzerland T: +41 91 69769.00 F: +41 91 69769.11

Asia-Pacific Headquarters 11 Tai Seng Link Singapore 534182 T: +65 6383 3832 F: +65 6383 3830

www.alliedtelesis.com

© 2007 Allied Telesis, Inc. All rights reserved. Information in this document is subject to change without notice. Allied Telesis is a trademark or registered trademark of Allied Telesis, Inc. in the United States and other countries.

All company names, logos, and product designs that are trademarks or registered trademarks are the property of their respective owners.

C613-16103-00 REV A

Image 31
Contents Introduction ContentsEdge switch Access Router Protecting the network Securing the deviceProtecting against packet flooding Bandwidth limiting Configuration To use storm protection Using QoS policy-based storm protectionProtecting against rapid MAC movement Reboot after turning on enhanced modeRest of the QoS configuration is as normal, so Configuration on one or more portsIgmp snooping Controlling multicast trafficIgmp filtering Configuration For each portIgmp throttling Configuration Using Secure Shell SSHManaging the device securely Using SNMPv3 Using SSL for secure web accessConfiguration 1. Enable Snmp Managing the device securely Building a whitelist through layer 3 filters Whitelisting telnet hostsBuilding a whitelist through QoS IP spoofing and tracking Identifying the userTrouble with ARP Dhcp snooping Rejecting Gratuitous ARP GarpUsing static binding for rigid control Setting up Dhcp snoopingUsing Dhcp snooping to track clients Using 802.1x port authenticationUsing ARP security Protecting the user Using private VLANsTo remove ports from the Vlan Using local proxy ARP and MAC-forced forwardingLocal proxy ARP Configuration of access router Example Add ip int=vlan104 ip=address-in-192.168.4.0-subnet MAC-Forced Forwarding Macff Edge Using IPsec to make VPNsSwitches AccessBlocking worms through classifier-based filters Protecting against wormsBlocking worms through QoS actions Edge switch 1 is directly connected to the access router Edge switchEdge switch Add ip int=vlan500 ip=172.16.5.103 mask=255.255.255.0 Access Router C613-16103-00 REV a