Allied Telesis AT-9900 Series manual Securing a Single Vlan through Switch Filters CR00011271

Page 39

Securing a Single VLAN through Switch Filters (CR00011271)

39

Securing a Single VLAN through Switch Filters (CR00011271)

On AT-8824, Rapier 24i, AT-8724XL and AT-8624 switches, this enhancement enables you to use switch filters to secure only the current VLAN, instead of securing all VLANs on the switch. To turn on this feature, a new command disables “vlansecure” for filters (see “Configuring vlansecure” on page 40). Without this enhancement (the default situation) a switch filter only allows a host to access the network through a particular port on the switch. For example, if you have a PC connected to port 15 in vlan2, and define the following filter, the PC can only communicate when it is connected to port 15:

add switch filter entry=0 dest=pc-mac-addressvlan=2 port=15 action=forward

With this enhancement, the above filter limits the host to accessing vlan2 through port 15, but does not prevent the host from accessing other VLANs through other ports in vlan2. For example, if the above filter exists and you move the PC to another port in vlan2, this enhancement prevents the PC from communicating with devices in vlan2 but allows it access to other VLANs on the switch. The following figure shows a PC that has been moved from port 15 to port 16 to illustrate the effect.

Default behaviour

Securing only the VLAN

(vlansecure enabled)

(vlansecure disabled)

port 15

port 16

port 15

port 16

vlan2

 

vlan2

 

vlan1

 

vlan1

 

 

 

 

swi-filter

Version 276-03

C613-10474-00 REV B

Page 38 Page 40
Image 39
Page 38 Page 40
Contents Models Series Release File Date Size bytes GUI file VersionEnabling and Installing this Release SFPs or reflect the correct link state SwitchCR00012654 CR00013388CR00011691 CR00011694CR00012097 PIM IPv6PIM6 IP GatewayATM ModuleVrrp UtilityAsyn BGPPIM on IPv6 SYNFirewall WAN load CR00011855CR00011940 CR00011991Lbstate=closing Switch, UtilityCommand disable switch port=port-numberlink=disable did not VlanCR00012232 CR00012140CR00012167 CR00012204Software QoS CR00012304CR00012319 CR00012396Stacking CR00012482Core, Utility CR00012533CR00012689 CR00012613CR00012649 MLD SnoopingAppletalk Dynam=trigger CR00010508CR00011774 CR00011510CR00011659 CR00011687CR00012014 CR00011931CR00011943 CR00011969CR00012283 CR00012040CR00012175 CR00012265Asyn Destroy and create commands LoggingOutput=permanent full Core, Isdn CR00012594Module Level Description CR00003286CR00012043 CR00011995Mstp CR00007105CR00009825 CR00011164Command show bgp peer=ip-address L2TP Module LevelBridging DescriptionCR00008046 CR00008244 SwitchCR00009236 CR00008742 SwitchCR00010307 Switch CR00008791Authentication IPX Isakmp EnvironmentMonitoring MIBUpnp SnoopingDhcp CoreGUI Perm QoSCR00011614 CR00010196IP gateway CR00011355Adding Static ARP Entries Show ip Securing a Single Vlan through Switch Filters CR00011271 Configuring vlansecure Making Asynchronous Ports Respond More Quickly CR00011565 Ten timer value 100 Displaying the Number of Routes from a Peer Route Update Queue Length CR00010196 Parameter Meaning Queue defaultPermanent Assignments CR00011355 Which produces the output shown in Figure ExampleName Local Remote IP address Main office 172.20.34.9 Add perm Command ReferenceDelete perm Reset perm Set perm Show perm Add perm delete perm reset perm set perm
Top Page Image Contents