Securing a Single VLAN through Switch Filters (CR00011271)

69

Securing a Single VLAN through Switch Filters (CR00011271)

On AT-8824, Rapier 24i, AT-8724XL and AT-8624 switches, this enhancement enables you to use switch filters to secure only the current VLAN, instead of securing all VLANs on the switch. To turn on this feature, a new command disables “vlansecure” for filters (see “Configuring vlansecure” on page 70). Without this enhancement (the default situation) a switch filter only allows a host to access the network through a particular port on the switch. For example, if you have a PC connected to port 15 in vlan2, and define the following filter, the PC can only communicate when it is connected to port 15:

add switch filter entry=0 dest=pc-mac-addressvlan=2 port=15 action=forward

With this enhancement, the above filter limits the host to accessing vlan2 through port 15, but does not prevent the host from accessing other VLANs through other ports in vlan2. For example, if the above filter exists and you move the PC to another port in vlan2, this enhancement prevents the PC from communicating with devices in vlan2 but allows it access to other VLANs on the switch. The following figure shows a PC that has been moved from port 15 to port 16 to illustrate the effect.

Default behaviour

Securing only the VLAN

(vlansecure enabled)

(vlansecure disabled)

port 15

port 16

port 15

port 16

vlan2

 

vlan2

 

vlan1

 

vlan1

 

 

 

 

swi-filter

Version 276-05

C613-10474-00 REV D

Page 69
Image 69
Allied Telesis AR44xS series manual Securing a Single Vlan through Switch Filters CR00011271

AR44xS series specifications

The Allied Telesis AR44xS series represents a significant advancement in network technology, designed to meet the demands of modern enterprises. Known for its distinctive features, robust performance, and reliability, this series enables organizations to enhance their network infrastructure efficiently.

One of the standout characteristics of the AR44xS series is its focus on high-performance routing capabilities. These routers are equipped with advanced Layer 3 routing, offering the ability to handle large volumes of traffic seamlessly. This ensures minimal latency and maximizes throughput, making it ideal for bandwidth-intensive applications such as video conferencing and cloud computing.

The AR44xS series integrates an intuitive user interface, enabling easy management and configuration. The web-based management system provides insights into network performance and health, allowing administrators to quickly respond to issues. Additionally, the support for command-line interface (CLI) offers advanced users the flexibility to execute configurations and scripts tailored to specific needs.

Security is a paramount concern in today's digital landscape, and the AR44xS series addresses this with comprehensive security features. It incorporates next-generation firewall capabilities, intrusion detection and prevention systems (IDPS), and secure virtual private network (VPN) support. With these solutions, organizations can safeguard their networks from emerging threats and unauthorized access.

The series also supports various connectivity options, including Ethernet and fiber optics, making it suitable for diverse network architectures. With the availability of multiple interfaces, including Gigabit options, the AR44xS series allows for scalable deployment, ensuring organizations can adapt as their needs evolve.

Moreover, the AR44xS series is built to support advanced technologies such as IPv6, which is critical for future-proofing network infrastructure as the number of internet devices continues to grow. This ensures compatibility with next-generation Internet technologies.

In summary, the Allied Telesis AR44xS series stands out for its high-performance routing, robust security features, intuitive management interface, and support for modern networking technologies. These attributes make it a solid choice for organizations looking to strengthen their network infrastructure while ensuring scalability and security in an ever-changing digital landscape. This series is an essential tool for businesses aiming to future-proof their networking capabilities and drive operational efficiency.