Securing the device
Securing the device
The first step towards making a secure network is to secure the networking equipment itself.
There are two aspects to this. Firstly, physical security is
Products
All switches listed on page 2
Software Versions
All
Secondly, straight after powering up any new piece of
networking equipment, change the default administrator user’s password. On an Allied Telesis managed layer 3 switch, the default user is “manager”. To change the password, use the following command:
set user=manager
The default password is
Protecting the network
This section describes layer 2 based methods for controlling the negative impact of misconfigured devices and misuse of the network. These solutions work at the Ethernet level of a packet and cause no degradation in the switch's throughput.
You can protect your network against the following:
ztraffic storms (“Protecting against packet flooding” on page 3)
zexcessive MAC address learning (“Protecting against rapid MAC movement” on page 6)
zunwanted multicast traffic (“Controlling multicast traffic” on page 7)
Protecting against packet flooding
Service providers are often vulnerable to traffic storms, primarily when incorrectly configured customer equipment is directly connected to the provider. Storms overwhelm a subnet, and all of the switches in that subnet, with traffic. Such misconfiguration can quickly lead to widespread outages and compromise guaranteed service levels.
Storms are a reality in any network. They can occur by accident, maliciously, or when a network device fails. They occur naturally in a network where switches are connected more than once to the same VLAN, so administrators must employ a method to prevent these switch loops.
Spanning Tree Protocol based solutions are the most common method of preventing loops. However, incorrect configuration or other network issues can cause STP to fail. For example, if a single switch in the VLAN does not have STP enabled, the STP tree will not converge properly. Spanning tree protocols can even fail if a broadcast storm drowns out STP messages.
Create A Secure Network With Allied Telesis Managed Layer 3 Switches | 3 |