Manuals / Allied Telesis / Computer Equipment / Switch

Allied Telesis Layer 3 Switches manual Securing the device, Protecting the network

Models: Layer 3 Switches

1 31
Download 31 pages 47.42 Kb
Page 3
Image 3

Securing the device

Securing the device

The first step towards making a secure network is to secure the networking equipment itself.

There are two aspects to this. Firstly, physical security is vital—lock your networking equipment away.

Products

All switches listed on page 2

Software Versions

All

Secondly, straight after powering up any new piece of

networking equipment, change the default administrator user’s password. On an Allied Telesis managed layer 3 switch, the default user is “manager”. To change the password, use the following command:

set user=manager password=<new-password>

The default password is well-known. If you do not change it, anyone with physical or IP access could reconfigure the switch.

Protecting the network

This section describes layer 2 based methods for controlling the negative impact of misconfigured devices and misuse of the network. These solutions work at the Ethernet level of a packet and cause no degradation in the switch's throughput.

You can protect your network against the following:

ztraffic storms (“Protecting against packet flooding” on page 3)

zexcessive MAC address learning (“Protecting against rapid MAC movement” on page 6)

zunwanted multicast traffic (“Controlling multicast traffic” on page 7)

Protecting against packet flooding

Service providers are often vulnerable to traffic storms, primarily when incorrectly configured customer equipment is directly connected to the provider. Storms overwhelm a subnet, and all of the switches in that subnet, with traffic. Such misconfiguration can quickly lead to widespread outages and compromise guaranteed service levels.

Storms are a reality in any network. They can occur by accident, maliciously, or when a network device fails. They occur naturally in a network where switches are connected more than once to the same VLAN, so administrators must employ a method to prevent these switch loops.

Spanning Tree Protocol based solutions are the most common method of preventing loops. However, incorrect configuration or other network issues can cause STP to fail. For example, if a single switch in the VLAN does not have STP enabled, the STP tree will not converge properly. Spanning tree protocols can even fail if a broadcast storm drowns out STP messages.

Create A Secure Network With Allied Telesis Managed Layer 3 Switches

3

Page 2 Page 4
Page 3
Image 3
Allied Telesis Layer 3 Switches manual Securing the device, Protecting the network, Protecting against packet flooding
Page 2 Page 4