Manuals / Avaya / Computer Equipment / Switch

Avaya P3343T-ML manual MAC Security Implementation in P330

Models: P3343T-ML

1 178

Download 178 pages 4.71 Kb

Page 113

MAC Security

Chapter 11 Avaya P330 Layer 2 Features

MAC Security

The MAC security function is intended to filter incoming frames (from the line) with an unauthorized source MAC address (SA).

MAC Security Implementation in P330

When a frame is received on a secured port, its source MAC address is checked against the secured MAC Address Table. If either the source MAC address is not found there, or it is found but with a different ingress port location, then the frame is rejected. Tagged traffic from a secured MAC address on the ingress port on which it was learned is accepted by the switch if the VLAN binding mode of the traffic is the same as the VLAN binding mode of the ingress port.

The P330 can be configured to take one of the following actions when an attempted intrusion occurs:

•Drop – Drops the packets for 5 seconds.

•Drop and notify – Drops the packets for 5 seconds and sends a notification to the management station.

•Disable and notify – Permanently disables the packets and sends a notification to the management station.

When the P330 is configured to send traps to report attempted intrusion, to prevent the flooding of the Console's trap log / network, the Agent sends an intruder alert every 5 seconds for the first 3 times a specific intruder is detected on a port, and then every 15 minutes if the intrusion continues.

User should first enable the MAC security global mode (set security mode) and then configure the ports which should be secured (set port security). When setting a port to secured, the MAC addresses that a currently learnt on this port are preserved and considered as secure MAC, unless they are removed using clear secure mac command. Individual secure MACs can also be added.

A MAC address can be added to more than one port on the device. This allows a specific device to communicate with the switch via more than one ingress port. However the number of secured MAC addresses on any module cannot exceed 1,024.

Ports that are members of a port redundancy scheme should not be also configured as secure ports.

Avaya P334T-ML User’s Guide

97

Image 113

Avaya P3343T-ML manual MAC Security Implementation in P330

Contents

SOFTWARE VERSION STACKABLE SWITCHInstallation and Configuration Guide AVAYA P334T-MLDocument no avaya.comOverview ContentsSection Section InstallationConfiguring the Terminal Serial Port Parameters Section ConfigurationIngress VLAN Security Port Mirroring Constraints Section Troubleshooting and MaintenanceChapter 15 Updating the Software Safety Information Before you Install the P330-MLPreface FCC NoticeNotes, Cautions, and Warnings WarrantyAvaya P334T-ML User’s Guide Avaya SupportAvaya P334T-ML User’s Guide SECTION 1 OVERVIEW Page Avaya P334T-ML Overview Avaya P334T-ML FeaturesChapter IntroductionCommand Line Interface CLI Layer 3 Features P330-MLNetwork Management and Monitoring Device Manager Embedded WebSMON Avaya Integrated ManagerPort Mirroring Avaya P334T-ML User’s Guide Fans, Power Supply, and BUPS-ML MonitoringChapter 1 Avaya P334T-ML Overview Avaya P330 Standards Supported Standards and CompatibilityIEEE IETF - LayerIETF - Network Monitoring P334T-ML Switch SpecificationsPower Requirements PhysicalSafety - AC Version SafetySafety - DC Version EMC EmissionsInterfaces Stacking Sub-moduleBasic MTBF Basic MTBFApproved SFF/SFP GBIC Transceivers Safety InformationSpecifications InstallationTo Install the SFF/SFP GBIC transceiver To Remove the SFF/SFP GBIC transceiverAgency Approval Gigabit Fiber Optic CablingConsole Pin Assignments Avaya P334T-ML User’s Guide ChapterSECTION 2 INSTALLATION Page Required Tools InstallationSite Preparation ChapterPower Requirements - DC Table 4.2 Power Requirements - ACRack Mounting Optional To connect stacked switches Installing the X330STK-ML Stacking Sub-Module OptionalConnecting Stacked Switches 5 Power up the added modules Chapter InstallationAvaya P334T-ML User’s Guide X330RCPrerequisites Connecting Cables to Network EquipmentMaking Connections to Network Equipment Page Powering On - Avaya P330 Module AC Powering Up the Avaya P330Powering On - Avaya P330 Switch DC ChapterPost-Installation Chapter Avaya P334T-ML Front and Rear PanelsAvaya P334T-ML Front Panel LED Name P334T-ML LEDsChapter 6 Avaya P334T-ML Front and Rear Panels Avaya P334T-ML LED Descriptions Continued BUPS-ML connector cover plate removed Avaya P334T-ML Back PanelTable 6.2 Avaya P334T-ML - - Select buttons Figure 6.4 P334T-ML AC version Back Panel with Stacking Sub-moduleFigure 6.6 BUPS-ML Input Connector Sticker BUPS-ML Input ConnectorChapter 6 Avaya P334T-ML Front and Rear Panels Avaya P334T-ML User’s GuideConfiguring the Terminal Serial Port Parameters Establishing Switch AccessConnecting a Terminal to the Avaya P330 Serial port Establishing a Serial ConnectionAssigning P330’s IP Stack Address P330 Sessionssession router The mode can be either switch, router, wan, atm, mgpEstablishing an SSH Connection Establishing a Telnet Connectionset interface ppp enable Connecting a Modem to the Console PortEstablishing a Modem PPP Connection with the P330 OverviewEntering the Supervisor Level Security LevelsEntering the CLI SNMP Support User AuthenticationIntroduction to SNMP Chaptercontrol the P330 Users Groups Views SNMP CommandsIn order to In order to Introduction to SSH SSH Protocol SupportFigure 8.1 SSH Session Establishment Process SSH CommandsSCP Protocol Support Introduction to RADIUS RADIUSUser attempts login Local User account authenticated in switch? No Chapter 8 User AuthenticationUser name and password authenticated? No Authentication Reject sent to switchRadius Commands Introduction to Telnet Telnet CommandsTelnet Client Support Introduction Recovery PasswordRecovery Password Commands Allowed Managers Introduction Allowed Managers CLI CommandsAllowed Managers Allowed Protocols Introduction Allowed Protocols CLI CommandsAllowed Protocols Enable Telnet access from the Use the following commandip telnet-client enable switchSECTION 3 CONFIGURATION Page Configuring the Switch P330 Default SettingsAvaya P330 Default Settings ChapterFunction Ports 51 1 Ensure that the other side is also set to Autonegotiation EnabledPorts Avaya P334T-ML User’s Guide Chapter 9 P330 Default SettingsBasic Switch Configuration Switch ConfigurationChapter IntroductionOperating parameters System Parameter ConfigurationIdentifying the system Network Time Acquiring Protocols Parameter Configuration Uploading and Downloading Device Configurations and ImagesLayer 2 Configuration File In order to Layer 3 Configuration File In order to System Logging Introduction System LoggingApplications SinksSyslog Servers Syslog Configuration CLI Commands In order to Monitoring CPU Utilization Avaya P334T-ML User’s Guide Chapter 10 Switch ConfigurationChapter Avaya P330 Layer 2 FeaturesOverview Ethernet Configuring Ethernet ParametersFast Ethernet Gigabit EthernetGigabit Ethernet ports MMMMMMSSSSSS MM-MM-MM-SS-SS-SS Ethernet Configuration CLI Commands Chapter 11 Avaya P330 Layer 2 Features Ethernet Implementation in the Avaya P334T-MLSpeed - 10/100 ports 1-48 1G ports 51 Priority queuing - 10/100 ports 4 queues 1G ports 2 queuesVLAN Overview VLAN ConfigurationMulti VLAN Binding VLAN TaggingFigure 11.3 illustrates these binding modes in P330 Ingress VLAN Security VLAN CLI CommandsAutomatic VLAN Learning VLAN Implementation in the Avaya P334T-ML PBNAC Implementation in the P330 Family Port Based Network Access Control PBNACHow “Port Based” Authentication Works Configuring the P330 for PBNAC PBNAC CLI Commands In order to Spanning Tree Protocol Spanning Tree ProtocolSpanning Tree per Port OverviewRapid Spanning Tree Protocol RSTP Spanning Tree Implementation in the P330 Family Spanning Tree Protocol CLI Commands Set the port point-to-point admin Use the following commandset port point-to-point admin admin and operational RSTP statusMAC Security Implementation in P330 MAC SecurityMAC Security CLI Commands MAC Aging CLI Commands Configuring the P330 for MAC AgingMAC Aging OverviewLAG Overview LAG CLI CommandsLAG Implementation in the Avaya P330 Family of Products Port Redundancy Operation Port RedundancyIntermodule Port Redundancy Port Redundancy CLI Commandsswitch Use the following commandChapter 11 Avaya P330 Layer 2 Features In order toOverview IP Multicast FilteringIP Multicast Implementation in the Avaya P334T-ML IP Multicast CLI CommandsRMON Overview RMON CLI CommandsRMON In order to SMON Overview SMONPort Mirroring CLI commands Port Mirroring ConfigurationPort Mirroring Overview Port Mirroring ConstraintsAbout Multilayer Policy Multilayer PolicyMultilayer Policy Implementation in the P334T-ML Configuring the P334T-ML for Multilayer Policy Multilayer Policy CLI Commands In order to Weighted Queuing CLI Commands Weighted QueuingImplementation of Weighted Queuing in the P330-ML Overview Port Classification CLI CommandsPort Classification Stack Health Stack RedundancyImplementation of Stack Health in the P330 Family OverviewUse the following command Stack Health CLI CommandsInitiate the stack health testing procedureAvaya P334T-ML User’s Guide Chapter 11 Avaya P330 Layer 2 FeaturesWhat is Routing? Avaya P330 Layer 3 FeaturesChapter IntroductionFigure 12.1 Routing Multinetting Multiple Subnets per VLAN Routing ConfigurationForwarding IP Configuration CLI Commands IP Configurationset vlan Vlan-id name Vlan-name replacing Vlan-id by the Assigning Initial Router ParametersThe Routerconfigure-ifinterface-name# prompt appears Routerconfigure# interface interface-nameRouterconfigure-ifinterface-name# ip address ip- address netmask Routerconfigure# interface interface-name# ip vlan vland-idTo obtain a License Key that enables routing features Obtaining a Routing License KeyChapter 12 Avaya P330 Layer 3 Features 1 Go to http//license-lsg.avaya.com and click “request new license”4 Enter contact information once per certificate 5 Click Next Chapter 12 Avaya P330 Layer 3 Features6 View number of licenses left Avaya P334T-ML User’s GuideActivating a Routing License Key set license module license featureNameLicense Key CLI Commands Avaya P334T-ML User’s Guide Chapter 12 Avaya P330 Layer 3 FeaturesRIP Overview RIP Routing Interchange Protocol ConfigurationTable 12.1 DIfferences Between RIP and RIP2 RIP CLI CommandsRIP2 In order to OSPF Overview OSPF Open Shortest Path First ConfigurationOSPF CLI Commands Static Routing Overview Static Routing ConfigurationStatic Routing Configuration CLI Commands Route Preferences Route Redistribution Route Redistribution CommandsARP Overview ARP Address Resolution Protocol Table ConfigurationThe ARP Table ARP CLI CommandsBOOTP/DHCP Overview BOOTP/DHCP Dynamic Host Configuration Protocol Relay ConfigurationBOOTP/DHCP CLI Commands NetBIOS Re-broadcast Configuration CLI Commands NetBIOS Re-broadcast ConfigurationNetBIOS Overview VRRP Overview VRRP Virtual Router Redundancy Protocol ConfigurationVRRP Configuration Example Case #2 VRRP CLI CommandsIn order to SRRP Overview SRRP ConfigurationSRRP Configuration Example SRRP CLI Commands Policy Configuration CLI Commands Policy ConfigurationPolicy Configuration Overview In order to Figure 12.4 Avaya P330 Policy Policy Configuration ExampleP330-1super# ip access-list 100 2 fwd3 tcp any host P330-1super# ip access-list 100 1 fwd6 tcp 149.49.0.0 0.0.255.255 anyP330-1super# ip access-list 100 3 deny tcp host 192.168.5.33 any eq Policy Configuration ExampleIP Fragmentation/Reassembly CLI Commands IP Fragmentation and ReassemblyIP Fragmentation and Reassembly Overview SECTION 4 TROUBLESHOOTING AND MAINTENANCE Page Chapter Troubleshooting the InstallationTroubleshooting the Installation Avaya P334T-ML User’s Guide Chapter 13 Troubleshooting the InstallationReplacing the Stacking Sub-module MaintenanceChapter IntroductionAvaya P334T-ML User’s Guide MaintenanceChapter Software Download Updating the SoftwareObtain Software Online Downloading SoftwareDownload New Version without Overwriting Existing Version