Manuals / Dell / Computer Equipment / Computer Accessories

Dell 6200 SERIES manual Dhcp Snooping, Example #2 Viewing the DoS Configuration Information

Models: 6200 SERIES

1 176

Download 176 pages 5.47 Kb

Page 56

Example #2: Viewing the DoS Configuration Information
console#show	dos-control
SIPDIP Mode		Enable
First Fragment Mode		Enable
Min TCP Hdr Size		20
TCP Fragment	Mode	Enable
TCP Flag Mode	..................................	Disable
L4 Port Mode		Enable
ICMP Mode		Enable
Max ICMP Pkt	Size	512

DHCP Snooping

Dynamic Host Configuration Protocol (DHCP) Snooping is a security feature that monitors DHCP messages between a DHCP client and DHCP server to:

•Filter harmful DHCP messages

•Build a bindings database of (MAC address, IP address, VLAN ID, port) authorized tuples. DHCP snooping is disabled globally and on all VLANs by default. Ports are untrusted by default.

Network administrators can enable DHCP snooping globally and on specific VLANs. They can also configure ports within the VLAN to be trusted or untrusted. DHCP servers must be reached through trusted ports.

DHCP snooping enforces the following security rules:

•DHCP packets from a DHCP server (DHCPOFFER, DHCPACK, DHCPNAK, DHCPRELEASEQUERY) are dropped if received on an untrusted port.

•DHCPRELEASE and DHCPDECLINE messages are dropped if for a MAC addresses in the snooping database, but the binding's interface is other than the interface where the message was received.

•On untrusted interfaces, the switch drops DHCP packets with a source MAC address that does not match the client hardware address. This is a configurable option.

Dynamic ARP Inspection uses the DHCP snooping bindings database to validate ARP packets.

To prevent DHCP packets being used as a DoS attack when DHCP snooping is enabled, the snooping application enforces a rate limit for DHCP packets received on interfaces. DHCP snooping monitors the receive rate on each interface separately. If the receive rate exceeds a configurable limit, DHCP snooping brings down the interface. The user must do “no shutdown” on this interface to further work with that port. The user can configure both the rate and the burst interval.

56

Switching Configuration

Image 56

Dell 6200 SERIES manual Dhcp Snooping, Example #2 Viewing the DoS Configuration Information

Contents

Configuration Guide Model PC6224, PC6248, PC6224P, PC6248P, and PC6224F April Contents Web Interface Configuration LAGs/Port-channels 100 106 135 162 About this Document OrganizationAdditional Documentation System Configuration Traceroute CLI ExampleConsiderations Configuration ScriptingOverview Example #3 Applying a Script to the Active Configuration CLI ExamplesExample #1 Viewing the Script Options Example #2 Viewing and Deleting Existing ScriptsExample #4 Copying the Active Configuration into a Script TftpOutbound Telnet OverviewExample #1 Connecting to Another System by Using Telnet Simple Network Time Protocol SntpExample #2 Configuring the Sntp Server Example #1 Viewing Sntp OptionsExample #3 Viewing Sntp Information console#show sntp ? Example #1 Viewing Logging Information SyslogInterpreting Log Files Example #5 Configuring Syslog Server Example #2 Viewing the Logging FileExample #2 Show the Port Description Port DescriptionExample #1 Enter a Description for a Port Storm Control Example #3 Set Unicast Storm Control for an Interface Example #1 Set Broadcast Storm Control for an InterfaceExample #2 Set Multicast Storm Control for an Interface Cable Diagnostics Copper Port Cable TestExample #2 Show Copper Cable Length Example #3 Show Last Time Domain Reflectometry Tests Example #1 Show Optical Transceiver DiagnosticsFiber Port Cable Test System Configuration Switching Configuration Virtual LANsVlan Configuration Example Vlan IDExample #1 Create Two VLANs Example #2 Assign Ports to VLAN2Example #5 Assign IP Addresses to Vlan Example #4 Assign VLAN3 as the Default VlanExample #3 Assign Ports to VLAN3 Web Interface Example #6 View Information About VlanIP Subnet and MAC-Based VLANs Example #1 Associate an IP Subnet with a VlanExample #2 Associate an IP Address with a Vlan Example #3 Associate a MAC Address with a VlanPrivate Edge VLANs Example #4 Viewing IP Subnet and MAC-Based Vlan AssociationsExample #1 Configuring a Protected Port Example #2 Viewing Protected Port GroupUsing Voice Vlan Voice VlanExample#1 Configuring Voice Vlan Interaction with LLDP-MEDExample #2 Configuring Voice Vlan on an Unauthenticated Port Switch with Igmp Snooping Igmp SnoopingEnable Igmp snooping on the Vlan Igmp Example #1 Enable Igmp Snooping Querier on the Switch Igmp Snooping QuerierExample #2 Configure Igmp Snooping Querier Properties Example #4 Enable Igmp Snooping Querier on a VlanLink Aggregation/Port Channels Example #5 Show Igmp Snooping Querier Information for VlanShows the example network Example 3 Show the Port Channels Example 1 Create Names for Two Port-ChannelsExample 2 Add the Physical Ports to the Port-Channels Web Interface Configuration LAGs/Port-channels Example #2 Show the Port Mirroring Session Example #1 Set up a Port Mirroring SessionPort Mirroring Port Security OperationExample #1 Enable Port Security on an Interface Example #2 Show Port SecurityExample #2 Set Interface Lldp Parameters Link Layer Discovery ProtocolExample #1 Set Global Lldp Parameters Example #3 Show Global Lldp Parameters Example #4 Show Interface Lldp ParametersDenial of Service Attack Protection OverviewDescribes the dos-controlkeywords Example #1 Enabling all DOS ControlsExample #2 Viewing the DoS Configuration Information Dhcp SnoopingSwitching Configuration Bindin g Example #3 Enable Dhcp snoopings Source MAC verification Example #1 Enable Dhcp snooping for the switchExample #2 Enable Dhcp snooping on a Vlan Example #9 Configure a Dhcp snooping static binding entry Example #7 Configure an interface as Dhcp snooping trustedExample #8 Configure rate limiting on an interface Switching Configuration Switching Configuration Example #12 Show Dhcp Snooping database configurations Example #13 Show Dhcp Snooping binding entriesSwitching Configuration Example #15 Show Dhcp Snooping Per Port Statistics Switching Configuration SFlow SFlow Collector/AnalyzerSFlow Agents Packet Flow SamplingCLI Examples Counter SamplingExample #4 Show the sFlow configuration for receiver index Switching Configuration Switching Configuration Routing Configuration Vlan Routing Example 1 Create Two VLANsExample 2 Configure the Vlan Members Using the Web Interface to Configure Vlan Routing Example 4 Enable Routing for the SwitchVrrp Example Network Configuration Virtual Router Redundancy ProtocolConfiguring Vrrp on the Switch as a Master Router Configuring Vrrp on the Switch as a Backup RouterUsing the Web Interface to Configure Vrrp Example #2 Viewing the Interface Information Proxy Address Resolution Protocol ARPExample #1 Enabling Proxy ARP Ospf Concepts and Terms Areas and TopologyOspf Routers and LSAs Metrics and Route SelectionOspf Example Network Diagram Border Router Enable routing for the switch Example 2 Configuring Stub and Nssa Areas IPv4 OSPFv2Ospf Configuration-Stub Area and Nssa Area Define an Ospf router Routing Configuration Example 3 Configuring a Virtual Link Ospf Configuration-Virtual LinkRouting Configuration Routing Configuration RIP Configuration Routing Information ProtocolExample #1 Enable Routing for the Switch Example #2 Enable Routing for PortsExample #4. Enable RIP for the Vlan Routing Interfaces Using the Web Interface to Configure RIPExample #3. Enable RIP for the Switch Assigning Administrative Preferences to Routing Protocols Route PreferencesExample 1 Configure Administrative Preferences Using Equal Cost Multipath Forwarding Without EcmpExample 1 Configuring an Ecmp Route Loopback Interfaces Next, you assign an IPv4 or IPv6 address to the interfaceIP Helper 100Default Ports UDP Port Numbers Implied By Wildcard Protocol 101Example 1 Enable/Disable IP Helper Example 2 Configure IP Helper Globally DhcpExample 3 Enable IP Helper Globally UDP 102103 104 Example 7 Show IP Helper ConfigurationsExample 8 Show IP Helper Statistics Device Security 105802.1x Network Access Control 802.1x Network Access Control ExamplesExample #1 Configure Radius Server for Authentication 106Switch with 802.1x Network Access Control 107Example #2 MAC-Based Authentication Mode 108802.1X Authentication and VLANs Authenticated and Unauthenticated VLANsGuest Vlan 109110 Example #1 Allow the Switch to Accept RADIUS-Assigned VLANsExample #2 Enable Guest VLANs 111 Authentication Server Filter AssignmentAccess Control Lists ACLs Limitations 112113 MAC ACLsEgress ACL Limitations 114 ACL Configuration ProcessIP ACLs IP ACL CLI Example 115Configuring a MAC ACL Viewing the MAC ACL Information 117118 Radius Configuration ExamplesExample #1 Basic Radius Server Configuration 119 Radius Servers in a Network120 TACACS+ Configuration ExampleExample #2 Set the NAS-IP Address for the Radius Server PowerConnect 6200 Series Switch with TACACS+ 121122 802.1x MAC Authentication Bypass MABOperation in the Network Example 1 Enable/Disable MAB 123Example 2 Show MAB Configuration 124125 Captive PortalFunctional Description 126 Captive Portal Configuration, Status and StatisticsCaptive Portal Configuration Description Range Usage Default 127128 Captive Portal StatusClient Connections Captive Portal Statistics Example 6 Show Captive Portal Instances 130To view the configuration change, use the following command 131To create a local user, use the following command 132133 134 135 Interface ConfigurationOverview Device 136137 138 Class of Service Queuing Ingress Port ConfigurationTrusted and Untrusted Ports/CoS Mapping Table 139Egress Port Configuration-Traffic Shaping Queue configurationQueue Management Type CoS Mapping Table for Trusted Ports141 IngressCoS1/g Configuration Example System Diagram 142Differentiated Services 143Example #1 DiffServ Inbound Configuration 144145 DiffServ for VoIP Configuration Example 146DiffServ VoIP Example Network Diagram 147Example #2 Configuring DiffServ VoIP Support 148Multicast 149Igmp Configuration 150151 Example #1 Configuring Igmp Proxy on the RouterIgmp Proxy Example #2 View Igmp Proxy Configuration Data 152CLI Example 153PIM 154Example PIM-SM 155Example PIM-DM Multicast Routing and Igmp Snooping 157Console#show ip pimdm 158Console#show ip igmp 159160 Utility 161Auto Config IP Address AssignmentAssignment of Tftp Server 162Obtaining a Config File 163Monitoring and Completing the Auto Config Process 164Restarting the Auto Config Process Switch Configuration ConsiderationsNetwork Configuration Considerations 165Other Functions 166167 Example 1 Show Auto Config ProcessExample 2 Enable Auto Config Nonstop Forwarding on a Switch Stack Initiating a FailoverCheckpointing 168169 Applications that Checkpoint Data Checkpointed DataSwitch Stack MAC Addressing and Stack Design Considerations NSF Default BehaviorNSF Network Design Considerations 170171 Configuration ExamplesData Center 172 VoIPDhcp Snooping Scenario ` ` 173Storage Access Network Scenario 174Routed Access Scenario 175176