Finance Department | Enterasys Networks 2H253, 2E253, 2H252, 2H258

Example 4, Securing Sensitive Information According to Subnet

2.The VLAN Classification Configuration screen is used to configure the switch to detect and classify the incoming RIP broadcast frames on Port 25 to the Null VLAN. Since the Null VLAN is not assigned to any port, the frame is dropped (not transmitted out any port). The VLAN Classification Configuration screen is set as follows:

•VID: 99

•Classification: Dest UDP Port

•IP UDP Port: 520

Port 520 is a well known port number used by RIP.

12.15EXAMPLE 4, SECURING SENSITIVE INFORMATION ACCORDING TO SUBNET

The ABC Company wants to confine the sensitive information being transmitted by their Finance Department to its users only.

In this example, illustrated in Figure 12-17, the users in the Finance Department are members of the Finance VLAN and are also on subnet 28 as shown in bold type.

Figure 12-17 Example 4, Securing Traffic to One Subnet

Finance Department

User Subnet Class B Address:

123.123.28.1 123.123.28.2 123.123.28.3 123.123.28.4 123.123.28.5

Engineering Department

User Subnet Class B Address:

123.123.50.1

123.123.50.2

123.123.50.3

123.123.50.4

123.123.50.5

S1	Port 25	Finance
S1		Server
		123.123.28.25
		Other Users
		123.123.xx.xx
		30691_74

VLAN Operation and Network Applications 12-33

Image 365

Enterasys Networks 2H253, 2E253, 2H252, 2H258 manual Finance Department

Contents

SmartSwitch 2200 Series Page Page Enterasys NETWORKS, INC Program License Agreement Page Page Contents Device Configuration Menu Screens Port Configuration Menu Screens Configuration Menu Screens Layer 3 Extensions Menu Screens Network Tools Screens Generic Attribute Registration Protocol Garp Figures Xiii Xiv Tables Xvi Tables About This Guide Using this Guide Structure of this Guide Xix Document Conventions Related Documents Bold type Typographical and Keystroke ConventionsPage Overview Introduction Management Agent Local Management Requirements In-Band vs. Out-of-BandNavigating Local Management Screens None Defined Local Management Screen Elements Display Fields Event Message FieldInput Fields Selection Fields Local Management Keyboard Conventions Command Fields Your email address Getting HelpPage Local Management Requirements Management Terminal Setup Console Cable Connection 2H252-25R SmartSwitch device is shown in -1as an example VT100ID Management Terminal Setup Parameters Telnet Connections Monitoring AN Uninterruptible Power Supply DB9 Port RJ45 COM Port Page Accessing Local Management 802.1Q Switching Mode, LM Screen Hierarchy Using the Return Command Using the Exit CommandSelecting Local Management Menu Screen Items Exiting Local Management Screens Using the Clear Counters Command Using the Next and Previous CommandsPassword Screen When to Use Screen Example How to Access Enter Screen Navigation Path Device Menu Screen Menu Descriptions ConfigurationDevice Menu Security NetworkTools Section Cont’d Overview of Security Methods Host Access Control Authentication Haca Overview of Security Methods 14Accessing Local Management Definitions of Terms and Abbreviations 2 802.1X Port Based Network Access Control 2.2 802.1X Security Overview Authentication Method Selection MAC Authentication OverviewAuthentication Method Sequence Concurrent Operation of 802.1X and MAC Authentication MAC 20Accessing Local Management MAC Authentication Control Security Menu Screen Refer to -4for a functional description of each menu item Name Services PasswordsAuthentication Radius Module Login Passwords Screen Passwords Screen Field Descriptions Switch Radius Configuration Screen Setting the Module Login Password Retries Timeout Last Resort Action/Remote Toggle Last Resort Action/Local SelectableRadius Client IP Address Setting the Local and Remote Servers Setting the Last Resort Authentication Name Services Configuration Screen Name Services Configuration Screen Name Services Switch Name ModifiableWeb Authentication Secure Harbour IP System Authentication Configuration Screen System Authentication Configuration Screen Authenticated , or Unauthenticated AuthenticationSystem Port # EAP Port Configuration Screen EAP Port Configuration Screen Port Backend State Authentication State Port Control Maximum Requests Initialize PortForce Reauth 10 EAP Statistics Menu Screen EAP Statistics Menu Screen EAP Session AuthenticatorEAP Diagnostic 11 EAP Session Statistics Screen EAP Session Statistics Screen When to Use SessionID Authenticate Server or a local Authentication Server MethodSessionOctetsRx SessionOctetsTx Clear Counters Command EAP Authenticator Statistics Screen When to UseSession User Name Port Number 12 EAP Authenticator Statistics Screen Clear Counters 13 EAP Diagnostic Statistics Screen EAP Diagnostic Statistics Screen When to Use Logoffs Connecting Enters ConnectingAuthenticating Timeouts Access Challenges AuthenticatedBackend Statistics Responses Other Requests To Counters MAC Port Configuration ScreenClear 14 MAC Port Configuration Screen Port Enable SET ALL Ports MAC Supplicant Configuration Screen MAC Address Duration Initialize Supplicant Reauthenticate SupPlicant False Device Configuration Menu Screens General Configuration Device Configuration Menu Screen Snmp GeneralResources Information 0.0 General Configuration Screen Subnet Mask Default GatewayTftp Gateway IP Addr Device Time Operational ModeScreen Refresh Time Clear Nvram Agg ModeIP Fragmentation WebView Configuration Warning Screen, IP Address Setting the IP Address Configuration Warning Screen, Subnet Mask Setting the Subnet Mask Setting the Tftp Gateway IP Address Setting the Default Gateway Setting the Device Date Setting the Module Name Entering a New Screen Refresh Time Setting the Device TimeSetting the Screen Lockout Time Configuring the COM Port COM Port Warning Changing the COM Port Application UPS Clearing Nvram Clear Nvram Warning Enabling/Disabling IP Fragmentation Snmp Configuration Menu Screen Snmp Configuration Menu Screen Snmp Community Names Configuration Screen Snmp Community Names Configuration Screen Establishing Community Names Snmp Traps Configuration Screen Snmp Traps Configuration Screen Enable Traps Configuring the Trap TableTrap Destination Trap Community 10 Access Control List Screen Access Control List Screen IP Addr Access Control Lists Mask Entering IP AddressesEntering Single Addresses Entering Ranges of Addresses Enable/Disable ACL XX KB System Resources Information Screen Setting the Reset Peak Switch Utilization Flash Download Configuration Screen 12 Flash Download Configuration Screen Flash Download Configuration Screen Field Descriptions Download Reboot AfterDownload Server IP Download File Configuration File Download Using Tftp Image File Download Using Runtime Configuration File Upload Using Tftp 36Device Configuration Menu Screens Port Configuration Menu Screens Port Configuration Menu Screen in Agg Mode, Huntgroup Port Configuration Menu Screen Interface EthernetHSIM/VHSIM Redirect Ethernet Interface Configuration Screen Port Type Intf Link ConfigSpeed Duplex HDX FC Ethernet Port Configuration Screen Refer to -3for a functional description of each screen field Default Duplex Default SpeedInterface Physical Port 10Port Configuration Menu Screens Control Full Duplex FlowHalf Duplex Flow Save to ALL Setting the Advertised Ability Selecting Field Settings Configuration Menu HSIM/VHSIM Configuration ScreenRedirect Configuration Menu Screen Redirect Configuration Menu Screen Port Redirect Configuration Screen Destination Port Source Port Frame Format Redirect ErrorsSource Port n Status Changing Source and Destination Ports Vlan Redirect Configuration Screen Vlan Redirect Configuration Screen Source Vlan n Source Vlan Changing Source Vlan and Destination Ports Aggregation Menu Usage Notes Definitions to Know Rapid Reconfiguration Spanning Tree Link Aggregation 802.3ad Main Menu Screen Aggregator 1 802.3ad Port Screen When to Use 802.3ad Port Screen Aggregator Viewing and Editing 802.3ad Port ParametersOperKey MUX 10 802.3ad Port Details Screen 1.1 802.3ad Port Details Screen When to Use Port Instance ActorSystemPriority PartnerAdminSysID ActorOperState PartnerOperState Stats Displaying Port StatisticsLagid 11 802.3ad Port Statistics Screen 1.2 802.3ad Port Statistics Screen When to Use IllegalRx LACPDUsRxMarkerPDUsRx LACPDUsTx ActorChurnState LastRxTimedeltaPartnerChurnState ActorChurnCount 12 802.3ad Aggregator Screen 2 802.3ad Aggregator Screen When to Use Displaying Aggregator Details Viewing and Editing 802.3ad Aggregator ParametersAggInst SysPri 13 802.3ad Aggregator Details Screen 2.1 802.3ad Aggregator Details Screen When to Use Partner Instance 14 802.3ad System Screen 3 802.3ad System Screen When to Use System Identifier Broadcast Suppression Configuration ScreenNumber of Ports Number Total RX Port # Setting the Reset Peak Setting the Threshold Configuration Menu Screens 802.1 Configuration Menu Screen 802.1 Configuration Menu Screen 802.1p Spanning Tree802.1Q Vlan Tree Configuration Menu Spanning Tree Configuration Menu Screen Spanning Tree Configuration Screen AgeTime Vlan Configured Current STP ModePriority Operation Configuring a Vlan Spanning Tree Spanning Tree Port Configuration Screen Spanning Tree Port Configuration Screen STP Vlan ID Switch AddressAge Time Viewing Status of Spanning Tree Ports Enabling/Disabling the Default Spanning Tree PortsPvst Port Configuration Screen Port Designated CorrespondingPort Designated Root Port Designated Cost Port PriorityPort State Port Designated PortPage Vlan Configuration Menu 802.1Q Vlan Configuration Menu Screens Summary of Vlan Local Management Preparing for Vlan Configuration 802.1Q Vlan Configuration Menu Screen 802.1Q Vlan Configuration Menu Screen Vlan Port Static VlanCurrent Vlan Classification Static Vlan Configuration Screen FDB ID Vlan ID Vlan Name Creating a Static VlanADD DEL Marked Renaming a Static Vlan Displaying the Current Static Vlan Port Egress List Paging Through the Vlan List Deleting a Static Vlan Static Vlan Egress Configuration Screen Static Vlan Egress Configuration Screen Egress Setting the Same Egress Type on All Ports Simultaneously Setting Egress Types on PortsSetting the Egress Type on One or More Ports Individually Displaying the Next Group of Ports Current Vlan Configuration Screen Read-Only An example of a dynamic Vlan is a Gvrp Vlan Vlan Type Current Vlan Egress Configuration Screen Current Vlan Egress Configuration Screen Vlan Port Configuration Screen Override is Policy Pvid Pvid Configuring the Vlan Ports Changing the Port Mode Admit Tagged Frames only Vlan Classification Configuration Screen VID VID Description ClassificationDEL ALL/DEL Marked 0x0000 0x00000000 000000.000.000.000 Tftp Http DNS Smtp Src TCP Port FTP Data 00-00-00-00-00-00 Nlsp IPX WAN Custom Classification Precedence Rules Layer Classification Precedence Displaying the Current Classification Rule Assignments Example Assigning a Classification to a VID Deleting Line Items Protocol Port Configuration ScreenDeleting All Classification Rules Deleting One or More Classification Rules Protocol Port Configuration Screen Classify Classification RuleField Assigning One or More Ports Individually Assigning Ports to a VID/ClassificationAssigning All Ports Simultaneously SET Ports to Assigning VID/Classification to Port Vlan Lists Screen Navigation Paths 802.1p Configuration Menu Port Priority Configuration 802.1p Configuration Menu Screen When to Use Traffic Class Port PriorityTransmit Queues Port Priority Configuration Screen Port Priority Configuration Screen Set Setting Switch Port Priority Port-by-PortPolicy Override Traffic Class Information Screen Setting Switch Port Priority on All Ports Traffic Class Information Screen Traffic Class Information Screen Field Descriptions Traffic Class Configuration Screen Traffic Class Configuration Screen Save Assigning the Traffic Class to Port PriorityTraffic Class Transmit Queues Configuration Screen Transmit Queues Configuration Screen Current Queueing Weights Q0, Q1Mode Q2, Q3 Setting the Current Queueing Mode Priority Classification Configuration Screen PID PID 18802.1p Configuration Menu Screens No Change TOS=PID Custom TCP No Change TOS=PID Custom Dest IP Address Mask New IP TOS Tftp Src TCP Port New IP TOS FTP Data IP Fragments New IP TOS IP Fragments2 Start End New IP TOS 00000 Dest TCP Port Start End New IP TOS 00000 SAP 28802.1p Configuration Menu Screens About the IP TOS Rewrite Function Layer Assigning a Classification to a PID Displaying the Current PID/Classification Assignments Deleting One or More Line Items Deleting PID/Classification/Description Line ItemsDeleting All Line Items Protocol Port Configuration Screen See which ports are set to the PID/Classification indicated Assigning Ports to a PID/Classification Solving the Problem Switch Rate Limiting Configuration Screen Maximum Priority List Port Number Modifiable Port Type Feature Direction Configuring a Port 42802.1p Configuration Menu Screens Changing One or More Line Items Changing/Deleting Port Line Items More About Rate Limiting Rate Limiting Configuration Screen Page Layer 3 Extensions Menu Screen Layer 3 Extensions Menu Screens Layer 3 Extensions Menu Screen IGMP/VLAN IGMP/VLAN Configuration Screen 120 Igmp Version Query Response Query IntervalRobustness Last Member Query McastMartPoolSize Switch Query IPQuerier Address Querier Uptime Igmp State IGMP/VLAN Configuration ProcedurePage Device Statistics Menu Screen Device Statistics Menu Screens Lists the number of frames received, transmitted, filtered, Rmon Switch Statistics Screen Frames Fltrd Frames RcvdFrames Txmtd Frames Frwded Interface Statistics Screen Interface Statistics Screen InOctets OutErrors InErrorsInUnicast InNonUnicast MTU Displaying Interface Statistics Rmon Statistics Screen Rmon Statistics Screen Rmon Index CRC Align ErrorsData Source Owner Fragments Oversized PktsJabbers Total Packets Index nn Displaying Rmon Statistics1024 1518 Octets Network Tools Screens Screen ExampleNetwork Tools Help Screen Refer to -1for a list of the commands Alias Command Alias Stats Examples Arp-a Arp Arplearn Syntax Bridge ENABLE/DISABLE IFNUM/ALL OptionsBridge Syntax Arplearn normal limited status Options Defroute Syntax Cdp enable/disable/status OptionsCdp Vid DynamicegressSyntax dynamicegress action vid Options action Syntax Enable Group Disable Group Trap #ALL Commands for Listing Events Gigabitportmode Syntax igmpv3drop enable disable statusIgmpv3drop Syntax gigabitportmode active redundant status Lgframeadmin Syntax loopbackdetect enable disable state Syntax linktrap enable/disable/status PORT/allLinktrap Loopbackdetect Syntax maclock show port# all Maclock Maclock set disable port# all global Syntax Maclock set enable port# all globalMaclock set macaddress port# all create enable disable Maclock set trap port# all enable disable Maclock show Stations Netstat Maclock set enable global Syntax nonbridgeifnum 0 9999 status Nonbridgeifnum Ping PassiveStp Syntax policy show profile profileindex PolicyPolicy show port portnumberorrangeorall Policy set port portnumberorrangeorall profileindex Policy show port Examples Contiued Radius 11-24Network Tools Screens Radius client Character string for the shared secret code. For security Examples Cont’d Syntax ratelimitmode status highrange default lowrangeRatelimitmode Syntax reset Options None Example -reset Reset Syntax Satsize 8 16 status Options SatsizeShow Show Appletalk interfaces Syntax softreset Options None SoftresetStpEdgePort Syntax stpEdgePort status Syntax StpForceVersion 0 2 status Options StpForceVersion StpLegacyPathCost Syntax stpLegacyPathCost enable disable statusRecommended Value StpPointToPointMAC StpRealTimeMsgAge Syntax stpRealTimeMsgAge enable disable statusStpPort Suppresstopologytraps Syntax Suppresstopologytraps enable disable OptionsTelnet Syntax Telnet IP address Port # Options Timedreset TimedsoftresetSyntax timedsoftreset status t seconds resetnv dontresetnv Syntax timedreset status t seconds resetnv dontresetnv Syntax Traceroute IP address Options Traceroute VrrpPort EXAMPLE, Effects of Aging Time on Dynamic Egress Options None Example -done Done, quit, exit Vlan Operation and Network Applications Example of a Vlan Defining VLANs Other Vlan Strategies Types of VLANs12.2.1 802.1Q VLANs Ingress Benefits and RestrictionsVlan Terms Filtering Database Default VlanIdentifier FDB ID Tagged Frame Garp Garp Vlan QcstpGvrp Gmrp Vlan Operation Configuration Process Defining a Vlan Vlan Switch OperationClassifying Frames to a Vlan Customizing the Vlan Forwarding List FID Untagged Frames Receiving Frames from Vlan PortsTagged Frames Forwarding Decisions Known Unicasts Vlan ConfigurationManaging the Switch Switch with VLANs Switch Without VLANs Switch Management with VLANs 12-14VLAN Operation and Network Applications 3069162 Assigning a Vlan ID and Vlan Name Quick Vlan Walkthrough Assigning Ports to the Vlan Egress list Walkthrough Stage One, Static Vlan Configuration Screen Walkthrough Stage Two, Port 3 Egress Setting Walkthrough Stage Three, Port 10 Egress Setting Configuring the Port Parameters Walkthrough Stage Four, Vlan Port Configuration Examples Example 1, Single Switch Operation For the Red Vlan Frame Handling 11 Switch Configured for VLANs Example 2, VLANs Across Multiple Switches Redco Blue Industries 12-26VLAN Operation and Network Applications Switch 12-28VLAN Operation and Network Applications Redco Blue Industries User a Blue Industries Redco 15 Transmitting to Bridge Switches 1 Finance Department Example 5, Using Dynamic Egress to Control Traffic PCs 00.00.00.00.00.0A Switch SET ALL Ports no Vlan Operation and Network Applications Page Generic Attribute Registration Protocol Garp HOW IT Works About Igmp Supported Features and Functions Detecting Multicast Routers Page Numerics Index Index-2 Index-3 Index-4 Index-5 Index-6 Index-7 Index-8 Index-9 Index-10 Index-11