Switch | Enterasys Networks 2H252, 2E253, 2H253, 2H258 instruction

Example 5, Using Dynamic Egress to Control Traffic

12.15.1 Solving the Problem

In this example, Switch 1 (S1) has already been configured and is operating.

To isolate the Finance Department traffic, Subnet 28 will be isolated from the Engineering Department subnet 50 and other users on the company’s network (123.123.xx.xx).

The following covers only those steps needed to configure the switch to solve the problem.

Switch 1

To isolate the network traffic of the Finance Department to the users on the Finance VLAN (20), which are on subnet 28, S1 will be configured as follows using the VLAN Classification Configuration screen:

•VID: 20

•Classification: Bil IP Address

•IP Address: 123.123.28.0

•Data Mask: 255.255.255.0

As a result of this setting, any frame with a source or destination IP address of 123.123.28.xx (where xx can be a value of 0 to 255) will be classified to the Finance VLAN (20) and will remain within subnet 28. Any frame from another network or subnet will not be allowed access to subnet 28 because of the datamask 255.255.255.0.

12.16 EXAMPLE 5, USING DYNAMIC EGRESS TO CONTROL TRAFFIC

In this simple example (Figure 12-18), assume that there are four ports on the SmartSwitch device attached to PCs supporting both protocols AppleTalk (809B and 80F3) and IP. Two PCs support IP only. The AppleTalk frame traffic is to be contained so only the users running the AppleTalk protocol can communicate with each other and not flood the network with AppleTalk frames. However, all users are to have access to a web server connected to port 7.

12-34VLAN Operation and Network Applications

Image 366

Enterasys Networks 2H252, 2E253, 2H253, 2H258 manual Switch, Example 5, Using Dynamic Egress to Control Traffic

Contents

SmartSwitch 2200 Series Page Page Enterasys NETWORKS, INC Program License Agreement Page Page Contents Device Configuration Menu Screens Port Configuration Menu Screens Configuration Menu Screens Layer 3 Extensions Menu Screens Network Tools Screens Generic Attribute Registration Protocol Garp Figures Xiii Xiv Tables Xvi Tables Using this Guide About This Guide Structure of this Guide Xix Related Documents Document Conventions Typographical and Keystroke Conventions Bold typePage Introduction Overview Management Agent In-Band vs. Out-of-Band Navigating Local Management ScreensLocal Management Requirements Local Management Screen Elements None Defined Input Fields Event Message FieldDisplay Fields Selection Fields Command Fields Local Management Keyboard Conventions Getting Help Your email addressPage Management Terminal Setup Local Management Requirements 2H252-25R SmartSwitch device is shown in -1as an example Console Cable Connection Management Terminal Setup Parameters VT100ID Monitoring AN Uninterruptible Power Supply Telnet Connections DB9 Port RJ45 COM Port Page Accessing Local Management 802.1Q Switching Mode, LM Screen Hierarchy Selecting Local Management Menu Screen Items Using the Exit CommandUsing the Return Command Exiting Local Management Screens Password Screen Using the Next and Previous CommandsUsing the Clear Counters Command When to Use How to Access Screen Example Enter Device Menu Screen Screen Navigation Path Device ConfigurationMenu Descriptions Menu Network ToolsSecurity Cont’d Section Overview of Security Methods Host Access Control Authentication Haca Overview of Security Methods 14Accessing Local Management 2 802.1X Port Based Network Access Control Definitions of Terms and Abbreviations 2.2 802.1X Security Overview Authentication Method Sequence MAC Authentication OverviewAuthentication Method Selection Concurrent Operation of 802.1X and MAC Authentication MAC 20Accessing Local Management MAC Authentication Control Security Menu Screen Refer to -4for a functional description of each menu item Authentication PasswordsName Services Radius Passwords Screen Module Login Passwords Screen Switch Field Descriptions Setting the Module Login Password Radius Configuration Screen Timeout Retries Radius Client Last Resort Action/Local SelectableLast Resort Action/Remote Toggle IP Address Setting the Last Resort Authentication Setting the Local and Remote Servers Name Services Configuration Screen Name Services Configuration Screen Web Authentication Switch Name ModifiableName Services Secure Harbour IP System Authentication Configuration Screen System Authentication Configuration Screen System AuthenticationAuthenticated , or Unauthenticated Port # EAP Port Configuration Screen EAP Port Configuration Screen Port Authentication State Backend State Port Control Initialize Port Force ReauthMaximum Requests EAP Statistics Menu Screen 10 EAP Statistics Menu Screen Authenticator EAP DiagnosticEAP Session EAP Session Statistics Screen When to Use 11 EAP Session Statistics Screen SessionOctetsRx Authenticate Server or a local Authentication Server MethodSessionID SessionOctetsTx Session User Name EAP Authenticator Statistics Screen When to UseClear Counters Command Port Number 12 EAP Authenticator Statistics Screen Clear Counters EAP Diagnostic Statistics Screen When to Use 13 EAP Diagnostic Statistics Screen Authenticating Enters ConnectingLogoffs Connecting Timeouts Backend Statistics Responses AuthenticatedAccess Challenges Other Requests To MAC Port Configuration Screen ClearCounters Port Enable 14 MAC Port Configuration Screen MAC Supplicant Configuration Screen SET ALL Ports Duration MAC Address Plicant Reauthenticate SupInitialize Supplicant False Device Configuration Menu Screens Device Configuration Menu Screen General Configuration Resources GeneralSnmp Information General Configuration Screen 0.0 Tftp Gateway IP Default GatewaySubnet Mask Addr Screen Refresh Operational ModeDevice Time Time IP Fragmentation Agg ModeClear Nvram WebView Setting the IP Address Configuration Warning Screen, IP Address Setting the Subnet Mask Configuration Warning Screen, Subnet Mask Setting the Default Gateway Setting the Tftp Gateway IP Address Setting the Module Name Setting the Device Date Setting the Device Time Setting the Screen Lockout TimeEntering a New Screen Refresh Time Configuring the COM Port Changing the COM Port Application COM Port Warning Clearing Nvram UPS Enabling/Disabling IP Fragmentation Clear Nvram Warning Snmp Configuration Menu Screen Snmp Configuration Menu Screen Snmp Community Names Configuration Screen Snmp Community Names Configuration Screen Establishing Community Names Snmp Traps Configuration Screen Snmp Traps Configuration Screen Trap Destination Configuring the Trap TableEnable Traps Trap Community Access Control List Screen 10 Access Control List Screen Access Control Lists IP Addr Entering IP Addresses Entering Single AddressesMask Entering Ranges of Addresses Enable/Disable ACL System Resources Information Screen XX KB Setting the Reset Peak Switch Utilization Flash Download Configuration Screen 12 Flash Download Configuration Screen Flash Download Configuration Screen Field Descriptions Download Server IP Reboot AfterDownload Download File Image File Download Using Runtime Configuration File Download Using Tftp Configuration File Upload Using Tftp 36Device Configuration Menu Screens Port Configuration Menu Screens Port Configuration Menu Screen Port Configuration Menu Screen in Agg Mode, Huntgroup HSIM/VHSIM EthernetInterface Redirect Ethernet Interface Configuration Screen Intf Port Type Speed ConfigLink Duplex Ethernet Port Configuration Screen HDX FC Refer to -3for a functional description of each screen field Interface Default SpeedDefault Duplex Physical Port 10Port Configuration Menu Screens Half Duplex Flow Full Duplex FlowControl Save to ALL Selecting Field Settings Setting the Advertised Ability HSIM/VHSIM Configuration Screen Redirect Configuration Menu ScreenConfiguration Menu Redirect Configuration Menu Screen Port Redirect Configuration Screen Source Port Destination Port Source Port n Redirect ErrorsFrame Format Status Changing Source and Destination Ports Vlan Redirect Configuration Screen Vlan Redirect Configuration Screen Source Vlan Source Vlan n Changing Source Vlan and Destination Ports Usage Notes Aggregation Menu Rapid Reconfiguration Spanning Tree Definitions to Know Link Aggregation 802.3ad Main Menu Screen 1 802.3ad Port Screen When to Use Aggregator 802.3ad Port Screen OperKey Viewing and Editing 802.3ad Port ParametersAggregator MUX 1.1 802.3ad Port Details Screen When to Use 10 802.3ad Port Details Screen ActorSystemPriority Port Instance PartnerAdminSysID ActorOperState PartnerOperState Displaying Port Statistics LagidStats 1.2 802.3ad Port Statistics Screen When to Use 11 802.3ad Port Statistics Screen MarkerPDUsRx LACPDUsRxIllegalRx LACPDUsTx PartnerChurnState LastRxTimedeltaActorChurnState ActorChurnCount 2 802.3ad Aggregator Screen When to Use 12 802.3ad Aggregator Screen AggInst Viewing and Editing 802.3ad Aggregator ParametersDisplaying Aggregator Details SysPri 2.1 802.3ad Aggregator Details Screen When to Use 13 802.3ad Aggregator Details Screen Instance Partner 3 802.3ad System Screen When to Use 14 802.3ad System Screen Number of Ports Broadcast Suppression Configuration ScreenSystem Identifier Number Port # Total RX Setting the Threshold Setting the Reset Peak Configuration Menu Screens 802.1 Configuration Menu Screen 802.1 Configuration Menu Screen Spanning Tree 802.1Q Vlan802.1p Spanning Tree Configuration Menu Screen Tree Configuration Menu Spanning Tree Configuration Screen Vlan AgeTime Priority Current STP ModeConfigured Operation Configuring a Vlan Spanning Tree Spanning Tree Port Configuration Screen Spanning Tree Port Configuration Screen Switch Address Age TimeSTP Vlan ID Enabling/Disabling the Default Spanning Tree Ports Pvst Port Configuration ScreenViewing Status of Spanning Tree Ports Corresponding Port Designated RootPort Designated Port State Port PriorityPort Designated Cost Port Designated PortPage 802.1Q Vlan Configuration Menu Screens Vlan Configuration Menu Preparing for Vlan Configuration Summary of Vlan Local Management 802.1Q Vlan Configuration Menu Screen 802.1Q Vlan Configuration Menu Screen Static Vlan Current VlanVlan Port Static Vlan Configuration Screen Classification Vlan ID FDB ID ADD Creating a Static VlanVlan Name DEL Marked Displaying the Current Static Vlan Port Egress List Renaming a Static Vlan Deleting a Static Vlan Paging Through the Vlan List Static Vlan Egress Configuration Screen Static Vlan Egress Configuration Screen Egress Setting Egress Types on Ports Setting the Egress Type on One or More Ports IndividuallySetting the Same Egress Type on All Ports Simultaneously Current Vlan Configuration Screen Displaying the Next Group of Ports Vlan Type Read-Only An example of a dynamic Vlan is a Gvrp Vlan Current Vlan Egress Configuration Screen Current Vlan Egress Configuration Screen Vlan Port Configuration Screen Policy Pvid Override is Pvid Changing the Port Mode Configuring the Vlan Ports Vlan Classification Configuration Screen Admit Tagged Frames only VID VID DEL ALL/DEL ClassificationDescription Marked 0x0000 000 000.000.000.0000x00000000 Tftp Http DNS Smtp Src TCP Port FTP Data Nlsp IPX WAN Custom 00-00-00-00-00-00 Classification Precedence Rules Layer Classification Precedence Example Displaying the Current Classification Rule Assignments Assigning a Classification to a VID Deleting All Classification Rules Protocol Port Configuration ScreenDeleting Line Items Deleting One or More Classification Rules Protocol Port Configuration Screen Classification Rule FieldClassify Assigning All Ports Simultaneously Assigning Ports to a VID/ClassificationAssigning One or More Ports Individually SET Ports to Assigning VID/Classification to Port Vlan Lists 802.1p Configuration Menu Screen Navigation Paths 802.1p Configuration Menu Screen When to Use Port Priority Configuration Transmit Port PriorityTraffic Class Queues Port Priority Configuration Screen Port Priority Configuration Screen Setting Switch Port Priority Port-by-Port Policy OverrideSet Setting Switch Port Priority on All Ports Traffic Class Information Screen Traffic Class Information Screen Traffic Class Information Screen Field Descriptions Traffic Class Configuration Screen Traffic Class Configuration Screen Assigning the Traffic Class to Port Priority Traffic ClassSave Transmit Queues Configuration Screen Transmit Queues Configuration Screen Mode Weights Q0, Q1Current Queueing Q2, Q3 Setting the Current Queueing Mode Priority Classification Configuration Screen PID PID 18802.1p Configuration Menu Screens No Change TOS=PID Custom TCP No Change TOS=PID Custom Dest IP Address Mask New IP TOS Tftp Src TCP Port New IP TOS FTP Data IP Fragments New IP TOS IP Fragments2 Start End New IP TOS 00000 Dest TCP Port Start End New IP TOS 00000 SAP 28802.1p Configuration Menu Screens Layer About the IP TOS Rewrite Function Displaying the Current PID/Classification Assignments Assigning a Classification to a PID Deleting PID/Classification/Description Line Items Deleting All Line ItemsDeleting One or More Line Items Protocol Port Configuration Screen See which ports are set to the PID/Classification indicated Assigning Ports to a PID/Classification Solving the Problem Switch Rate Limiting Configuration Screen Priority List Maximum Feature Port Number Modifiable Port Type Direction Configuring a Port 42802.1p Configuration Menu Screens Changing/Deleting Port Line Items Changing One or More Line Items More About Rate Limiting Rate Limiting Configuration Screen Page Layer 3 Extensions Menu Screens Layer 3 Extensions Menu Screen IGMP/VLAN Layer 3 Extensions Menu Screen IGMP/VLAN Configuration Screen Igmp Version 120 Robustness Query IntervalQuery Response Last Member Query Querier Address Switch Query IPMcastMartPoolSize Querier Uptime IGMP/VLAN Configuration Procedure Igmp StatePage Device Statistics Menu Screens Device Statistics Menu Screen Lists the number of frames received, transmitted, filtered, Switch Statistics Screen Rmon Frames Rcvd Frames TxmtdFrames Fltrd Interface Statistics Screen Frames Frwded InOctets Interface Statistics Screen InUnicast InErrorsOutErrors InNonUnicast Displaying Interface Statistics MTU Rmon Statistics Screen Rmon Statistics Screen Data Source CRC Align ErrorsRmon Index Owner Jabbers Oversized PktsFragments Total Packets Displaying Rmon Statistics 1024 1518 OctetsIndex nn Network Tools Screens Screen ExampleNetwork Tools Help Screen Refer to -1for a list of the commands Command Alias Examples Alias Stats Arp Arp-a Bridge Syntax Bridge ENABLE/DISABLE IFNUM/ALL OptionsArplearn Syntax Arplearn normal limited status Options Syntax Cdp enable/disable/status Options CdpDefroute Dynamicegress Syntax dynamicegress action vid Options actionVid Syntax Enable Group Disable Group Trap #ALL Commands for Listing Events Igmpv3drop Syntax igmpv3drop enable disable statusGigabitportmode Syntax gigabitportmode active redundant status Lgframeadmin Linktrap Syntax linktrap enable/disable/status PORT/allSyntax loopbackdetect enable disable state Loopbackdetect Maclock Syntax maclock show port# all Maclock set macaddress port# all create enable disable Syntax Maclock set enable port# all globalMaclock set disable port# all global Maclock set trap port# all enable disable Maclock show Stations Maclock set enable global Netstat Nonbridgeifnum Syntax nonbridgeifnum 0 9999 status PassiveStp Ping Policy show port portnumberorrangeorall PolicySyntax policy show profile profileindex Policy set port portnumberorrangeorall profileindex Examples Contiued Policy show port Radius 11-24Network Tools Screens Character string for the shared secret code. For security Radius client Syntax ratelimitmode status highrange default lowrange RatelimitmodeExamples Cont’d Reset Syntax reset Options None Example -reset Satsize ShowSyntax Satsize 8 16 status Options Show Appletalk interfaces StpEdgePort SoftresetSyntax softreset Options None Syntax stpEdgePort status StpForceVersion Syntax StpForceVersion 0 2 status Options Recommended Syntax stpLegacyPathCost enable disable statusStpLegacyPathCost Value StpPointToPointMAC Syntax stpRealTimeMsgAge enable disable status StpPortStpRealTimeMsgAge Telnet Syntax Suppresstopologytraps enable disable OptionsSuppresstopologytraps Syntax Telnet IP address Port # Options Syntax timedsoftreset status t seconds resetnv dontresetnv TimedsoftresetTimedreset Syntax timedreset status t seconds resetnv dontresetnv Traceroute Syntax Traceroute IP address Options VrrpPort EXAMPLE, Effects of Aging Time on Dynamic Egress Done, quit, exit Options None Example -done Vlan Operation and Network Applications Defining VLANs Example of a Vlan Types of VLANs 12.2.1 802.1Q VLANsOther Vlan Strategies Benefits and Restrictions Vlan TermsIngress Identifier FDB ID Default VlanFiltering Database Tagged Frame Gvrp QcstpGarp Garp Vlan Gmrp Configuration Process Vlan Operation Classifying Frames to a Vlan Vlan Switch OperationDefining a Vlan Customizing the Vlan Forwarding List FID Tagged Frames Receiving Frames from Vlan PortsUntagged Frames Forwarding Decisions Vlan Configuration Managing the SwitchKnown Unicasts Switch Without VLANs Switch with VLANs Switch Management with VLANs 12-14VLAN Operation and Network Applications 3069162 Quick Vlan Walkthrough Assigning a Vlan ID and Vlan Name Walkthrough Stage One, Static Vlan Configuration Screen Assigning Ports to the Vlan Egress list Walkthrough Stage Two, Port 3 Egress Setting Configuring the Port Parameters Walkthrough Stage Three, Port 10 Egress Setting Walkthrough Stage Four, Vlan Port Configuration Example 1, Single Switch Operation Examples For the Red Vlan 11 Switch Configured for VLANs Frame Handling Example 2, VLANs Across Multiple Switches Redco Blue Industries 12-26VLAN Operation and Network Applications Switch 12-28VLAN Operation and Network Applications Redco Blue Industries User a Blue Industries Redco 15 Transmitting to Bridge Switches 1 Finance Department Example 5, Using Dynamic Egress to Control Traffic PCs 00.00.00.00.00.0A Switch SET ALL Ports no Vlan Operation and Network Applications Page Generic Attribute Registration Protocol Garp HOW IT Works About Igmp Supported Features and Functions Detecting Multicast Routers Page Index Numerics Index-2 Index-3 Index-4 Index-5 Index-6 Index-7 Index-8 Index-9 Index-10 Index-11