Manuals / Planet Technology / Computer Equipment / Switch

Planet Technology WGSW-24040R, SGSW-24040R user manual Death, Icmp DoS Smurf

Models: SGSW-24040R WGSW-24040R

1 308

Download 308 pages 62.4 Kb

Page 176

User’s Manual of WGSW-24040 / WGSW-24040R

SGSW-24040 / SGSW-24040R

packet of destination unreachable to the spoofed source address. Eventually leading it to be unreachable by other clients and the system will go down.

•ICMP DoS - Ping of A malicious attacker sending a malformed ICMP request packet larger than the

Death	65,536 bytes to the target system. Some target systems cannot handle the
	packet larger than the maximum IP packet size, which often causes target
	system froze, crashed or rebooted.

• ICMP DoS - Smurf	A malicious attacker sending a malformed ICMP request packet with broadcast
	destination addresses to the target system. After receiving the packet, all
	reachable hosts send an ICMP echo reply packet back to the spoofed source
	address. Thus, the target host will suffer from a larger amount of traffic
	generated.

4.11.3.6 Set up DoS Attack Detection Rules

According to your decision on the previous page, this wizard will create specific ACEs (Access Control Entries) automatically. First select the ingress port for the ACEs, and then select the action, rate limiter ID, logging and shutdown.

Different parameter options are displayed depending on the frame type that you selected.

Figure 4-11-11Set up DoS Attack Detection Rules page screenshot

The page includes the following fields:

176

Image 176

Planet Technology WGSW-24040R, SGSW-24040R user manual Death, Icmp DoS Smurf

Contents

User’s Manual Trademarks DisclaimerFCC Warning CE Mark Warning Weee WarningTable of Conetnts 5.1 105 118132 140159 181185 187208 212244 229237 265 251257 272 277282 287290 293295 297Packet Contents Product DescriptionHigh Performance How to Use This Manual Product Features High-performance 5GbE Stacking interface ¾ Layer 2 Features¾ Physical Port 24-Port 10/100/1000Base-T Gigabit Ethernet RJ-45¾ Multicast ¾ Security¾ Management ¾ StackingProduct Specification Hardware SpecificationTraffic classification based, Strict priority and WRR Switch Front Panel Hardware DescriptionGigabit TP interface Gigabit SFP slotsReset button About 1~3 secondStack ID Master LEDLED Indications Off To indicate that the SFP port is link down 1000Base-SX/LX SFP interfaces Shared Port-21~Port-24Speed 1000Mbps Switch Rear Panel 5Rear panel of WGSW-24040Cascade UP AC Power ReceptacleStack ports DC Power Connector 9SGSW-24040 / SGSW-24040R Stack PortsInstall the Switch Desktop InstallationSupply power to the Managed Switch Rack MountingInstalling the SFP transceiver 13Plug-in the SFP transceiver„ Remove the transceiver module „ Approved Planet SFP Transceivers„ Connect the fiber cable Page Connecting DC Power Supply WGSW-24040R / SGSW-24040R Power switch in the OFF position and the DC power is OFFStack Installation SGSW-24040 / SGSW-24040RConnecting Stacking cable Management StackingStack ID Master LED 21Separated Stack connection Requirements This chapter covers the following topicsMethod Advantages Disadvantages Management Access OverviewAdministration Console Direct Access „ 115200 bps „ 8 data bits „ No parity „ 1 stop bit4Web main screen of Managed Switch Web ManagementVirtual Terminal Protocols SNMP-Based Network ManagementProtocols Snmp Protocol Management ArchitectureWEB Configuration About Web-based Management„ Logging on the switch Http//192.168.0.100Page Main WEB Panel DisplayState RJ-45 Ports SFP Ports Stack Ports5WGSW/SGSW Managed Switch Main Funcrions Menu Main MenuIP Configuration SystemSystem Information Page IP Configuration User Authentication Old PasswordNew Password PasswordSntp Configuration WEB Firmware Upgrade Click System Web Firmware UpgradeTftp Firmware Upgrade Upgrade buttonClick System -TFTP Firmware Upgrade Tftp Server IP8TFTP Firmware upgrade pop-up message Configuration Save „ Configuration DownloadConfiguration Upload „ Configuration UploadPage Factory Default System Reboot „ Example 1 Save Current Configuration setting 18Set Start-up screenshot„ Example 2 Downloading System Software from a Server 19Download system software screenshot„ Example 3 Downloading Configuration Settings from a Server „ Example 4 Saving or Restoring Configuration Settings Snmp System Configuration Simple Network Management ProtocolSnmp Overview Snmp OperationsMode VersionRead Community Write CommunitySnmp System Information Configuration Snmp Trap ConfigurationSystem Contact System NameTrap Mode Trap VersionTrap Community Trap DestinationSNMPv3 Configuration SNMPv3 Accesses ConfigurationDelete Group NameSNMPv3 Communities Configuration Security ModelSecurity Level Read View NameSNMPv3 Groups Configuration Security NameSNMPv3 Users Configuration AuthenticationUser Name ProtocolSNMPv3 Views Configuration Privacy PasswordPrivacy Protocol View NameOID Subtree „ Example Add a new SNMPv3 userView Type „ Example Add a new SNMPv3 Group 9SNMPv3 Users-NEW page screenshot11SNMPv3 Groups-NEW page screenshot Port Configuration Port ManagementPower Control PortLink Flow ControlPort Statistics Overview 2Port Statistics Overview page screenshotDetailed Port Statistics Receive Error Counters Receive Total and Transmit TotalReceive and Transmit Size Counters Receive and Transmit Queue CountersTx Drops Port Mirroring ConfigurationTransmit Error Counters Mirror Port Configuration Port to mirror to„ Sgsw Stackable Switch 6Port Mirror Configuration page screenshotLink Aggregation 1Link AggregationPage Static Aggregation Configuration Static Aggregation Group ConfigurationHash Code Contributors Destination MACPort Members LocalityGroup ID Lacp Configuration Lacp EnabledKey RoleLacp System Status Lacp Port StatusLacp Partner PortLacp statistics Lacp TransmittedLacp Received DiscardedVlan Vlan OverviewIeee 802.1Q Vlan Ieee 802.1Q Standard802.1Q Vlan Tags Port Vlan ID Vlan Classification ObjectDescription Vlan Mode Vlan Basic InformationSupported VLANs VLANs Vlan LearningVlan Port Configuration Understand nomenclature of the SwitchThis is the logical port number for this row PvidIn-Q Mode Link TypeEther type Port Vlan IDVlan ID Vlan Membership Configuration„ Adding Static Members to VLANs Vlan Index Private Vlan Configuration Overview„ Promiscuous ports „ Isolated portsPromiscuous Pvlan Port TypeIsolated Rapid Spanning Tree Protocol Bridge Protocol Data UnitsPort transitions from one state to another as follows Creating a Stable STP TopologySTP Port States Configurable Except by setting prioritySTP Parameters STP Operation Levels BelowMaximum Age Timer Forward Delay TimerVariable Description Default Value Port Priority Default Spanning-Tree Configuration Feature Default ValueIllustration of STP 110 Rstp System Configuration Forward DelaySystem Priority Max AgeRstp Bridge Status Path Cost Rstp Port ConfigurationRstp Enabled Point2Point PriorityEdge Port Type Link Type Ieee 802.1w-2001 Ethernet Rstp Port Status Rstp Port Statistics RstpSTP TCNQoS Terminology Quality of ServiceUnderstand QOS QoS Control List Configuration QCL #QCE Type Frame.The following QCE types are supportedTraffic Class QoS Control Entry ConfigurationType Value Port QoS Configuration Default Class Queuing ModeQueue Weighted User PriorityApplication Rules QCL Configuration WizardSet up Policy Rules Includes the folling fileds Object Description QCL IDFrames that hit this QCE are set to match this specific QCL Port in a QCL member, click the radio buttonGames Set up Typical Network Application RulesAudio and Video Select the QCL ID to which these QCEs apply User DefinitionButtons Set up ToS Precedence Mapping Set up Vlan Tag Priority Mapping QoS Statistics Bandwidth Control Storm Control Configuration Frame TypeStatus RateAbout the Internet Group Management Protocol Igmp Snooping MulticastIgmp Snooping 133 0x12 Igmp Versions 10x17 Idle Member „ Igmp QuerierIgmp Snooping Configuration Flooding enabledEnabled Igmp Querier Igmp SnoopingFast Leave Igmp Port Related ConfigurationRouter Port Vlan ID of the entry Igmp Snooping StatusObject Description Multicast Address Table Overview of MAC-Based Authentication Ieee 802.1X Network Access ControlOverview of 802.1X Port-Based Authentication Understanding Ieee 802.1X Port-Based Authentication „ Device Roles„ Authentication Initiation and Message Exchange 10-2EAP message exchange „ Ports in Authorized and Unauthorized StatesRadius Secret 10.2 802.1X System ConfigurationRadius IP Reauthentication EnabledEAP Timeout Period10.3 802.1X and MAC-Based Authentication Port Configuration Port State Max ClientsRestart 10.4 802.1X Port Status StateLast Source Last ID10.5 802.1X and MAC-Based Authentication Statistics 10-6802.1X Statistics Port 1 page screenshotEapol Counters Direction Name Ieee Name DescriptionRadius Counters Direction Name Ieee Name Description Port-basedMAC-based Port- and MAC-based„ Last Supplicant/Client Info MAC-basedWindows Platform Radius Server Configuration 155 10.7 802.1X Client Configuration „ Configure Sample EAP-MD5 Authentication157 158 Ingress Port Access Control ListsAccess Control List Configuration Action Rate LimiterPort Copy LoggingACE Configuration Switch„ MAC Parameters „ Vlan ParametersSmac Filter Dmac Filter„ ARP Parameters ARP/ Rarp„ IP Parameters IP/Ethernet LengthEthernet IP Protocol FilterIP TTL „ Icmp Parameters „ TCP/UDP ParametersTCP FIN TCP SYNTCP PSH TCP ACKEtherType Filter ACL Configuration wizard„ Ethernet Type Parameters Policy 5 for guest ports Internet access only 11-3Set up Policy Rules page screenshotSet up Port Policies Policy IDCommon Servers Instant MessagingMSN Messenger Google Talk Yahoo Messenger Ethernet TypeSnmp Traps NetBIOS Ping Request Ping ReplyOthers 173 Source IP Address Set up Source MAC and Source IP BindingBinding Enabled Set up DoS Attack Detection Rules UDP DoS FraggleDeath Icmp DoS SmurfSwitch n Port nPolicy n DenyACL Rate Limiter Configuration Rate Limiter ID16K 32K 64K 128K 512KACL Ports Configuration 180 MAC Address Table Configuration Aging ConfigurationRange 10-10000000 seconds Default 300 seconds Address TableStatic MAC Table Configuration MAC Address Table Status Dynamic MAC TableNavigating the MAC Table MAC Table Columns184 Disable MAC Table LearningAuto Secure186 Lldp Link Layer Discovery ProtocolTx Interval Lldp Configuration„ Lldp Parameters „ 4.14.2.2 Lldp Port Configuration Tx DelayTx Hold Tx ReinitPort Descr Sys NameSys Descr Sys CapaLldp Neighbor Lldp Statistics „ Global CountersLocal Counters Cable Status Cable DiagnosticsNetwork Diagnastics Ping Size PingDestination IP Address Stacking SGSW-24040 / SGSW-24040R „ Ring topology „ Chain topology same as a disconnected ring197 Switch IDs „ Assigning and Swapping Switch IDs„ Removing a Switch From the Stack „ Replacing a SwitchStack Redundancy „ General Switch ID Assignment RulesMaster Election Shortest Path Forwarding Utilize all stack links in the ringStack Configuration Master Switch Stack Information„ Stack Topology „ Stack List„ Master Forwarding Table Stack Port State Ovewview 16-10Port State Overview page screenshot„ Identify the Master Switch Stack Example206 207 Accessing the CLI Logon to the ConsoleConfigure IP address „ Configure IP addressSwitch/ ip setup 192.168.1.100 255.255.255.0 Subnet Mask GatewayTelnet login System Command Command GroupsSystem Configuration SyntaxExample System RebootSystem Restore Default System Prompt Default SettingSystem Name System Password System SntpSystem Timezone System Firmware Load217 Parameters IP ConfigurationSyntax IP Setup IP Ping220 Port State Port Management CommandPort Configuration Port Mode Port Flow ControlPort Maximum Frame Port Power Port ExcessivePort Statistics Port VeriPHYPort Numbers Mirror SID Mirror ConfigurationMirror Port Mirror Mode Link Aggregation Command Aggregation ConfigurationAggregation Add Parameters portlist Port listAggregation Delete Aggregation LookupAggregation Mode Lacp Configuration Lacp Mode Lacp KeyLacp Role Lacp StatusLacp Statistics 236 Vlan Mode Vlan Configuration CommandVlan Configuration Tagged Allow tagged frames only Vlan Frame TypeAll Vlan Ingress Filter Vlan Link TypeMan Set out layer Vlan tag ether type MAN Vlan Q-in-Q ModeVlan Ethernet Type Vlan Add Vlan DeleteVlan Lookup Pvlan Configuration Pvlan IsolateRstp SysPrio Spanning Tree Protocol CommandRstp Configuration Rstp Delay Rstp AgeRstp Version Rstp ModeNormal Rstp Default Setting Rstp Cost Rstp PriorityRstp Edge Rstp P2PRstp Status Rstp Statistics Rstp mCheckIgmp Mode Multicast Configuration CommandIgmp Configuration Igmp State Igmp Querier Igmp Fast LeaveIgmp Router Igmp Status Igmp FloodingIgmp Groups 256 Quality of Service Command QoS ConfigurationQoS Default QoS ClassesQoS Tag Priority QoS QCL PortQclid QCL ID Default Setting QoS QCL AddParameters Qclid QceidQoS QCL Delete QoS QCL LookupQoS Rate Limiter QoS ModeQoS Weight QoS Shaper QoS Unicast QoS MulticastQoS Broadcast Dotx1 Mode 802.1x Port Access Control CommandDot1x Configuration Dot1x Status Dot1x ServerDot1x Authenticate Dot1x SecretDot1x Re-authentication Dot1x PeriodDot1x Timeout Dot1x StatisticsParameters Portlist Dot1x ClientsDot1x Agetime Dot1x Holdtime ACL Action Access Control List CommandACL Configuration ACL Policy ACL RateACL Add ACL Delete ACL Lookup Mac Add MAC Address Table CommandMAC Configuration MAC Delete MAC LookupMAC Age Time MAC LearningMAC Dump MAC StatisticsMAC Flash Lldp Mode Lldp CommandLldp Configuration Lldp Optional TLV Lldp IntervalLldp Delay Lldp HoldLldp Reinit Lldp InformationLldp Statistics Stack Master Reelect Stack Management CommandStack List Stack SID Delect Stack SelectStack SID Swap Stack SID Asign Store-and-Forward LearningForwarding & Filtering Auto-Negotiation If attached device is 100Base-TX port will set to292 Link LED is not lit Solution Performance is bad SolutionWhy the Switch doesnt connect to the network Solution Switch does not power up SolutionStacking not functioning Solution „ While IP Address be changed or forgotten admin password10/100Mbps, 10/100Base-TX Switchs RJ-45 Pin AssignmentsRJ-45 Connector pin assignment Contact = Brown Straight Cable= Brown Straight Cable ACE ACLAggregation ARPDES DhcpDNS DoSDscp Ethernet TypeFTP HttpIcmp IeeeIgmp ImapMAC Table IpmcLldp NetBIOS MD5Mirroring NFSPing PolicerPOP3 Private VlanQCL QoSRarp SambaSHA SmtpSnmp SntpTCP TelnetTftp ToSUDP 308