Alcatel OS6602-48 Guia do Utilizador Página 526
- Página / 628
- Índice
- MARCADORES
Avaliado. / 5. Com base em avaliações de clientes
Using ACL Security Features Configuring ACLs
page 24-18 OmniSwitch 6600 Family Network Configuration Guide April 2005
Configuring a DisablePorts ACL
An additional method for dealing with spoofed IP traffic is to create a DisablePorts ACL that will adminis-
tratively disable ports that receive this type of traffic. To achieve this result, a policy action called
stringDisablePorts is available. Note that string represents text that the user enters as a required part of
the policy action and must be followed by DisablePorts (e.g., badDisablePorts).
Note the following when using the DisablePorts action:
• Only routed traffic is affected by this action.
• The DisablePorts action must be specified using the capitalization shown here and in the example ACL
below.
• A disposition is not required with DisablePorts because a drop action is implied and interpreted as a
disable port function.
• To restore disabled ports to enabled status, disconnect and reconnect the cable or use the
interfaces admin command to administratively enable the ports.
• This feature can be used with source IP addresses and source MAC addresses.
• A source IP address DisablePorts rule will disable a port that receives an IP packet that contains a
source IP address that does not match the rule or an ARP packet that contains a source protocol address
field that does not match the rule.
• A source MAC address DisablePorts rule will disable a port that receives an IP packet that contains a
source MAC address that does not match the rule.
• The DisablePorts action and the UserPorts port group are not mutually exclusive, both can be used
together in the same ACL.
Use the following steps to create a DisablePorts ACL that only allows traffic from a specific IP subnet on
specific source ports and disables those ports that receive traffic from other subnets. Two rules are
involved with this type of ACL: one rule denies all source IP addresses on certain ports and a second,
higher precedence rule only allows traffic from a specific subnet on those same ports.
1 Create a port group that identifies the ports to which the rule will apply. For example:
-> policy port group edgePorts 1/1-24 2/1-24
2 Create a condition that specifies all source IP addresses combined with a source port group that
contains the ports identified in Step 1. For example:
-> policy condition denyip source ip address 0.0.0.0 mask 0.0.0.0 source port
group edgePorts
3 Create another condition that specifies only IP addresses within a desired subnet combined with a
source port group that contains the ports identified in Step 1. For example:
-> policy condition allowip source ip address 198.18.1.0 mask 255.255.255.0
source port group edgePorts
4 Create a DisablePorts action with a string prefix, such as badDisablePorts, and an accept action. For
example:
-> policy action badDisablePorts
-> policy action PASS disposition accept
- OmniSwitch 6600 Family 1
- Network Configuration Guide 1
- Contents 10
- About This Guide 25
- Who Should Read this Manual? 26
- What is in this Manual? 26
- What is Not in this Manual? 27
- Documentation Roadmap 27
- CLI command 29
- Related Documentation 30
- User Manual CD 31
- Technical Support 31
- In This Chapter 33
- Ethernet Specifications 34
- Ethernet Port Defaults 35
- Ethernet Ports Overview 38
- OmniSwitch 6624 39
- OmniSwitch 6600-U24 39
- OmniSwitch 6600-P24 40
- 10/100 Crossover Supported 41
- Gigabit Copper SFPs Supported 41
- Valid Port Settings 42
- Setting Flow Control 46
- Setting Interface Line Speed 48
- Configuring Duplex Mode 49
- Resetting Statistics Counters 51
- Configuring Flood Rates 52
- Configuring a Port Alias 53
- Settings 54
- Enabling and Disabling Flow 55
- Fast Ethernet enter: 56
- 2 Managing Source 59
- Learning 59
- Source Learning Defaults 60
- MAC Address Table Overview 62
- Using Static MAC Addresses 62
- 3 Configuring Learned 67
- Port Security 67
- Understanding the LPS Table 72
- 4 Configuring VLANs 79
- VLAN Specifications 80
- VLAN Defaults 80
- Sample VLAN Configuration 81
- VLAN Management Overview 83
- Creating/Modifying VLANs 84
- -> vlan 255 stp disable 89
- -> vlan 755 stp enable 89
- Switch A 91
- Switch B Switch C 91
- 5 Configuring Spanning Tree 93
- Spanning Tree Specifications 94
- Spanning Tree Overview 96
- Topology Examples 99
- OmniSwitch 7700 100
- Spanning Tree Operating Modes 101
- Using 1x1 Spanning Tree Mode 102
- Selecting Bridge Protocol 106
- Configuring Port Priority 114
- Configuring Port Path Cost 115
- Configuring Port Mode 118
- Mode for Link Aggregate Ports 119
- Example Network Overview 121
- 6 Using 802.1s Multiple 125
- Spanning Tree 125
- MST Specifications 126
- MST Region Defaults 127
- MST General Overview 128
- OmniSwitch 7800 132
- MST Configuration Overview 134
- -> bridge protocol mstp 135
- Switch A Switch B 140
- 7 Assigning Ports 145
- Port Assignment Defaults 146
- Sample VLAN Port Assignment 147
- Mobile Tag Enabled 150
- Default VLAN 150
- OmniSwitch 151
- Dynamic VPA 151
- VLAN Rule Classification 152
- IP Network 130.0.0.0 154
- IP Network 138.0.0.0 154
- What is a Secondary VLAN? 157
- Enable/Disable Default VLAN 160
- Port Properties 163
- 8 Defining VLAN Rules 165
- VLAN Rules Specifications 166
- VLAN Rules Defaults 166
- VLAN Rules Overview 168
- DHCP Rules 169
- Binding Rules 170
- MAC Address Rules 170
- Network Address Rules 170
- Protocol Rules 170
- Custom (User Defined) Rules 171
- Port Rules 171
- Defining DHCP MAC Range Rules 177
- Defining DHCP Port Rules 177
- Defining DHCP Generic Rules 178
- Defining Binding Rules 178
- Defining MAC Address Rules 181
- Defining MAC Range Rules 182
- Defining Protocol Rules 184
- Defining Custom (User) Rules 185
- Defining Port Rules 185
- The VLANs 186
- DHCP Servers and Clients 186
- Servers 188
- Clients 188
- Configuration” on page 8-3 189
- 9 Using Interswitch 191
- Protocols 191
- AIP Specifications 192
- AMAP Defaults 192
- GMAP Defaults 192
- AMAP Overview 193
- Discovery Transmission State 194
- Common Transmission State 194
- Passive Reception State 194
- Configuring AMAP 195
- -> show amap 196
- -> amap common 600 196
- -> amap common time 600 196
- Displaying AMAP Information 197
- OmniSwitch 6648 198
- GMAP Overview 199
- Configuring GMAP 199
- Displaying GMAP Statistics 201
- 10 Configuring 802.1Q 203
- 802.1Q Specifications 204
- 802.1Q Defaults Table 204
- 802.1Q Overview 205
- Configuring an 802.1Q VLAN 207
- -> vlan 5 802.1q 8 208
- -> vlan 5 no 802.1q 8 208
- Configuring the Frame Type 209
- Show 802.1Q Information 210
- Application Example 211
- 11 Configuring Static Link 215
- Aggregation 215
- Size = 2 224
- Size = 4 224
- Size = 8 224
- OmniSwitch 6602-24 226
- OmniSwitch 6602-48 227
- 12 Configuring Dynamic Link 233
- Aggregate Group 244
- Parameters 251
- Administrative Key 252
- Application Examples 266
- Configuration and Statistics 270
- 13 Configuring IP 273
- IP Specifications 274
- IP Defaults 274
- IP Overview 276
- Additional IP Protocols 277
- IP Forwarding 278
- Creating a Static Route 281
- Creating a Default Route 281
- Adding a Permanent ARP Entry 282
- Clearing Dynamic ARP Entries 283
- ARP Filtering 283
- IP Configuration 284
- IP-Directed Broadcasts 285
- Setting Penalty Values 287
- Setting the Decay Value 288
- Enabling DoS Traps 288
- Managing IP 290
- Enabling All ICMP Types 292
- ICMP Control Table 293
- ICMP Statistics Table 293
- Using the Ping Command 294
- Tracing an IP Route 294
- Displaying TCP Information 294
- Displaying UDP Information 295
- 14 Configuring IPv6 297
- IPv6 Specifications 298
- IPv6 Defaults 298
- IPv6 Overview 300
- IPv6 Addressing 301
- IPv6 Address Prefix Notation 302
- Tunneling IPv6 over IPv4 303
- 6to4 Site 304
- IPv4 Domain 304
- 6to4 Host 304
- Configured Tunnels 305
- Configuring an IPv6 Interface 306
- Modifying an IPv6 Interface 307
- Removing an IPv6 Interface 307
- Assigning IPv6 Addresses 308
- Removing an IPv6 Address 309
- 15 Configuring RIP 313
- RIP Specifications 314
- RIP Defaults 314
- RIP Overview 316
- RIP Routing 317
- Loading RIP 318
- Enabling RIP 318
- Creating a RIP Interface 319
- Enabling a RIP Interface 319
- RIP Options 321
- RIP Redistribution 321
- Enabling RIP Redistribution 322
- RIP Security 326
- Configuring Passwords 327
- 16 Configuring RDP 329
- RDP Specifications 330
- RDP Defaults 330
- Reference Guide 332
- RDP Overview 333
- RDP Interfaces 334
- Security Concerns 335
- Enabling/Disabling RDP 336
- Creating an RDP Interface 336
- 17 Configuring DHCP Relay 341
- DHCP Relay Specifications 342
- DHCP Relay Defaults 342
- DHCP Relay Overview 344
- DHCP and the OmniSwitch 345
- DHCP Relay and Authentication 345
- Internal DHCP Relay 347
- DHCP Relay Implementation 348
- Per-VLAN DHCP 349
- Enabling BOOTP/DHCP Relay 349
- Setting the Forward Delay 350
- Setting Maximum Hops 350
- Configuring UDP Port Relay 352
- Specifying a Forwarding VLAN 353
- 18 Configuring VRRP 355
- VRRP Specifications 356
- VRRP Defaults 356
- 4 Enable VRRP on each switch 357
- VRRP Overview 358
- Why Use VRRP? 359
- VRRP MAC Addresses 360
- VRRP Startup Delay 360
- VRRP Tracking 361
- Configuration Overview 362
- Setting VRRP Traps 366
- Setting VRRP Startup Delay 366
- Creating Tracking Policies 367
- VRRP Application Example 369
- VRRP Tracking Example 371
- 19 Managing Authentication 373
- Server Defaults 375
- Server Overview 377
- Authenticated VLANs 378
- ACE/Server 380
- RADIUS Servers 381
- Configuring the RADIUS Client 386
- LDAP Servers 387
- LDIF File Structure 388
- Common Entries 388
- Directory Entries 389
- Directory Searches 390
- Directory Modifications 390
- Directory Compare and Sort 391
- The LDAP URL 391
- LDAP Accounting Attributes 394
- AccountStopTime 395
- AccountFailTime 395
- Dynamic Logging 396
- 20 Configuring 401
- AVLAN Configuration Overview 404
- Sample AVLAN Configuration 405
- Telnet Authentication Client 407
- -> aaa avlan http language 408
- SSL for Web Browser Clients 411
- Installing the AV-Client 412
- Windows 95 413
- Windows 2000 and Windows NT 413
- button. The software 415
- Windows 95 and Windows 98 416
- Selecting a Dialog Mode 419
- Viewing AV-Client Components 420
- Logging Off the AV-Client 422
- Delay for IP Address Request 423
- Releasing the IP Address 423
- • MAC-Port-IP address 428
- • MAC-Port 428
- • Port-IP address 428
- • MAC-Port-Protocol 428
- Setting Up a DNS Path 429
- Setting Up the DHCP Server 429
- Before Authentication 430
- After Authentication 430
- Configuring Single Mode 432
- Configuring Multiple Mode 434
- 21 Configuring 802.1X 437
- 802.1X Specifications 438
- 802.1X Defaults 438
- 802.1X Overview 440
- 802.1X Accounting 441
- Enabling 802.1X on Ports 443
- Initializing an 802.1X Port 445
- 22 Managing Policy 447
- Policy Server Specifications 448
- Policy Server Defaults 448
- Policy Server Overview 449
- Modifying Policy Servers 450
- Modifying the Port Number 451
- Modifying the Searchbase 451
- Interaction With CLI Policies 453
- 23 Configuring QoS 455
- QoS Specifications 456
- QoS General Overview 457
- QoS Policy Overview 458
- Condition Combinations 460
- Condition/Action Combinations 461
- QoS Defaults 463
- QoS Port Defaults 464
- Policy Rule Defaults 464
- Policy Action Defaults 465
- Default (Built-in) Policies 465
- QoS Configuration Overview 466
- Enabling/Disabling QoS 467
- Using the QoS Log 468
- Log Detail Level 469
- Flow Timeout 470
- Fragment Classification 471
- -> qos classifyl3 bridged 472
- -> qos stats interval 30 472
- Verifying Global Settings 473
- QoS Ports and Queues 474
- Configuring Trusted Ports 475
- Creating Policies 476
- ASCII-File-Only Syntax 477
- Creating Policy Conditions 478
- Creating Policy Actions 479
- Creating Policy Rules 480
- Disabling Rules 481
- Rule Precedence 481
- Saving Rules 483
- Logging Rules 484
- Deleting Rules 484
- Testing Conditions 487
- Sample Group Configuration 489
- Creating Network Groups 490
- Creating Services 491
- Creating Service Groups 492
- Creating MAC Groups 493
- Creating Port Groups 494
- Source Port Group Example 495
- Using Map Groups 498
- How Map Groups Work 499
- Creating Map Groups 499
- Applying the Configuration 501
- Flushing the Configuration 502
- Policy Applications 504
- Basic Commands 505
- Bandwidth Shaping Example 505
- ICMP Policy Example 506
- Network C 507
- 24 Configuring ACLs 509
- ACL Specifications 510
- ACL Defaults 510
- Quick Steps for Creating ACLs 511
- ACL Overview 512
- Valid Combinations 515
- ACL Configuration Overview 516
- Configuring ACLs 518
- Layer 2 ACLs 520
- Layer 2 ACL: Example 1 521
- Layer 2 ACL: Example 2 521
- Layer 3 ACLs 522
- Multicast Filtering ACLs 523
- Using ACL Security Features 525
- Configuring ICMP Drop Rules 529
- ACL Application Example 532
- 25 Configuring IP Multicast 533
- Switching 533
- IPMS Specifications 534
- IPMS Default Values 534
- IPMS Overview 535
- Reserved Multicast Addresses 536
- IPMS and Link Aggregation 536
- Configuring IPMS on a Switch 537
- Configuring a Static Neighbor 538
- Removing a Static Neighbor 538
- Configuring a Static Querier 538
- Removing a Static Querier 539
- Configuring a Static Member 539
- Removing a Static Member 539
- Modifying IPMS Parameters 540
- Modifying the Querier Timeout 541
- Restoring the Querier Timeout 542
- IPMS Application Example 543
- 26 Diagnosing Switch 547
- Problems 547
- Port Mirroring Overview 549
- Port Mirroring Defaults 550
- Port Monitoring Overview 552
- RMON Specifications 554
- RMON Probe Defaults 555
- Switch Health Overview 556
- Switch Health Defaults 557
- Port Mirroring 558
- How Port Mirroring Works 559
- Creating a Mirroring Session 561
- Deleting A Mirroring Session 565
- Port Monitoring 566
- Remote Monitoring (RMON) 571
- Ethernet Statistics 572
- Displaying RMON Tables 574
- Monitoring Switch Health 578
- -> health threshold cpu 85 580
- • memory 581
- • temperature 581
- Viewing Sampling Intervals 582
- 27 Using Switch Logging 585
- Switch Logging Specifications 586
- Switch Logging Defaults 587
- Switch Logging Overview 589
- Enabling Switch Logging 590
- Specifying the Severity Level 592
- Removing the Severity Level 593
- -> swlog clear 595
- 28 Monitoring Memory 597
- Memory Monitoring Defaults 598
- Current = 33741 602
- Cumulative = 687952 602
- A Software License 607
- C. Linux 611
- E. University of California 616
- G.Random.c 616
- H. Apptitude, Inc 617
- I. Agranat 617
- J. RSA Security Inc 617
- K. Sun Microsystems, Inc 617
- L. Wind River Systems, Inc 618
- Numerics 619
Manuais e produtos relacionados com Redes Alcatel OS6602-48
Redes Alcatel 1000 ADSL Instruções de Operação
(78 páginas)
(78 páginas)
Redes Alcatel OS6855-24 Guia do Utilizador
(79 páginas)
(79 páginas)
Redes Alcatel SpeedTouch Speed Touch Home Asymmetric Digital Subscriber Line (ADSL) Modem Guia do Utilizador
(64 páginas)
(64 páginas)
Redes Alcatel OS6400-24 Manual do Utilizador
(4 páginas)
(4 páginas)
Redes Alcatel OS6855-24 Manual do Utilizador
(8 páginas)
(8 páginas)
Redes Alcatel OS-6124 Manual do Utilizador
(8 páginas)
(8 páginas)
Redes Alcatel OS6400-24 Guia do Utilizador
(55 páginas)
(55 páginas)
Redes Alcatel OS-6124 Manual do Utilizador
(8 páginas)
(8 páginas)
Redes Alcatel One Touch X200S Manual do Utilizador
(20 páginas)
(20 páginas)
Redes Alcatel SpeedTouch Speed Touch Home Asymmetric Digital Subscriber Line (ADSL) Modem Guia do Utilizador
(34 páginas)
(34 páginas)
Redes Alcatel One Touch X200S Guia do Utilizador
(21 páginas)
(21 páginas)
Redes Alcatel OS6855-24 Manual do Utilizador
(9 páginas)
(9 páginas)
Redes Alcatel OS6850-48 Manual do Utilizador
(9 páginas)
(9 páginas)
Redes Alcatel OS6850-48 Manual do Utilizador
(20 páginas)
(20 páginas)
Redes Alcatel Router Manual do Utilizador
(7 páginas)
(7 páginas)
Redes Alcatel Modem Manual do Utilizador
(2 páginas)
(2 páginas)
Redes Alcatel OmniSwitch/Router Guia do Utilizador
(346 páginas)
(346 páginas)
Redes Alcatel OS6400-48 Manual do Utilizador
(8 páginas)
(8 páginas)
Flex TPO PS Coverstrip Handbücher
Bedienungsanleitungen und Benutzerhandbücher für Hardware Flex TPO PS Coverstrip.
Wir stellen 1 PDF-Handbücher Flex TPO PS Coverstrip zum kostenlosen herunterladen nach Dokumenttypen zur Verfügung Bedienungsanleitung
Comentários a estes Manuais