Alcatel OS6400-24 Guía de usuario Pagina 14
- Pagina / 55
- Tabla de contenidos
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
August 2008
Page 14 of 55 OmniSwitch 6400------ Release 6.3.3.R01
ACL & Layer 3 Security
The following additional ACL features are available for improving network security and preventing mali-
cious activity on the network:
• ICMP drop rules—Allows condition combinations in policies that will prevent user pings, thus
reducing DoS exposure from pings. Two condition parameters are also available to provide more
granular filtering of ICMP packets: icmptype and icmpcode.
• TCP connection rules—Allows the determination of an established TCP connection by examining
TCP flags found in the TCP header of the packet. Two condition parameters are available for defining
a TCP connection ACL: established and tcpflags.
• Early ARP discard—ARP packets destined for other hosts are discarded to reduce processing over-
head and exposure to ARP DoS attacks. No configuration is required to use this feature, it is always
available and active on the switch. Note that ARPs intended for use by a local subnet, AVLAN, and
VRRP are not discarded.
• UserPorts—A port group that identifies its members as user ports to prevent spoofed IP traffic. When
a port is configured as a member of this group, packets received on the port are dropped if they contain
a source IP network address that does not match the IP subnet for the port.
• UserPorts Profile—In addition to spoofed traffic, it is also possible to configure a global UserPorts
profile to specify additional types of traffic, such as BPDU, RIP, OSPF, DVMRP, PIM, DHCP server
response packets and DNS, to monitor on user ports. The UserPorts profile also determines whether
user ports will filter the unwanted traffic or will administratively shutdown when the traffic is
received. Note that this profile only applies to those ports that are designated as members of the
UserPorts port group.
• DropServices—A service group that improves the performance of ACLs that are intended to deny
packets destined for specific TCP/UDP ports. This group only applies to ports that are members of the
UserPorts group. Using the DropServices group for this function minimizes processing overhead,
which otherwise could lead to a DoS condition for other applications trying to use the switch.
ACL Manager
The Access Control List Manager (ACLMAN) is a function of the Quality of Service (QoS) application
that provides an interactive shell for using common industry syntax to create ACLs. Commands entered
using the ACLMAN shell are interpreted and converted to Alcatel-Lucent CLI syntax that is used for
creating QoS filtering policies.
This implementation of ACLMAN also provides the following features:
• Importing of text files that contain common industry ACL syntax.
• Support for both standard and extended ACLs.
• Creating ACLs on a single command line.
• The ability to assign a name, instead of a number, to an ACL or a group of ACL entries.
• Sequence numbers for named ACL statements.
- Release Notes 1
- Contents 2
- System Requirements 4
- August 2008 10
- Feature Descriptions 12
- Access Control Lists (ACLs) 13
- ACL & Layer 3 Security 14
- ACL Manager 14
- ARP Defense Optimization 15
- ARP Poisoning Detection 15
- Authenticated Switch Access 15
- Authenticated VLANs 16
- Command Line Interface (CLI) 16
- DHCP Relay 16
- DHCP Snooping 17
- DHCP Snooping – Layer 2 17
- IP/IP Tunneling 20
- IP Multicast VLAN 20
- Interswitch Protocol (AMAP) 20
- IPv4 Support 21
- IPv6 Support 21
- IP DoS Filtering 22
- NTP Client 25
- Policy Server Management 25
- Port Mapping (Private VLANs) 25
- Port Mirroring 25
- Port Monitoring 26
- Power over Ethernet (PoE) 26
- Quality of Service (QoS) 26
- Routing Protocol Preference 30
- Secure Copy (SCP) 30
- Secure Shell (SSH) 30
- Server Load Balancing (SLB) 31
- Source Learning 32
- Software Rollback 32
- Spanning Tree 33
- Unsupported MIBs 44
- Ethernet 50
- VLAN Stacking 52
- General 52
- UDP/TCP 52
- Technical Support 55
Relacionado con productos y manuales para Redes Alcatel OS6400-24
Redes Alcatel OS-6124 Manual de usuario
(8 paginas)
(8 paginas)
Redes Alcatel One Touch X200S Manual de usuario
(20 paginas)
(20 paginas)
Redes Alcatel SpeedTouch Speed Touch Home Asymmetric Digital Subscriber Line (ADSL) Modem Guía de usuario
(34 paginas)
(34 paginas)
Redes Alcatel One Touch X200S Guía de usuario
(21 paginas)
(21 paginas)
Redes Alcatel OS6855-24 Manual de usuario
(9 paginas)
(9 paginas)
Redes Alcatel OS6850-48 Manual de usuario
(9 paginas)
(9 paginas)
Redes Alcatel OS6850-48 Manual de usuario
(20 paginas)
(20 paginas)
Redes Alcatel Router Manual de usuario
(7 paginas)
(7 paginas)
Redes Alcatel Modem Manual de usuario
(2 paginas)
(2 paginas)
Redes Alcatel OmniSwitch/Router Guía de usuario
(346 paginas)
(346 paginas)
Redes Alcatel OS6400-48 Manual de usuario
(8 paginas)
(8 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.101 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales