Alcatel 9000 Guía de usuario Pagina 235
- Pagina / 702
- Tabla de contenidos
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
Configuring IP IP Configuration
OmniSwitch 6800/6850/9000 Network Configuration Guide June 2006 page 12-15
Use the ip directed-broadcast command to enable or disable IP-directed broadcasts. For example:
-> ip directed-broadcast off
Use the show ip config command to display the IP-directed broadcast state.
Denial of Service (DoS) Filtering
By default, the switch filters denial of service (DoS) attacks, which are security attacks aimed at devices
that are available on a private network or the Internet. Some of these attacks aim at system bugs or vulner-
ability (for example, teardrop attacks), while other types of attacks involve generating large volumes of
traffic so that network service will be denied to legitimate network users (such as pepsi attacks). These
attacks include the following:
• ICMP Ping of Death—Ping packets that exceed the largest IP datagram size (65535 bytes) are sent to a
host and hang or crash the system.
• SYN Attack—Floods a system with a series of TCP SYN packets, resulting in the host issuing SYN-
ACK responses. The half open TCP connections can exhaust TCP resources, such that no other TCP
connections are accepted.
• Land Attack—Spoofed packets are sent with the SYN flag set to a host on any open port that is listen-
ing. The machine may hang or reboot in an attempt to respond.
• Teardrop/Bonk/Boink attacks—Bonk/boink/teardrop attacks generate IP fragments in a special way to
exploit IP stack vulnerabilities. If the fragments overlap the way those attacks generate packets, an
attack is recorded. Since teardrop, bonk, and boink all use the same IP fragmentation mechanism to
attack, these is no distinction between detection of these attacks. The old IP fragments in the fragmen-
tation queue is also reaped once the reassemble queue goes above certain size.
• Pepsi Attack—The most common form of UDP flooding directed at harming networks. A pepsi attack
is an attack consisting of a large number of spoofed UDP packets aimed at diagnostic ports on network
devices. This can cause network devices to use up a large amount of CPU time responding to these
packets.
The switch can be set to detect various types of port scans by monitoring for TCP or UDP packets sent to
open or closed ports. Monitoring is done in the following manner:
• Packet penalty values set. TCP and UDP packets destined for open or closed ports are assigned a
penalty value. Each time a packet of this type is received, its assigned penalty value is added to a
running total. This total is cumulative and includes all TCP and UDP packets destined for open or
closed ports.
• Port scan penalty value threshold.The switch is given a port scan penalty value threshold. This
number is the maximum value the running penalty total can achieve before triggering an SNMP trap.
• Decay value. A decay value is set. The running penalty total is divided by the decay value every
minute.
• Trap generation. If the total penalty value exceeds the set port scan penalty value threshold, a trap is
generated to alert the administrator that a port scan may be in progress.
For example, imagine that a switch is set so that TCP and UDP packets destined for closed ports are given
a penalty of 10, TCP packets destined for open ports are given a penalty of 5, and UDP packets destined
for open ports are given a penalty of 20. The decay is set to 2, and the switch port scan penalty value
threshold is set to 2000:
- OmniSwitch 6800 Series 1
- OmniSwitch 6850 Series 1
- OmniSwitch 9000 Series 1
- Network Configuration Guide 1
- Contents 3
- About This Guide 29
- Who Should Read this Manual? 30
- What is in this Manual? 30
- What is Not in this Manual? 31
- Documentation Roadmap 32
- Related Documentation 34
- • Release Notes 35
- User Manual CD 36
- Technical Support 36
- In This Chapter 37
- Ethernet Specifications 38
- Non Combo Port Defaults 39
- Combo Ethernet Port Defaults 39
- Ethernet Ports Overview 40
- Autonegotiation Guidelines 43
- Resetting Statistics Counters 45
- Flood Only Rate Limiting 46
- Multicast Flood Rate Limiting 47
- Configuring a Port Alias 48
- Setting Interface Line Speed 50
- Configuring Duplex Mode 51
- 2 Managing Source 63
- Learning 63
- Source Learning Defaults 64
- MAC Address Table Overview 66
- Using Static MAC Addresses 66
- 3 Using 802.1s Multiple 71
- Spanning Tree 71
- MST Specifications 72
- MST Region Defaults 73
- MST General Overview 74
- MST Configuration Overview 80
- -> bridge protocol mstp 81
- Switch A Switch B 86
- 4 Configuring Learned 91
- Port Security 91
- Understanding the LPS Table 96
- 5 Configuring VLANs 101
- VLAN Specifications 102
- VLAN Defaults 102
- Sample VLAN Configuration 103
- VLAN Management Overview 104
- Creating/Modifying VLANs 105
- -> vlan 255 stp disable 110
- -> vlan 755 stp enable 110
- OmniSwitch 9700 114
- 6 Configuring Spanning Tree 117
- Parameters 117
- Spanning Tree Specifications 118
- Spanning Tree Overview 120
- Topology Examples 123
- Spanning Tree Operating Modes 125
- Using 1x1 Spanning Tree Mode 126
- Configuring Port Priority 140
- Configuring Port Path Cost 141
- Configuring Port Mode 144
- Example Network Overview 147
- 7 Assigning Ports 151
- Port Assignment Defaults 152
- Sample VLAN Port Assignment 153
- Mobile Tag Enabled 156
- Default VLAN 156
- IP Network 130.0.0.0 157
- IP Network 138.0.0.0 157
- VLAN Rule Classification 158
- -> vlan port mobile 4/1 161
- What is a Secondary VLAN? 163
- OmniSwitch 164
- Enable/Disable Default VLAN 166
- Port Properties 169
- 8 Configuring Port Mapping 171
- Port Mapping Specifications 172
- Port Mapping Defaults 172
- Example Port Mapping Overview 175
- 9 Defining VLAN Rules 177
- VLAN Rules Specifications 178
- VLAN Rules Defaults 178
- VLAN Rules Overview 180
- DHCP Rules 181
- Binding Rules 182
- MAC Address Rules 182
- Network Address Rules 182
- Protocol Rules 182
- Port Rules 183
- Defining DHCP MAC Range Rules 189
- Defining DHCP Port Rules 189
- Defining DHCP Generic Rules 190
- Defining Binding Rules 190
- Defining MAC Address Rules 193
- Defining MAC Range Rules 194
- Defining Protocol Rules 196
- Defining Port Rules 197
- The VLANs 198
- DHCP Servers and Clients 198
- Servers 200
- Clients 200
- Configuration” on page 9-3 201
- 10 Using Interswitch 203
- Protocols 203
- AIP Specifications 204
- AMAP Defaults 204
- AMAP Overview 205
- Discovery 206
- Transmission State 206
- Configuring AMAP 207
- -> show amap 208
- -> amap common 600 208
- -> amap common time 600 208
- Displaying AMAP Information 209
- 11 Configuring 802.1Q 211
- 802.1Q Specifications 212
- 802.1Q Defaults Table 212
- 802.1Q Overview 213
- Configuring an 802.1Q VLAN 215
- Configuring the Frame Type 216
- Show 802.1Q Information 217
- Application Example 218
- 12 Configuring IP 221
- IP Specifications 222
- IP Defaults 222
- IP Overview 224
- Additional IP Protocols 225
- Configuring IP IP Forwarding 229
- Creating a Static Route 230
- Creating a Default Route 230
- Local Proxy ARP 232
- ARP Filtering 233
- IP Configuration 234
- Setting the Decay Value 238
- Enabling DoS Traps 238
- Managing IP 240
- Configuring IP Managing IP 241
- Enabling All ICMP Types 242
- Using the Ping Command 243
- Tracing an IP Route 244
- Displaying TCP Information 244
- Displaying UDP Information 244
- 13 Configuring Static Link 247
- Aggregation 247
- -> static linkagg 5 size 8 254
- -> no static linkagg 5 254
- 14 Configuring Dynamic Link 259
- -> lacp linkagg 2 size 8 269
- -> no lacp linkagg 2 269
- Aggregate Group 270
- Administrative Key 273
- Configuration and Statistics 291
- 15 Configuring IPv6 293
- IPv6 Specifications 294
- IPv6 Defaults 294
- IPv6 Overview 296
- IPv6 Addressing 297
- IPv6 Address Prefix Notation 298
- Tunneling IPv6 over IPv4 299
- 6to4 Site 300
- IPv4 Domain 300
- 6to4 Host 300
- IPv6 Domain 301
- IPv6 Site 301
- Configuring an IPv6 Interface 302
- Modifying an IPv6 Interface 303
- Removing an IPv6 Interface 303
- Assigning IPv6 Addresses 304
- Removing an IPv6 Address 305
- 16 Configuring RIP 309
- RIP Specifications 310
- RIP Defaults 310
- RIP Overview 312
- RIP Routing 313
- Loading RIP 314
- Enabling RIP 314
- Creating a RIP Interface 315
- Enabling a RIP Interface 315
- RIP Routing Configuring RIP 316
- -> ip rip route-tag 1 316
- RIP Options 317
- RIP Redistribution 318
- RIP Security 322
- 17 Configuring RDP 325
- RDP Specifications 326
- RDP Defaults 326
- Reference Guide 328
- RDP Interfaces 330
- Security Concerns 331
- Enabling/Disabling RDP 332
- Creating an RDP Interface 332
- 18 Configuring DHCP Relay 337
- DHCP Relay Specifications 338
- DHCP Relay Defaults 339
- DHCP Relay Overview 341
- DHCP and the OmniSwitch 342
- DHCP Relay and Authentication 342
- Internal DHCP Relay 344
- DHCP Relay Implementation 345
- Setting the Forward Delay 346
- Setting Maximum Hops 347
- Using DHCP Snooping 352
- Enabling DHCP Snooping 353
- VLAN-Level DHCP Snooping 354
- Configuring Rate Limiting 356
- 19 Configuring VRRP 359
- VRRP Specifications 360
- VRRP Defaults 360
- 4 Enable VRRP on each switch 361
- VRRP Overview 362
- Why Use VRRP? 363
- VRRP MAC Addresses 364
- VRRP Startup Delay 364
- VRRP Tracking 365
- Configuration Overview 366
- Setting VRRP Traps 370
- Setting VRRP Startup Delay 370
- Creating Tracking Policies 371
- Master 1 373
- Backup 2 373
- Backup 1 373
- Master 2 373
- 20 Configuring IPX 377
- IPX Specifications 378
- IPX Defaults 378
- IPX Overview 380
- Configuring IPX IPX Overview 381
- IPX Routing 382
- Configuring IPX IPX Routing 383
- -> ipx default-route 222 383
- Using the PING Command 386
- IPX RIP/SAP Filtering 387
- Configuring RIP Filters 388
- Configuring SAP Filters 388
- Configuring GNS Filters 389
- IPX RIP/SAP Filter Precedence 390
- 21 Managing Authentication 393
- Server Defaults 395
- Server Overview 397
- OmniSwitch 6648 398
- ACE/Server 400
- RADIUS Servers 401
- Configuring the RADIUS Client 406
- LDAP Servers 407
- LDAP Server Details 408
- Directory Entries 409
- Directory Searches 410
- Directory Modifications 410
- Directory Compare and Sort 411
- The LDAP URL 411
- LDAP Accounting Attributes 414
- AccountStopTime 415
- AccountFailTime 415
- Dynamic Logging 416
- 22 Configuring 421
- Authenticated VLANs 421
- AVLAN Configuration Overview 424
- Sample AVLAN Configuration 425
- Telnet Authentication Client 427
- -> aaa avlan http language 428
- SSL for Web Browser Clients 431
- Installing the AV-Client 432
- Windows 95 433
- Windows 2000 and Windows NT 433
- button. The software 435
- Windows 95 and Windows 98 436
- Selecting a Dialog Mode 439
- Viewing AV-Client Components 440
- Logging Off the AV-Client 442
- Delay for IP Address Request 443
- Releasing the IP Address 443
- • MAC-Port-IP address 448
- • MAC-Port 448
- Setting Up a DNS Path 449
- Setting Up the DHCP Server 449
- Before Authentication 450
- After Authentication 450
- Configuring Single Mode 452
- 23 Configuring 802.1X 457
- 802.1X Specifications 458
- 802.1X Defaults 458
- 802.1X Overview 462
- 802.1X Ports and DHCP 463
- Re-authentication 463
- 802.1X Accounting 464
- Policy Types 465
- Enabling 802.1X on Ports 467
- -> 802.1x 3/1 direction in 468
- Initializing an 802.1X Port 469
- Supplicant Policy Examples 472
- 24 Managing Policy 477
- Policy Server Specifications 478
- Policy Server Defaults 478
- Policy Server Overview 479
- Modifying Policy Servers 480
- Modifying the Port Number 481
- Modifying the Searchbase 481
- Interaction With CLI Policies 483
- 25 Using ACL Manager 485
- ACLMAN Defaults 486
- Quick Steps for Creating ACLs 487
- ACLMAN Overview 489
- ACL Text Files 490
- ACL Precedence 490
- Using the ACLMAN Shell 491
- ACLMAN Modes and Commands 492
- ACLMAN User Privileges 498
- Configuring ACLs 500
- Saving the ACL Configuration 503
- Importing ACL Text Files 504
- 26 Configuring QoS 507
- QoS Specifications 508
- QoS General Overview 509
- QoS Policy Overview 510
- Condition Combinations 512
- Action Combinations 514
- QoS Defaults 515
- QoS Port Defaults 516
- Policy Rule Defaults 516
- Policy Action Defaults 517
- Default (Built-in) Policies 517
- QoS Configuration Overview 518
- Enabling/Disabling QoS 519
- Using the QoS Log 520
- Log Detail Level 521
- Forwarding Log Events 521
- Displaying the QoS Log 522
- Clearing the QoS Log 523
- Verifying Global Settings 524
- QoS Ports and Queues 525
- Configuring Queuing Schemes 526
- Trusted and Untrusted Ports 528
- Configuring Trusted Ports 529
- Creating Policies 531
- ASCII-File-Only Syntax 532
- Creating Policy Conditions 533
- Creating Policy Actions 534
- Removing Action Parameters 535
- Deleting a Policy Action 535
- Creating Policy Rules 536
- Disabling Rules 537
- Rule Precedence 537
- Saving Rules 537
- Logging Rules 538
- Deleting Rules 538
- Testing Conditions 539
- Sample Group Configuration 542
- Creating Network Groups 543
- Creating Services 544
- Creating Service Groups 545
- Creating MAC Groups 546
- Creating Port Groups 547
- Egress Bandwidth Shaping 548
- Example 1: Source Port Group 549
- Using Map Groups 551
- How Map Groups Work 552
- Creating Map Groups 552
- Applying the Configuration 554
- Flushing the Configuration 555
- Policy Applications 557
- Network 1 558
- 10.10.4.0 558
- Redirection Policies 559
- ICMP Policy Example 560
- Network C 561
- Policy Based Routing 562
- 10.3.0.0 563
- 173.5.1.0 563
- 173.10.2.0 563
- 174.26.1.0 563
- 27 Configuring ACLs 565
- ACL Specifications 566
- ACL Defaults 567
- Valid Combinations 570
- ACL Configuration Overview 571
- Layer 2 ACLs 574
- Layer 3 ACLs 575
- Multicast Filtering ACLs 576
- Using ACL Security Features 578
- Configuring ICMP Drop Rules 581
- ACL Application Example 584
- 28 Configuring IP Multicast 585
- Switching 585
- IPMS Specifications 587
- IPMSv6 Specifications 587
- IPMS Default Values 588
- IPMSv6 Default Values 588
- IPMS Overview 589
- IP Multicast Routing 590
- IGMP Version 3 591
- Configuring IPMS on a Switch 592
- Configuring the IGMP Version 593
- Restoring the IGMP Version 593
- Removing an IGMP Static Group 595
- Modifying IPMS Parameters 596
- Last Member Query Interval 597
- Modifying the Source Timeout 599
- Enabling the IGMP Querying 600
- Disabling the IGMP Querying 600
- Enabling the IGMP Spoofing 601
- Disabling the IGMP Spoofing 601
- Enabling the IGMP Zapping 602
- Disabling the IGMP Zapping 602
- IPMSv6 Overview 603
- MLD version 2 604
- Configuring the MLD Version 2 606
- Restoring the MLD Version 1 606
- Removing an MLD Static Group 608
- Modifying IPMSv6 Parameters 609
- Restoring the Source Timeout 612
- Enabling the MLD Querying 612
- Disabling the MLD Querying 612
- Enabling the MLD Spoofing 614
- Disabling the MLD Spoofing 614
- Enabling the MLD Zapping 615
- Disabling the MLD Zapping 615
- IPMS Application Example 616
- IPMSv6 Application Example 618
- 29 Diagnosing Switch 623
- Problems 623
- Port Mirroring Overview 625
- Port Monitoring Overview 627
- RMON Specifications 632
- RMON Probe Defaults 633
- Switch Health Overview 634
- Switch Health Defaults 635
- Port Mirroring 636
- Creating a Mirroring Session 639
- Deleting A Mirroring Session 642
- Port Monitoring 643
- Receiver 648
- Configuring a sFlow Session 649
- Displaying a sFlow Receiver 650
- Displaying a sFlow Sampler 651
- Displaying a sFlow Poller 651
- Displaying a sFlow Agent 652
- Deleting a sFlow Session 652
- Ethernet Statistics 654
- Displaying RMON Tables 656
- • memory 662
- • temperature 662
- Viewing Sampling Intervals 663
- 30 Using Switch Logging 667
- Switch Logging Specifications 668
- Switch Logging Defaults 669
- Switch Logging Overview 671
- Enabling Switch Logging 672
- Specifying the Severity Level 674
- Removing the Severity Level 675
- -> swlog clear 677
- A Software License 679
- Alcatel License Agreement 680
- C. Linux 683
- E. University of California 688
- G.Random.c 688
- H. Apptitude, Inc 689
- I. Agranat 689
- J. RSA Security Inc 689
- K. Sun Microsystems, Inc 689
- L. Wind River Systems, Inc 690
- Numerics 691
Relacionado con productos y manuales para Software Alcatel 9000
Software Alcatel 2.2-R02 Guía para resolver problemas
(560 paginas)
(560 paginas)
Software Alcatel 2.3) Guía de usuario
(96 paginas)
(96 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.048 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales