Management Guide - Kamery IP

More documents

Recommendations

Info

3Configuring the Switchother packets.- Disabling and then re-enabling global ARP Inspection will not affect the ARPInspection configuration of any VLANs.- When ARP Inspection is disabled globally, it is still possible to configure ARPInspection for individual VLANs. These configuration changes will only becomeactive after ARP Inspection is enabled globally again.• The ARP Inspection engine in the current firmware version does not support ARPInspection on trunk ports.ARP Inspection VLAN Filters (ACLs)• By default, no ARP Inspection ACLs are configured and the feature is disabled.• ARP Inspection ACLs are configured within the ARP ACL configuration page (seepage 3-133).• ARP Inspection ACLs can be applied to any configured VLAN.• ARP Inspection uses the DHCP snooping bindings database for the list of validIP-to-MAC address bindings. ARP ACLs take precedence over entries in theDHCP snooping bindings database. The switch first compares ARP packets to anyspecified ARP ACLs.• If static is specified, ARP packets are only validated against the selected ACL –packets are filtered according to any matching rules, packets not matching anyrules are dropped, and the DHCP snooping bindings database check is bypassed.• If static is not specified, ARP packets are first validated against the selected ACL;if no ACL rules match the packets, then the DHCP snooping bindings databasedetermines their validity.ARP Inspection Validation• By default, ARP Inspection Validation is disabled.• Specifying at least one of the following validations enables ARP InspectionValidation globally. Any combination of the following checks can be activeconcurrently.- Destination MAC – Checks the destination MAC address in the Ethernet headeragainst the target MAC address in the ARP body. This check is performed forARP responses. When enabled, packets with different MAC addresses areclassified as invalid and are dropped.- IP – Checks the ARP body for invalid and unexpected IP addresses. Theseaddresses include 0.0.0.0, 255.255.255.255, and all IP multicast addresses.Sender IP addresses are checked in all ARP requests and responses, whiletarget IP addresses are checked only in ARP responses.- Source MAC – Checks the source MAC address in the Ethernet header againstthe sender MAC address in the ARP body. This check is performed on both ARPrequests and responses. When enabled, packets with different MAC addressesare classified as invalid and are dropped.ARP Inspection Logging• By default, logging is active for ARP Inspection, and cannot be disabled.3-138
General Security Measures3• The administrator can configure the log facility rate.• When the switch drops a packet, it places an entry in the log buffer, then generatesa system message on a rate-controlled basis. After the system message isgenerated, the entry is cleared from the log buffer.• Each log entry contains flow information, such as the receiving VLAN, the portnumber, the source and destination IP addresses, and the source and destinationMAC addresses.• If multiple, identical invalid ARP packets are received consecutively on the sameVLAN, then the logging facility will only generate one entry in the log buffer and onecorresponding system message.• If the log buffer is full, the oldest entry will be replaced with the newest entry.Trusted & Untrusted Ports• By default all ports are configured as untrusted.• Specific ports can be configured as trusted or untrusted ports.• Packets arriving on trusted interfaces bypass all ARP Inspection and ARPInspection Validation checks and will always be forwarded, while those arriving onuntrusted interfaces are subject to all configured ARP inspection tests.ARP Packet Rate Limiting• By default, all untrusted ports are subject to ARP packet rate limiting.• By default, all trusted ports are exempt from ARP packet rate limiting.• The switch will drop all ARP packets received on a port which exceeds theconfigured ARP-packets-per-second rate limit.• Setting the ARP Inspection Packet Rate Limit to “none” means that no rate limitingwill be enforced.Command Attributes• ARP Inspection Status – Enables ARP Inspection globally. (Default: Disabled)• ARP Inspection VLAN – Selects any configured VLAN. (Default: 1)• ARP Inspection VLAN Status – Enables ARP Inspection for the selected VLAN.(Default: Disabled)• ARP Inspection VLAN Filter- ARP ACL – Allows selection of any configured ARP ACLs. (Default: None)- Static – When an ARP ACL is selected, and static mode also selected, theswitch only performs ARP Inspection and bypasses validation against the DHCPSnooping Bindings database. When an ARP ACL is selected, but static mode isnot selected, the switch first performs ARP Inspection and then validationagainst the DHCP Snooping Bindings database. (Default: Disabled)• ARP Inspection Validation – Enables extended ARP Inspection Validation if anyof the following options are enabled. (Default: Disabled)- Dst-MAC – Validates the destination MAC address in the Ethernet headeragainst the target MAC address in the body of ARP responses.- IP – Checks the ARP body for invalid and unexpected IP addresses. Sender IP3-139
Page 1:
Powered by AcctonES3528MF-PoEFast E
Page 5:
About This GuidePurposeThis guide g
Page 9 and 10:
ContentsAuthorization Settings 3-85
Page 11 and 12:
ContentsVLAN Configuration 3-218IEE
Page 13 and 14:
ContentsAccessing the CLI 4-1Consol
Page 15 and 16:
Contentslogging sendmail host 4-63l
Page 17 and 18:
Contentsaaa group server 4-123serve
Page 19 and 20:
Contentsclear ip dhcp snooping data
Page 21 and 22:
Contentslacp 4-253lacp system-prior
Page 23 and 24:
Contentspvlan uplink/downlink 4-323
Page 25 and 26:
ContentsIGMP Snooping Commands 4-38
Page 27:
TablesTable 1-1 Key Features 1-1Tab
Page 31:
FiguresFigure 3-1 Home Page 3-2Figu
Page 34 and 35:
FiguresFigure 3-133 802.1Q Tunnel S
Page 36 and 37:
Figuresxxxvi
Page 38 and 39:
1IntroductionFeatureTable 1-1 Key F
Page 40 and 41:
1Introductionforwarding traffic bas
Page 42 and 43:
1IntroductionSystem DefaultsThe swi
Page 44 and 45:
1IntroductionTable 1-2 System Defau
Page 46 and 47:
2Initial Configuration• Configure
Page 48 and 49:
2Initial ConfigurationSetting Passw
Page 50 and 51:
2Initial Configuration4. If network
Page 52 and 53:
2Initial ConfigurationConfiguring A
Page 54 and 55:
2Initial Configuration2. Enter the
Page 56 and 57:
3Configuring the SwitchNavigating t
Page 58 and 59:
3Configuring the SwitchMain MenuUsi
Page 60 and 61:
3Configuring the SwitchTable 3-2 Ma
Page 62 and 63:
Page 64 and 65:
Page 66 and 67:
Page 68 and 69:
3Configuring the SwitchWeb - Click
Page 70 and 71:
3Configuring the SwitchCLI - Use th
Page 72 and 73:
3Configuring the SwitchCLI - Enter
Page 74 and 75:
3Configuring the SwitchUsing DHCP/B
Page 76 and 77:
3Configuring the SwitchManaging Fir
Page 78 and 79:
3Configuring the SwitchCommand Attr
Page 80 and 81:
3Configuring the SwitchIf a new ima
Page 82 and 83:
3Configuring the SwitchSaving or Re
Page 84 and 85:
3Configuring the SwitchCLI - Enter
Page 86 and 87:
3Configuring the SwitchConsole Port
Page 88 and 89:
3Configuring the SwitchTelnet Setti
Page 90 and 91:
3Configuring the SwitchConfiguring
Page 92 and 93:
Page 94 and 95:
3Configuring the Switch• Severity
Page 96 and 97:
Page 98 and 99:
3Configuring the SwitchWeb - Select
Page 100 and 101:
3Configuring the SwitchCLI - This e
Page 102 and 103:
3Configuring the SwitchDate Mode -
Page 104 and 105:
3Configuring the Switchthe format o
Page 106 and 107:
Page 108 and 109:
3Configuring the Switch• Enable A
Page 110 and 111:
3Configuring the SwitchSpecifying a
Page 112 and 113:
Page 114 and 115:
Page 116 and 117:
3Configuring the SwitchTable 3-4 Su
Page 118 and 119:
3Configuring the SwitchSetting SNMP
Page 120 and 121:
Page 122 and 123:
Page 124 and 125:
3Configuring the SwitchUser Authent
Page 126 and 127:
Page 128 and 129:
Page 130 and 131:
3Configuring the Switch- Confirm Se
Page 132 and 133:
3Configuring the SwitchCLI - Specif
Page 134 and 135:
3Configuring the SwitchCLI - Specif
Page 136 and 137:
3Configuring the SwitchAAA Accounti
Page 138 and 139:
Page 140 and 141:
Page 142 and 143: 3Configuring the SwitchConfiguring
Page 144 and 145: 3Configuring the Switch• Private
Page 146 and 147: 3Configuring the Switch5. Enable SS
Page 148 and 149: 3Configuring the SwitchWeb - Click
Page 152 and 153: 3Configuring the Switch• SSH Auth
Page 154 and 155: 3Configuring the Switch• Each swi
Page 156 and 157: 3Configuring the Switch• Re-authe
Page 158 and 159: 3Configuring the SwitchCLI - This e
Page 160 and 161: 3Configuring the SwitchWeb - Select
Page 168 and 169: 3Configuring the SwitchDisplaying W
Page 170 and 171: 3Configuring the Switch• Authenti
Page 176 and 177: 3Configuring the Switch• Attribut
Page 182 and 183: 3Configuring the SwitchWeb - Specif
Page 194 and 195: 3Configuring the Switchaddresses ar
Page 196 and 197: 3Configuring the Switchvalidation a
Page 198 and 199: 3Configuring the Switch- If a DHCP
Page 200 and 201: 3Configuring the SwitchDHCP Snoopin
Page 202 and 203: 3Configuring the SwitchCommand Attr
Page 204 and 205: 3Configuring the SwitchIP Source Gu
Page 208 and 209: 3Configuring the SwitchDisplaying I
Page 210 and 211: 3Configuring the SwitchField Attrib
Page 212 and 213: 3Configuring the Switchtrunk. If no
Page 214 and 215: 3Configuring the SwitchCreating Tru
Page 216 and 217: }}3Configuring the SwitchCLI - This
Page 218 and 219: 3Configuring the SwitchConsole#show
Page 220 and 221: 3Configuring the SwitchConsole#show
Page 224 and 225: 3Configuring the SwitchCLI - The fo
Page 226 and 227: 3Configuring the SwitchSetting Broa
Page 228 and 229: 3Configuring the SwitchSetting Mult
Page 230 and 231: 3Configuring the Switchautomatic st
Page 234 and 235: 3Configuring the SwitchPerforming C
Page 236 and 237: 3Configuring the SwitchShowing Port
Page 238 and 239: 3Configuring the SwitchParameterRec
Page 242 and 243:
3Configuring the SwitchSetting a Sw
Page 244 and 245:
Page 246 and 247:
Page 248 and 249:
3Configuring the SwitchSpanning Tre
Page 250 and 251:
3Configuring the SwitchOnce you spe
Page 252 and 253:
3Configuring the Switch• Forward
Page 254 and 255:
Page 256 and 257:
3Configuring the SwitchConfiguratio
Page 258 and 259:
Page 260 and 261:
3Configuring the Switch• Admin St
Page 262 and 263:
3Configuring the SwitchThe followin
Page 264 and 265:
Page 266 and 267:
Page 268 and 269:
3Configuring the SwitchRemaining Ho
Page 270 and 271:
3Configuring the SwitchCLI - This d
Page 272 and 273:
Page 274 and 275:
3Configuring the SwitchUntagged VLA
Page 276 and 277:
3Configuring the SwitchDisplaying B
Page 278 and 279:
3Configuring the Switch• Name - N
Page 280 and 281:
3Configuring the SwitchAdding Stati
Page 282 and 283:
3Configuring the SwitchAdding Stati
Page 284 and 285:
3Configuring the Switch• GARP Lea
Page 286 and 287:
3Configuring the Switchprocessing.
Page 288 and 289:
3Configuring the SwitchConfiguratio
Page 290 and 291:
Page 292 and 293:
3Configuring the SwitchTraffic Segm
Page 294 and 295:
3Configuring the SwitchPrivate VLAN
Page 296 and 297:
Page 298 and 299:
Page 300 and 301:
3Configuring the SwitchCommand Usag
Page 302 and 303:
Page 304 and 305:
Page 306 and 307:
Page 308 and 309:
Page 310 and 311:
Page 312 and 313:
Page 314 and 315:
3Configuring the SwitchDisplaying L
Page 316 and 317:
3Configuring the SwitchDisplaying D
Page 318 and 319:
Page 320 and 321:
Page 322 and 323:
Page 324 and 325:
Page 326 and 327:
3Configuring the SwitchCLI - The fo
Page 328 and 329:
3Configuring the SwitchQuality of S
Page 330 and 331:
3Configuring the Switch• VLAN - A
Page 332 and 333:
3Configuring the SwitchPolicy Confi
Page 334 and 335:
Page 336 and 337:
Page 338 and 339:
Page 340 and 341:
3Configuring the SwitchMulticast Fi
Page 342 and 343:
3Configuring the SwitchStatic IGMP
Page 344 and 345:
Page 346 and 347:
3Configuring the SwitchDisplaying I
Page 348 and 349:
3Configuring the SwitchDisplaying P
Page 350 and 351:
Page 352 and 353:
3Configuring the Switch• New Mult
Page 354 and 355:
Page 356 and 357:
Page 358 and 359:
3Configuring the SwitchDisplaying M
Page 360 and 361:
Page 362 and 363:
3Configuring the SwitchAssigning St
Page 364 and 365:
3Configuring the SwitchDisplaying M
Page 366 and 367:
3Configuring the SwitchDomain Name
Page 368 and 369:
Page 370 and 371:
3Configuring the SwitchDisplaying t
Page 372 and 373:
3Configuring the Switch• Role - I
Page 374 and 375:
3Configuring the SwitchDisplaying I
Page 376 and 377:
3Configuring the SwitchUPnPUniversa
Page 378 and 379:
3Configuring the Switch3-324
Page 380 and 381:
4Command Line InterfaceTelnet Conne
Page 382 and 383:
4Command Line InterfaceShowing Comm
Page 384 and 385:
4Command Line InterfaceUnderstandin
Page 386 and 387:
4Command Line InterfaceTo enter the
Page 388 and 389:
4Command Line InterfaceCommand Grou
Page 390 and 391:
4Command Line InterfaceenableThis c
Page 392 and 393:
4Command Line InterfaceThe ! comman
Page 394 and 395:
4Command Line Interfaceshow reloadT
Page 396 and 397:
4Command Line InterfaceSystem Manag
Page 398 and 399:
4Command Line Interfacebanner confi
Page 400 and 401:
4Command Line InterfaceExampleConso
Page 402 and 403:
Page 404 and 405:
4Command Line Interfacebanner confi
Page 406 and 407:
4Command Line Interfaceshow bannerT
Page 408 and 409:
Page 410 and 411:
Page 412 and 413:
Page 414 and 415:
4Command Line InterfaceFile Managem
Page 416 and 417:
4Command Line Interface• The maxi
Page 418 and 419:
4Command Line InterfacedeleteThis c
Page 420 and 421:
4Command Line Interfaceboot systemT
Page 422 and 423:
4Command Line InterfaceDefault Sett
Page 424 and 425:
4Command Line InterfaceExampleTo en
Page 426 and 427:
4Command Line Interfacetimeout logi
Page 428 and 429:
4Command Line InterfaceRelated Comm
Page 430 and 431:
4Command Line InterfacespeedThis co
Page 432 and 433:
4Command Line Interfaceterminal esc
Page 434 and 435:
Page 436 and 437:
4Command Line Interfacelogging hist
Page 438 and 439:
4Command Line Interfacelogging trap
Page 440 and 441:
4Command Line Interfaceshow logThis
Page 442 and 443:
4Command Line Interfacelogging send
Page 444 and 445:
Page 446 and 447:
4Command Line Interfacesntp clientT
Page 448 and 449:
Page 450 and 451:
Page 452 and 453:
4Command Line Interfaceshow ntpThis
Page 454 and 455:
4Command Line Interfaceclock summer
Page 456 and 457:
4Command Line InterfaceTable 4-19 P
Page 458 and 459:
Page 460 and 461:
4Command Line InterfaceCommand Mode
Page 462 and 463:
4Command Line Interfaceshow cluster
Page 464 and 465:
Page 466 and 467:
4Command Line InterfaceTable 4-21 S
Page 468 and 469:
4Command Line Interfacesnmp-server
Page 470 and 471:
Page 472 and 473:
Page 474 and 475:
Page 476 and 477:
Page 478 and 479:
4Command Line InterfaceFieldGroup N
Page 480 and 481:
4Command Line InterfaceFieldEngineI
Page 482 and 483:
4Command Line Interfacesflow sample
Page 484 and 485:
4Command Line InterfaceExampleThis
Page 486 and 487:
Page 488 and 489:
Page 490 and 491:
4Command Line Interfaceprivilege re
Page 492 and 493:
Page 494 and 495:
Page 496 and 497:
4Command Line Interfaceradius-serve
Page 498 and 499:
4Command Line Interfacetacacs-serve
Page 500 and 501:
4Command Line Interfacetacacs-serve
Page 502 and 503:
Page 504 and 505:
4Command Line Interfaceaaa accounti
Page 506 and 507:
4Command Line Interfaceaaa accounti
Page 508 and 509:
Page 510 and 511:
Page 512 and 513:
4Command Line Interface• When you
Page 514 and 515:
4Command Line InterfaceSecure Shell
Page 516 and 517:
4Command Line Interfaced) The clien
Page 518 and 519:
Page 520 and 521:
Page 522 and 523:
4Command Line Interfaceshow public-
Page 524 and 525:
4Command Line Interfacedot1x defaul
Page 526 and 527:
Page 528 and 529:
Page 530 and 531:
4Command Line InterfaceFor guest VL
Page 532 and 533:
Page 534 and 535:
4Command Line InterfaceExampleThis
Page 536 and 537:
4Command Line InterfacePort Securit
Page 538 and 539:
4Command Line InterfaceNetwork Acce
Page 540 and 541:
4Command Line Interface• This com
Page 542 and 543:
4Command Line Interface• When por
Page 544 and 545:
4Command Line Interfacenetwork-acce
Page 546 and 547:
4Command Line InterfaceNote: Any co
Page 548 and 549:
4Command Line Interfaceclear networ
Page 550 and 551:
Page 552 and 553:
Page 554 and 555:
4Command Line Interfaceweb-auth re-
Page 556 and 557:
4Command Line Interfaceshow web-aut
Page 558 and 559:
4Command Line InterfaceMAC address
Page 560 and 561:
4Command Line Interface• Addition
Page 562 and 563:
4Command Line Interfaceip dhcp snoo
Page 564 and 565:
4Command Line InterfaceIP Source Gu
Page 566 and 567:
4Command Line Interfaceip source-gu
Page 568 and 569:
4Command Line InterfaceARP Inspecti
Page 570 and 571:
4Command Line Interface• When ARP
Page 572 and 573:
4Command Line Interfaceip arp inspe
Page 574 and 575:
Page 576 and 577:
4Command Line Interfaceshow ip arp
Page 578 and 579:
4Command Line Interface• When usi
Page 580 and 581:
4Command Line Interfacepermit, deny
Page 582 and 583:
Page 584 and 585:
4Command Line Interfaceaccess-list
Page 586 and 587:
Page 588 and 589:
Page 590 and 591:
Page 592 and 593:
4Command Line InterfaceMAC ACLsThe
Page 594 and 595:
4Command Line Interface• protocol
Page 596 and 597:
4Command Line InterfaceACL Informat
Page 598 and 599:
4Command Line Interface4-220
Page 600 and 601:
4Command Line InterfaceinterfaceThi
Page 602 and 603:
4Command Line Interfacespeed/duplex
Page 604 and 605:
Page 606 and 607:
4Command Line InterfaceCommand Usag
Page 608 and 609:
4Command Line InterfaceExampleThe f
Page 610 and 611:
Page 612 and 613:
Page 614 and 615:
4Command Line Interfacelinked up, o
Page 616 and 617:
4Command Line InterfaceTable 4-57 A
Page 618 and 619:
Page 620 and 621:
Page 622 and 623:
Page 624 and 625:
Page 626 and 627:
Page 628 and 629:
4Command Line Interfaceshow auto-tr
Page 630 and 631:
4Command Line Interface• STP, VLA
Page 632 and 633:
Page 634 and 635:
4Command Line InterfaceExample• O
Page 636 and 637:
4Command Line Interfacelacp active/
Page 638 and 639:
4Command Line InterfaceConsole#show
Page 640 and 641:
4Command Line InterfaceConsole#show
Page 642 and 643:
4Command Line Interface• When mir
Page 644 and 645:
4Command Line InterfaceRate Limit C
Page 646 and 647:
4Command Line InterfaceExample• I
Page 648 and 649:
Page 650 and 651:
Page 652 and 653:
4Command Line InterfaceAddress Tabl
Page 654 and 655:
4Command Line Interfaceshow mac-add
Page 656 and 657:
4Command Line InterfaceSpanning Tre
Page 658 and 659:
4Command Line Interfacespanning-tre
Page 660 and 661:
Page 662 and 663:
Page 664 and 665:
Page 666 and 667:
Page 668 and 669:
Page 670 and 671:
4Command Line InterfaceExampleedge
Page 672 and 673:
Page 674 and 675:
Page 676 and 677:
Page 678 and 679:
Page 680 and 681:
Page 682 and 683:
4Command Line InterfaceGVRP and Bri
Page 684 and 685:
4Command Line Interfaceshow gvrp co
Page 686 and 687:
Page 688 and 689:
4Command Line InterfaceConfiguring
Page 690 and 691:
4Command Line Interfaceswitchport a
Page 692 and 693:
4Command Line Interfaceswitchport a
Page 694 and 695:
Page 696 and 697:
Page 698 and 699:
4Command Line Interface• When a t
Page 700 and 701:
Page 702 and 703:
Page 704 and 705:
Page 706 and 707:
4Command Line Interfaceprivate vlan
Page 708 and 709:
4Command Line Interfaceswitchport p
Page 710 and 711:
4Command Line Interfaceprotocol-vla
Page 712 and 713:
4Command Line Interfaceshow protoco
Page 714 and 715:
Page 716 and 717:
Page 718 and 719:
4Command Line Interfacevoice vlan m
Page 720 and 721:
Page 722 and 723:
Page 724 and 725:
4Command Line InterfaceTable 4-86 L
Page 726 and 727:
4Command Line Interfacelldp medFast
Page 728 and 729:
Page 730 and 731:
4Command Line InterfaceExamplethere
Page 732 and 733:
Page 734 and 735:
Page 736 and 737:
Page 738 and 739:
Page 740 and 741:
Page 742 and 743:
4Command Line Interfaceshow lldp in
Page 744 and 745:
4Command Line Interfaceshow lldp in
Page 746 and 747:
Page 748 and 749:
Page 750 and 751:
4Command Line InterfacePriority Com
Page 752 and 753:
4Command Line Interfaceshow map ip
Page 754 and 755:
4Command Line Interfaceany traffic
Page 756 and 757:
4Command Line InterfaceThis example
Page 758 and 759:
Page 760 and 761:
4Command Line Interfaceservice-poli
Page 762 and 763:
Page 764 and 765:
4Command Line Interface• When a m
Page 766 and 767:
Page 768 and 769:
4Command Line Interfaceip igmp snoo
Page 770 and 771:
Page 772 and 773:
4Command Line Interfaceshow ip igmp
Page 774 and 775:
4Command Line InterfaceExample• T
Page 776 and 777:
Page 778 and 779:
Page 780 and 781:
4Command Line Interfacemvr (Global
Page 782 and 783:
4Command Line Interfacemvr (Interfa
Page 784 and 785:
4Command Line Interface• Using im
Page 786 and 787:
4Command Line InterfaceFieldStatusI
Page 788 and 789:
Page 790 and 791:
Page 792 and 793:
Page 794 and 795:
4Command Line InterfaceIP Interface
Page 796 and 797:
Page 798 and 799:
4Command Line Interface• count -
Page 800 and 801:
ASoftware SpecificationsMulticast F
Page 802 and 803:
ASoftware SpecificationsSNMPv2 IP M
Page 804 and 805:
BTroubleshootingUsing System LogsIf
Page 806 and 807:
GlossaryDHCP Option 82A relay optio
Page 808 and 809:
GlossaryInternet Group Management P
Page 810 and 811:
GlossaryPrivate VLANsPrivate VLANs
Page 812 and 813:
GlossaryXModemA protocol used to tr
Page 814 and 815:
Indexflooding when STA globallydisa
Page 816 and 817:
Indexgroup attributes, configuring
Page 818 and 819:
Indexpublic key 3-90, 4-136PVID, po
Page 820:
Indexdynamic assignment 3-119, 4-16
show all

Management Guide - Kamery IP

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?