manualshive.com logo in svg

AsGa LightBolt 28304-E1, User Manual

Share
Download
AsGa LightBolt 28304-E1 User Manual Download Page 35

    
    

AsGa Light

AsGa Light

AsGa Light

AsGa LightBOLT

BOLT

BOLT

BOLT 10GigE Switch

 10GigE Switch

 10GigE Switch

 10GigE Switch    

    

U

U

U

User Guide

ser Guide

ser Guide

ser Guide    

    

Configuration

Configuration

Configuration

Configuration    

 

35 

3.22.7  TCP fragment attack 

 

The  attack  consists  of  requesting  a  TCP  connection  fragmented  into  two  IP  packets.  The 

first IP packet of 68 bytes only holds the 8 first bytes of the TCP header (source and destination ports 
and  sequence  number).  The  data  in  the  second  IP  packet  then  holds  the  TCP  connection  request 
(SYN flag is 1 and ACK flag is 0). 
 

However, IP filters apply the same rule to all the fragments in a packet. The filter of the first 

fragment  (Fragment  Offset  =  0)  defines  the  rule,  accordingly  it  applies  to  the  other  fragments 
(Fragment  Offset  =  1)  without  any  other  type  of  control.  So,  when  defragmenting  at  IP  level  on  the 
target machine, the connection request packet is rebuilt and passed to the TCP layer. The connection 
is established despite the IP filter in between which should have prevented it. 
Under this setting the system will check for highly TCP fragmented packet and with payloads minors 
than those specified by “minimun-tcp-header-allowed”.  

Default value 20

 

COMMAND 

DESCRIPTION 

AsGOS# 

configure terminal  

Enter the Configure mode. 

AsGOS(config)# 

 denial-of-service 

Enter into Dos mode configuration. 

AsGOS(config-dos)#

 tcp-fragment-attack enable 

Enable TCP fragment protection.  

AsGOS(config-dos)# 

minimun-tcp-header-allowed 20 

Modify the minimum TCP header allowed. 

AsGOS(config-dos)# 

 end 

 

 

 

All packets detected under those conditions will be discarded. 

3.22.8  Source IP equal to destination  IP attack 

 

This  type  of  attack  named  LAND  attack  involves  IP  packets  where  the  source  and 

destination address are set to address the same device. The attack involves sending a spoofed TCP 
SYN packet (connection initiation) with the target host's IP  address and an open port as both source 
and destination. The reason a LAND attack works is because it causes the machine to reply to itself 
continuously. 
 

UDP/TCP  packets  where  destination  ports  is  the  same  as  source  ports  are  also 

considered land type attacks. 

 

Under this setting the system will check for SIP equal to DIP and UDP and TCP source and 

destination equals ports. 

 

COMMAND 

DESCRIPTION 

AsGOS# 

configure terminal  

Enter the Configure mode. 

AsGOS(config)# 

 denial-of-service 

Enter into Dos mode configuration. 

AsGOS(config-dos)# 

 sip-dip-protection enable 

SAIP = DAIP checking. 

AsGOS(config-dos)# 

tcp-udp-sp-equal-dp enable 

Source and Destination TCP/UDP checking. 

AsGOS(config-dos)# 

end 

 

 

 

All packets detected under those conditions will be discarded. 

3.22.9  Check on invalid TCP flags    

 

TCP is an abbreviation for the Transmission Control Protocol, defined in RFC 793 which was 

released in September of 1981. TCP is a connection oriented protocol that can reliably get information 
from  one  host  to  another  across  a  network.  By  reliable,  we  mean  that  TCP  guarantees  all  data  will 
arrive  uncorrupted  at  the  remote  host,  automatically  detecting  dropped  or  corrupted  packets  and 
resending them as needed. 
 

Every TCP packet includes a header, which is defined by the RFC as follows: 

 

 

Summary of Contents for LightBolt 28304-E1

Page 1: ...h 10GigE Switch 10GigE Switch 10GigE Switch User Guide User Guide User Guide User Guide Index Index Index Index AsGa Light AsGa Light AsGa Light AsGa LightBOLT BOLT BOLT BOLT 10GigE Switch 10GigE Swit...

Page 2: ...12 3 8 MODES COMMON TO PROTOCOLS 12 3 9 COMMAND NEGATION 13 3 10 FORMAT USED FOR COMMAND DESCRIPTION 13 3 11 INITIAL CONFIGURATION 13 3 12 CONNECTING TO THE SWITCH 14 3 13 CONFIGURING THE SWITCH 15 3...

Page 3: ...when handling the equipment However overvoltages coming from the Telecommunication Network could be present mainly if the equipment is not properly installed Electrostatic Discharge This product chass...

Page 4: ...e cost of installation is low but the cost of network maintenance and management is minimal as well Management and maintenance for 10 Gigabit Ethernet may be done by local network administrators as it...

Page 5: ...0GE Four 10Gig electrical port XC4 compatible 1 Rack Unit 8K MAC Table 2K L3 IPV4 Table LightBotl 28504 E1 24 Ports 10 100 1000 Electrical 4 ports 10GE Four 10Gig electrical port XC4 compatible 1 Rack...

Page 6: ...source ports TCP packets with FIN URG PSH bits enable and sequence number 0 Minimum TCP header size value for header size Other specific DoS characteristics are checked Management SNMP V1 RFC 1157 SNM...

Page 7: ...fer to the alphabetic command index 1 1 Front Panel The figure 1 1 displays the frontal view of Switch LightBolt Figure 1 1 Front Panel Position Designation 1 RJ45 connector for combo port Electrical...

Page 8: ...igE Switch User Guide User Guide User Guide User Guide Introduction Introduction Introduction Introduction 8 Position Designation 7 RJ45 connector for notebook connection 8 DB9 connector for notebook...

Page 9: ...Telnet port 23 Enable SNMP V1 V2 V3 Disable RO R WR SNMP Communities Trap Admin Status Enable Auto negotiation Enable Flow Control Disable 10 Mbps Half Duplex 10 Mbps Full Duplex 100 Mbps Half Duplex...

Page 10: ...ospf The vertical bar Delimits choices select one from the list A B C D 0 4294967295 Dot period Allows the repetition of the element that immediately follows it multiple times Not to be entered as pa...

Page 11: ...ug history Display the session command history ip IP information memory Memory statistics route map route map information running config running configuration startup config Contents of startup config...

Page 12: ...ommands are too long for the display line and can wrap in mid parameter or mid keyword if necessary 3 8 Modes Common to Protocols Exec This mode also called the View mode is the base mode from where u...

Page 13: ...by default Command Mode Name of the command mode in which this command is to be used Such as Exec Privilege Exec Configure mode and so on Usage This section is optional It describes the the usage of...

Page 14: ...Tree parameters for all STPx supported Enable port mirroring Set broadcast storm control on any port Display system information and statistics Others 3 12 Connecting to the switch 3 12 1 Local Config...

Page 15: ...can beaccessed using Telnet port 23 by default or SSH from any computer attached to the network 3 13 Configuring the Switch 3 13 1 Basic Configuration Console Connection The CLI program provides two d...

Page 16: ...n your system A typical out put view of this command can be summarized AsGa sh run no service password encryption hostname AsGa spanning tree mst config bridge instance 1 vlan 100 bridge instance 1 vl...

Page 17: ...nterface ge3 switchport switchport mode access switchport access vlan 100 bridge group instance 1 spanning tree portfast interface ge4 switchport switchport mode access vlan classifier activate 1 brid...

Page 18: ...e23 switchport switchport mode trunk switchport mode trunk ingress filter enable switchport trunk allowed vlan add 20 switchport trunk allowed vlan add 100 switchport trunk allowed vlan add 300 switch...

Page 19: ...that is ports witch can not accept an IP address or routed ports witch can accept an IP address Note By default all ports are switched no routed access ports with the default per port VLAN ID PVID eq...

Page 20: ...a point to point link between two switches or between a switch and a router Hibrid This mode set the trunk in an hybrid mode witch means that the port acting as a trunk has a default VLAN for all tho...

Page 21: ...e crease on a single switch 3 13 3 1 3 Creating VLANs Use the vlan database into configuration mode command to add a VLAN and enter the config vlan mode Use the no form of this command to delete the V...

Page 22: ...wing list AsgOS show vlan all bridge 1 Bridge VLAN ID Name State Member ports u Untagged t Tagged 1 1 default ACTIVE ge1 u ge2 u ge3 u ge4 u ge5 u ge6 u ge7 u ge8 u ge9 u ge10 u ge11 u ge12 u ge13 u g...

Page 23: ...nal Enter the Configure mode AsGOS config hostname LighetBolt Specify your host name LightBolt config Your host name will appear as a new prompt in your system Exit from configuration mode LightBolt W...

Page 24: ...14 17 34 08 2036 julio Flash disk space Used Available Use 11 8M 31 2M 27 3 14 2 Loading new files into your system In order to load files into your system you have a total free disk space of 32 Mb T...

Page 25: ...y COMMAND DESCRIPTION AsGOS boot info Display the booting configuration Config file AsGOS conf Image file asgos er1 1 bin Out put from booting information command 3 15 Configuring System Logs All syst...

Page 26: ...t are interpreted and generated by the console port If parity is being generated specify 7 data bi per character If no parity is required specify 8 data bits per character Default 8 bits Parity Define...

Page 27: ...ode AsGOS config speed 115200 57600 38400 19200 9600 4800 2400 Change the console speed AsGOS config parity none even odd space mark Change the console parity AsGOS config flowcontrol none software in...

Page 28: ...new model This command specify a new model for the authentification process if not the default authentification process is locally defined That is user names and passwords will be defined locally at...

Page 29: ...ting the value of the corresponding object to the disabled state Such capabilities are fine for implementing a basic network management system To enhance this basic functionality a new version of SNMP...

Page 30: ...uerri auth md5 brasil3x0 priv naargentina Create the user name AsGOs config snmp server users access Dguerri ro priv Give the access type to the configured user AsGOS config snmp server manager 192 16...

Page 31: ...l send flow control when needed 3 20 Configuring IP addresses on Switched Virtual Interfaces SVI s A switch virtual interface SVI represents a VLAN of switch ports as one interface to the routing func...

Page 32: ...nning tree protocols 3 22 MAC Address Table LightBolt switches has different MAC address tables capacities according to the platform acquired LightBolt 28504 has a total MAC address capacity of 16 384...

Page 33: ...during the last aging period 3 22 2 Setting the aging time Use the mac address table aging time global configuration command to set the length of time that a dynamic entry remains in the MAC address...

Page 34: ...figure terminal Enter the Configure mode AsGOS config denial of service Enter into Dos mode configuration AsGOS config dos first fragment ip packets enable Enable the first fragment DoS Checking All p...

Page 35: ...y the minimum TCP header allowed AsGOS config dos end All packets detected under those conditions will be discarded 3 22 8 Source IP equal to destination IP attack This type of attack named LAND attac...

Page 36: ...PSH URG RST and FIN TCP uses these bits to define the purpose and contents of a packet We will briefly define them URG means out of band data For example in the telnet session if you press ctr c tcp...

Page 37: ...r Guide Configuration Configuration Configuration Configuration 37 Under this setting the system will check for those malicious combinations COMMAND DESCRIPTION AsGOS configure terminal Enter the Conf...

Page 38: ...ameter with this command Command Syntax bridge forward time FORWARD_DELAY no bridge forward time FORWARD_DELAY 4 30 the forwarding time delay in seconds Command Mode Configure mode Default The default...

Page 39: ...3 4 1 3 bridge max age Use this command to set the max age for a bridge This value is used by all instances Use the no parameter with this command to restore the default value of max age Command Synt...

Page 40: ...bridge priority PRIORITY PRIORITY 0 61440 The bridge priority Command Mode Configure mode Default The default priority is 32678 or hex 0x8000 Usage This command must be used to set the priority of th...

Page 41: ...t enable 4 1 6 bridge spanning tree errdisable timeout interval Use this command to specify the time interval after which a port is brought back up Command Syntax bridge spanning tree errdisable timeo...

Page 42: ...Bridge Protocol Data Unit Guard feature on a bridge Use the no parameter with this command to disable the BPDU Guard feature on a bridge Command Syntax no bridge spanning tree portfast bpdu guard Com...

Page 43: ...cost PATHCOST 1 200000000 The cost to be assigned to the group Default The default bridge group path cost is 0 Command Mode Interface mode Examples AsGOS configure terminal AsGOS config interface eth1...

Page 44: ...hich it is enabled is a designated port If the Root Guard enabled port receives a superior BPDU it goes to a Listening state for STP or discarding state for RSTP and MSTP Example AsGOS configure termi...

Page 45: ...gure mode Default There is no default value Example AsGOS configure terminal AsGOS config bridge 2 spanning tree enable 4 2 3 debug stp Use this command to turn on and turn off debugging and echoing d...

Page 46: ...show spanning tree Usage The following is an output of this command displaying the spanning tree AsGOS show spanning tree a spanning tree enabled learning enabled a ageing time 300 root path cost 0 p...

Page 47: ...bridge Use the no parameter to disable the Rapid Spanning Tree Protocol on the bridge Command Syntax no bridge rapid spanning tree enable Bridge group ID used for bridging Command Mode Configure mode...

Page 48: ...us levels Use the no parameter with this command to turn off debugging Command Syntax debug rstp all cli PACKET PROTOCOL TIMER all echoes all RSTP debugging levels to the console cli echoes RSTP comma...

Page 49: ...gnated cost 0 eth3 designated port id 8005 state Forwarding priority 128 eth3 designated root 0000000475e650cf eth3 designated bridge 0000000475e650cf eth3 forward timer 0 hold timer 0 msg age timer 0...

Page 50: ...point to point no spanning tree link type shared shared Disable rapid transition point to point Enable rapid transition Command Mode Interface mode Usage RSTP has a backward compatible STP mode spanni...

Page 51: ...teroperability enable To disable Cisco interoperability on a Layer 2 switch for a particular bridge AsGOS configure terminal AsGOS config bridge cisco interoperability disable 4 4 2 bridge instance pr...

Page 52: ...e instance Command Mode MST Configuration Mode Usage The permitted range of instances is 0 15 Instance 0 refers to the internal spanning tree The VLANs must be created before being associated with an...

Page 53: ...bridge multiple spanning tree enable Use this command to enable the Multiple Spanning Tree Protocol on a bridge Use the no parameter to disable the command Command Syntax no bridge 1 32 multiple span...

Page 54: ...mmand to specify the number for configuration information Command Syntax bridge 1 32 revision REVISION_NUM 1 32 Specify the bridge group ID REVISION_NUM 0 255 Revision number Command Mode MST Configur...

Page 55: ...cost of path in the range of 1 200000000 a lower path cost indicates a greater likelihood of the specific interface becoming a root Command Mode Interface mode Default Assuming a 10 Mb s link speed t...

Page 56: ...21 4 4 11 clear spanning tree detected protocols Use this command to clear the detected protocols for a specific bridge or interface Command Syntax clear spanning tree detected protocols bridge 1 32 i...

Page 57: ...ays the number of instances created and VLANs associated with it Command Syntax show spanning tree mst Command Mode Enable mode and Interface mode Usage The following is an output of this command disp...

Page 58: ...0 CIST Bridge Priority 0 1 Forward Delay 15 Hello Time 2 Max Age 20 Max hops 20 1 CIST Root Id 0000009027342b72 1 CIST Reg Root Id 0000009027342b72 1 CST Bridge Id 0000009027342b72 1 portfast bpdu fil...

Page 59: ...000 eth2 Configured CST External Path cost 200000 eth2 CST Priority 128 MSTI Priority 128 eth2 Designated Root 8001009027342b72 eth2 Designated Bridge 8001009027342b72 eth2 Message Age 0 Max Age 0 eth...

Page 60: ...imer 0 Hello Timer 1 eth1 Port 3 Id 8003 Role Designated State Discarding eth1 Designated Internal Path Cost 0 Designated Port Id 8003 eth1 Configured Internal Path Cost 200000 eth1 Configured CST Ext...

Page 61: ...red Disable rapid transition point to point Enable rapid transition Command Mode Interface mode Usage MSTP has a backward compatible STP mode spanning tree link type shared An alternative is the spann...

Page 62: ...nto binary 0s and 1s the results determine which address bits are to be considered in processing the traffic A 0 indicates that the address bits must be considered exact match a 1 in the mask is a don...

Page 63: ...an id 1 4094 clear Reset functions mac address table MAC forwarding table static Static entries dynamic Dynamic entries address Address keyword MAC MAC address in HHHH HHHH HHHH format interface Inter...

Page 64: ...the dir command to display a list of files on your system Command Syntax Dir Command Mode Exec mode Default No default Examples AsGOS dir rw r r 1 1000 users 7 5M Jul 10 2007 asgos ver1 0 bin rw r 1 r...

Page 65: ...LightBolt config 5 1 8 Flolwcontrol Use the flowcontrol interface configuration command to set the receive or send flow control value for an interface When flow control send is on for a device and it...

Page 66: ...Default Examples Related Commands 5 1 10 Interface Use the interface global configuration command to enter in the configuration mode for a physical interface or to create or access switch virtual inte...

Page 67: ...h Use the no form of this command to remove an IP address or to disable IP processing Command Syntax ip address ip address subnet mask no ip address ip address subnet mask Command Mode Interface Defau...

Page 68: ...time that a dynamic entry remains in the MAC address table after the entry is used or updated Use the NO form of this command to return to the default setting The aging time applies to all VLANs The d...

Page 69: ...ble freeze Examples LightBolt configure t LightBolt configure mac address table freeze Related Commands no mac address table freeze 5 1 15 mac address table static Use the mac address table static glo...

Page 70: ...ig interface ge2 AsGOS interface switchport Related Commands 5 1 17 switchport mode Use the switchport mode interface configuration command to configure the VLAN membership mode of a port Use the no f...

Page 71: ...ured for this port Range 2 4093 Vlan staking use this command to enable vlan staking on a particular port Q in Q method All frames will be tagged on top of the existing tag Customer Tag with the VLAN...

Page 72: ...tabase VLAN Switchport mode ble static 0001 fa09 0909 vlan 20 interface ge1 Related Commands no mac address table static MAC vlan 1 4094 interface IFNAME 5 1 20 switchport Use this command to put a po...

Page 73: ...to point link between two switches or between a switch and a router AsGa LightBolt switches use 802 1Q tag encapsulation method Hibrid This mode set the trunk in an hybrid mode witch means that the p...

Page 74: ...ommand to configure the VLAN filtering mode of a port Under this command just only those VLANs defined will be accepted by this trunk port Any non taggued frame will be discarded Command Syntax Switch...

Page 75: ...ccess vlan 200 AsGOS interface switchport access vlan staking Related Commands vlandatabase VLAN Switchport mode 5 1 24 switchport trunk Use the switchport trunk interface configuration command to set...

Page 76: ...10Gig Ethernet standard Command Syntax speed 10 100 1000 auto 10 Port runs at 10 Mbps 100 Port runs at 100 Mbps 1000 Port run at 1000 Mbps auto Port automatically detects the speed it should run at ba...

Page 77: ...0 f6 04 aa 00 10 ge15 ETH down yes 1522 RT 00 f6 04 aa 00 11 ge16 ETH down yes 1522 RT 00 f6 04 aa 00 12 ge17 ETH down yes 1522 RT 00 f6 04 aa 00 13 ge18 ETH down yes 1522 RT 00 f6 04 aa 00 14 ge19 ET...

Page 78: ...me ge3 Total Packets Received Octets 0 Total Packets Received Without Errors 0 Total Packets Received Discarded 0 Total Packets Transmitted Octets 5312 Total Packets Transmitted Successfully 83 Total...

Page 79: ...elated Commands 5 1 28 Shutdown Use the shutdown interface configuration command to disable an interface Use the no form of this command to restart a disabled port or switch virtual interface SVI The...

Page 80: ...4 u ge15 u ge16 u ge17 u ge18 u ge19 u ge20 u ge21 u ge22 u ge23 u ge24 u xe1 u xe2 u xe3 u xe4 u Related Commands 5 1 30 show outbound access priority table Use this command to display data about the...

Page 81: ...t of this command displaying the traffic class table for interface eth1 AsGOS show traffic class table interface eth1 User Prio Num Traffic Classes 1 2 3 4 5 6 7 8 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0...

Page 82: ...accomplished multicast use this key to limit the maximum multicast traffic to be admitted by a specific port level specify the maximum level of the specific traffic admitted by a specific port This le...

Page 83: ...ty string upd port port Examples LightBOLT config snmp server manager 192 168 1 1 traps version 1 community AsGa upd port 162 LightBOLT config snmp server manager 192 168 1 1 traps version 2c communit...

Page 84: ...ap linkUp linkDown coldstart warmreset config bridge vlancreate vlandelete copy config snmp notify all snmp server Configure parameters to SNMP Agent enable Enable SNMP traps configuration disable Dis...

Page 85: ...MP Blank spaces are not permitted in the community string ro Optional Specifies read only access Authorized management stations can retrieve only MIB objects rw Optional Specifies read write access Au...

Page 86: ...obal configuration mode To remove the system contact information use the no form of this command Command Syntax snmp server contact text no snmp server contact Command Mode Exec mode Usage LightBOLT c...

Page 87: ...the view oid tree specify the oid of a particular view witch can be included or excluded Command Mode Exec mode Usage snmp server view name of the view oid tree include exclude Examples LightBOLT conf...

Page 88: ...ocal remote 5 1 43 snmp server user create Use this command to define the users under SNMP V3 mode Command Syntax snmp server users create username auth md5 sha auth password priv priv password snmp s...

Page 89: ...view View Name Oid tree Type interfaces 1 3 6 1 2 1 2 included interfaces 1 3 6 1 2 1 31 1 1 included vlan 1 3 6 1 2 1 17 included vlan 1 3 6 1 2 1 17 6 excluded Related Commands snmp server view no s...

Page 90: ...Exec mode Usage LightBOLT show log files Examples LightBOLT show log files File name File type teste2 log Log file teste log Log file Related Commands 5 1 47 show config files This command shows all c...

Page 91: ...show mac address table dynamic static interface IFNAME vlan 1 4094 show Show running system information mac address table MAC forwarding table cr All table dynamic Show only dynamic entries static Sh...

Page 92: ...50 storm control Use this command to select the appropriate storm control level for broadcast multicast packets or for a Destination Lookup Failure DLF Use the no form of this command to negate its ac...

Page 93: ...AN 5 1 52 VLAN Use the VLAN configuration command to configure virtual LAN VLAN characteristics for a specific VLAN Use the no form of this command without additional parameters to delete a VLAN All V...

Page 94: ...Syntax vlan classifier group rule vlan classifier group group number add delete rule rule number vlan classifier rule rule number ipv4 mac proto ipv4 format A B C D M ipv4 address in A B C D M format...

Page 95: ...er group 1 add rule 2 vlan classifier group 1 add rule 3 vlan database vlan 300 bridge 1 name TEST3 vlan 300 bridge 1 state enable interface ge4 switchport bridge group 1 switchport mode access vlan c...

Page 96: ...rting small mechanical shocks Transport to long distances Resistant to splashes of water In the unpacking of the AsGa switches it is recommended to Handle the box carefully In the opening of the adhes...

Page 97: ...e ascent conveyor they should be tied to it in the lower part of the steps and conducted to the QDF or power supply point intended for the equipment always verifying if the protection fuse or appropri...

Page 98: ...rack is its mechanical fixation in the rack That is done with the aid of the fixation kit that is composed of four cage nuts and four M5x16 screws Once the cage nuts have been fastened in the rack th...

Page 99: ...verified AsGa will decide on changing or repairing the defective equipment The transportation expenses related to the Customer s equipment for AsGa will run due to the Customer The shipment expenses...

Page 100: ...Ga L AsGa L AsGa L AsGa Light ight ight ightBOLT BOLT BOLT BOLT 10GigE Switch 10GigE Switch 10GigE Switch 10GigE Switch U U U User Guide ser Guide ser Guide ser Guide Warranty Warranty Warranty Warran...

Reviews:

No comments

Brands by name

Popular brands

Load more brands