manualshive.com logo in svg

AsGa LightBolt 28304-E1, Руководство пользователя

Поделиться
Скачать
AsGa LightBolt 28304-E1 Скачать руководство пользователя страница 34

    
    

AsGa Light

AsGa Light

AsGa Light

AsGa LightBOLT

BOLT

BOLT

BOLT 10GigE Switch

 10GigE Switch

 10GigE Switch

 10GigE Switch    

    

U

U

U

User Guide

ser Guide

ser Guide

ser Guide    

    

Configuration

Configuration

Configuration

Configuration    

 

34 

3.22.4  Denial of service attack prevention  (DoS Prevention) 

 

LightBolt family of  switches have a  hardware base built in mechanisms  in order to detect 

and  refuse    some  of  the  most  common  DoS  attacks.  The  following  lines  can  be  used  to  little 
understand   some of the most common attacks and explain the settings to prevent those attacks.  

 

Denial  of  service

 

a  definition:

 

It  is  an  attempt to  make  a  computer  resource  unavailable  to  its 

intended users. 

3.22.5  IP packet with invalid “First-fragment” 

 

A type of attack involving fragments is known as the “tiny fragment attack”. Two TCP fragments are 

created. The first fragment is so small that it does not even include the full TCP header, particularly 
the  destination  port  number.  The  second  fragment  contains  the  remainder  of  the  TCP  header, 
including  the  port  number.  Some  firewalls  and  intrusion  detection  systems  may  let  one  or  both 
fragments pass through, particularly if they do not perform packet reassembly. Under this setting if the 
first fragment of the packet does not have a full TCP header length the packet will be dropped. 

COMMAND

 

DESCRIPTION

 

AsGOS# 

configure terminal  

Enter the 

Configure

 mode. 

AsGOS(config)# 

 denial-of-service 

Enter into Dos mode configuration 

AsGOS(config-dos)# 

 first-fragment-ip-packets 

enable  

Enable the first fragment DoS Checking.  

 

 

All packets detected under those conditions will be discarded. 

3.22.6  Fragmented ICMP packets - icmp-attack-check 

 

This  type  of  attack  sends  the  victim's  computer  a  series  of  highly  fragmented,  oversized 

ICMP data packets  over the connection. The computer receiving the data packets locks when it tries 
to put the fragments together.  
 

If  the  TCP/IP  stack  was  not  built  properly,  when  it  tries  to  keep  track  and  put  together 

several  packets,  the  result  is  a  memory  overflow,  which  in  turn  causes  the  machine  to  stop 
responding.  Usually,  the  attacker  only  needs  to  send  a  few  packets,  locking  the  victim's  computer 
instantaneously. When the victim restarts his or her computer, the connection with the attacker is lost 
and the attacker remains anonymous. 
 

Under this setting the system will check for highly ICMP fragmented packet and ICMP Ping 

Packets  with  payloads  mayors  than  those  specified  by  “minimun-icmp-packet-over-size”. 

  Default 

value 256. 

  

COMMAND 

DESCRIPTION 

AsGOS# 

configure terminal  

Enter the Configure mode. 

AsGOS(config)# 

 denial-of-service 

Enter into Dos mode configuration. 

AsGOS(config-dos)# 

 icmp-attack-check enable  

Enable ICMP DoS attack checking. 

AsGOS(config-dos)# 

 minimun-icmp-packet-over-

size 512 

Modify  the  minimum  packet  oversize  ICMP 
packet size.  

AsGOS(config-dos)# 

 end 

 

 

 

All packets detected under those conditions will be discarded. 

 

Содержание LightBolt 28304-E1

Страница 1: ...h 10GigE Switch 10GigE Switch 10GigE Switch User Guide User Guide User Guide User Guide Index Index Index Index AsGa Light AsGa Light AsGa Light AsGa LightBOLT BOLT BOLT BOLT 10GigE Switch 10GigE Swit...

Страница 2: ...12 3 8 MODES COMMON TO PROTOCOLS 12 3 9 COMMAND NEGATION 13 3 10 FORMAT USED FOR COMMAND DESCRIPTION 13 3 11 INITIAL CONFIGURATION 13 3 12 CONNECTING TO THE SWITCH 14 3 13 CONFIGURING THE SWITCH 15 3...

Страница 3: ...when handling the equipment However overvoltages coming from the Telecommunication Network could be present mainly if the equipment is not properly installed Electrostatic Discharge This product chass...

Страница 4: ...e cost of installation is low but the cost of network maintenance and management is minimal as well Management and maintenance for 10 Gigabit Ethernet may be done by local network administrators as it...

Страница 5: ...0GE Four 10Gig electrical port XC4 compatible 1 Rack Unit 8K MAC Table 2K L3 IPV4 Table LightBotl 28504 E1 24 Ports 10 100 1000 Electrical 4 ports 10GE Four 10Gig electrical port XC4 compatible 1 Rack...

Страница 6: ...source ports TCP packets with FIN URG PSH bits enable and sequence number 0 Minimum TCP header size value for header size Other specific DoS characteristics are checked Management SNMP V1 RFC 1157 SNM...

Страница 7: ...fer to the alphabetic command index 1 1 Front Panel The figure 1 1 displays the frontal view of Switch LightBolt Figure 1 1 Front Panel Position Designation 1 RJ45 connector for combo port Electrical...

Страница 8: ...igE Switch User Guide User Guide User Guide User Guide Introduction Introduction Introduction Introduction 8 Position Designation 7 RJ45 connector for notebook connection 8 DB9 connector for notebook...

Страница 9: ...Telnet port 23 Enable SNMP V1 V2 V3 Disable RO R WR SNMP Communities Trap Admin Status Enable Auto negotiation Enable Flow Control Disable 10 Mbps Half Duplex 10 Mbps Full Duplex 100 Mbps Half Duplex...

Страница 10: ...ospf The vertical bar Delimits choices select one from the list A B C D 0 4294967295 Dot period Allows the repetition of the element that immediately follows it multiple times Not to be entered as pa...

Страница 11: ...ug history Display the session command history ip IP information memory Memory statistics route map route map information running config running configuration startup config Contents of startup config...

Страница 12: ...ommands are too long for the display line and can wrap in mid parameter or mid keyword if necessary 3 8 Modes Common to Protocols Exec This mode also called the View mode is the base mode from where u...

Страница 13: ...by default Command Mode Name of the command mode in which this command is to be used Such as Exec Privilege Exec Configure mode and so on Usage This section is optional It describes the the usage of...

Страница 14: ...Tree parameters for all STPx supported Enable port mirroring Set broadcast storm control on any port Display system information and statistics Others 3 12 Connecting to the switch 3 12 1 Local Config...

Страница 15: ...can beaccessed using Telnet port 23 by default or SSH from any computer attached to the network 3 13 Configuring the Switch 3 13 1 Basic Configuration Console Connection The CLI program provides two d...

Страница 16: ...n your system A typical out put view of this command can be summarized AsGa sh run no service password encryption hostname AsGa spanning tree mst config bridge instance 1 vlan 100 bridge instance 1 vl...

Страница 17: ...nterface ge3 switchport switchport mode access switchport access vlan 100 bridge group instance 1 spanning tree portfast interface ge4 switchport switchport mode access vlan classifier activate 1 brid...

Страница 18: ...e23 switchport switchport mode trunk switchport mode trunk ingress filter enable switchport trunk allowed vlan add 20 switchport trunk allowed vlan add 100 switchport trunk allowed vlan add 300 switch...

Страница 19: ...that is ports witch can not accept an IP address or routed ports witch can accept an IP address Note By default all ports are switched no routed access ports with the default per port VLAN ID PVID eq...

Страница 20: ...a point to point link between two switches or between a switch and a router Hibrid This mode set the trunk in an hybrid mode witch means that the port acting as a trunk has a default VLAN for all tho...

Страница 21: ...e crease on a single switch 3 13 3 1 3 Creating VLANs Use the vlan database into configuration mode command to add a VLAN and enter the config vlan mode Use the no form of this command to delete the V...

Страница 22: ...wing list AsgOS show vlan all bridge 1 Bridge VLAN ID Name State Member ports u Untagged t Tagged 1 1 default ACTIVE ge1 u ge2 u ge3 u ge4 u ge5 u ge6 u ge7 u ge8 u ge9 u ge10 u ge11 u ge12 u ge13 u g...

Страница 23: ...nal Enter the Configure mode AsGOS config hostname LighetBolt Specify your host name LightBolt config Your host name will appear as a new prompt in your system Exit from configuration mode LightBolt W...

Страница 24: ...14 17 34 08 2036 julio Flash disk space Used Available Use 11 8M 31 2M 27 3 14 2 Loading new files into your system In order to load files into your system you have a total free disk space of 32 Mb T...

Страница 25: ...y COMMAND DESCRIPTION AsGOS boot info Display the booting configuration Config file AsGOS conf Image file asgos er1 1 bin Out put from booting information command 3 15 Configuring System Logs All syst...

Страница 26: ...t are interpreted and generated by the console port If parity is being generated specify 7 data bi per character If no parity is required specify 8 data bits per character Default 8 bits Parity Define...

Страница 27: ...ode AsGOS config speed 115200 57600 38400 19200 9600 4800 2400 Change the console speed AsGOS config parity none even odd space mark Change the console parity AsGOS config flowcontrol none software in...

Страница 28: ...new model This command specify a new model for the authentification process if not the default authentification process is locally defined That is user names and passwords will be defined locally at...

Страница 29: ...ting the value of the corresponding object to the disabled state Such capabilities are fine for implementing a basic network management system To enhance this basic functionality a new version of SNMP...

Страница 30: ...uerri auth md5 brasil3x0 priv naargentina Create the user name AsGOs config snmp server users access Dguerri ro priv Give the access type to the configured user AsGOS config snmp server manager 192 16...

Страница 31: ...l send flow control when needed 3 20 Configuring IP addresses on Switched Virtual Interfaces SVI s A switch virtual interface SVI represents a VLAN of switch ports as one interface to the routing func...

Страница 32: ...nning tree protocols 3 22 MAC Address Table LightBolt switches has different MAC address tables capacities according to the platform acquired LightBolt 28504 has a total MAC address capacity of 16 384...

Страница 33: ...during the last aging period 3 22 2 Setting the aging time Use the mac address table aging time global configuration command to set the length of time that a dynamic entry remains in the MAC address...

Страница 34: ...figure terminal Enter the Configure mode AsGOS config denial of service Enter into Dos mode configuration AsGOS config dos first fragment ip packets enable Enable the first fragment DoS Checking All p...

Страница 35: ...y the minimum TCP header allowed AsGOS config dos end All packets detected under those conditions will be discarded 3 22 8 Source IP equal to destination IP attack This type of attack named LAND attac...

Страница 36: ...PSH URG RST and FIN TCP uses these bits to define the purpose and contents of a packet We will briefly define them URG means out of band data For example in the telnet session if you press ctr c tcp...

Страница 37: ...r Guide Configuration Configuration Configuration Configuration 37 Under this setting the system will check for those malicious combinations COMMAND DESCRIPTION AsGOS configure terminal Enter the Conf...

Страница 38: ...ameter with this command Command Syntax bridge forward time FORWARD_DELAY no bridge forward time FORWARD_DELAY 4 30 the forwarding time delay in seconds Command Mode Configure mode Default The default...

Страница 39: ...3 4 1 3 bridge max age Use this command to set the max age for a bridge This value is used by all instances Use the no parameter with this command to restore the default value of max age Command Synt...

Страница 40: ...bridge priority PRIORITY PRIORITY 0 61440 The bridge priority Command Mode Configure mode Default The default priority is 32678 or hex 0x8000 Usage This command must be used to set the priority of th...

Страница 41: ...t enable 4 1 6 bridge spanning tree errdisable timeout interval Use this command to specify the time interval after which a port is brought back up Command Syntax bridge spanning tree errdisable timeo...

Страница 42: ...Bridge Protocol Data Unit Guard feature on a bridge Use the no parameter with this command to disable the BPDU Guard feature on a bridge Command Syntax no bridge spanning tree portfast bpdu guard Com...

Страница 43: ...cost PATHCOST 1 200000000 The cost to be assigned to the group Default The default bridge group path cost is 0 Command Mode Interface mode Examples AsGOS configure terminal AsGOS config interface eth1...

Страница 44: ...hich it is enabled is a designated port If the Root Guard enabled port receives a superior BPDU it goes to a Listening state for STP or discarding state for RSTP and MSTP Example AsGOS configure termi...

Страница 45: ...gure mode Default There is no default value Example AsGOS configure terminal AsGOS config bridge 2 spanning tree enable 4 2 3 debug stp Use this command to turn on and turn off debugging and echoing d...

Страница 46: ...show spanning tree Usage The following is an output of this command displaying the spanning tree AsGOS show spanning tree a spanning tree enabled learning enabled a ageing time 300 root path cost 0 p...

Страница 47: ...bridge Use the no parameter to disable the Rapid Spanning Tree Protocol on the bridge Command Syntax no bridge rapid spanning tree enable Bridge group ID used for bridging Command Mode Configure mode...

Страница 48: ...us levels Use the no parameter with this command to turn off debugging Command Syntax debug rstp all cli PACKET PROTOCOL TIMER all echoes all RSTP debugging levels to the console cli echoes RSTP comma...

Страница 49: ...gnated cost 0 eth3 designated port id 8005 state Forwarding priority 128 eth3 designated root 0000000475e650cf eth3 designated bridge 0000000475e650cf eth3 forward timer 0 hold timer 0 msg age timer 0...

Страница 50: ...point to point no spanning tree link type shared shared Disable rapid transition point to point Enable rapid transition Command Mode Interface mode Usage RSTP has a backward compatible STP mode spanni...

Страница 51: ...teroperability enable To disable Cisco interoperability on a Layer 2 switch for a particular bridge AsGOS configure terminal AsGOS config bridge cisco interoperability disable 4 4 2 bridge instance pr...

Страница 52: ...e instance Command Mode MST Configuration Mode Usage The permitted range of instances is 0 15 Instance 0 refers to the internal spanning tree The VLANs must be created before being associated with an...

Страница 53: ...bridge multiple spanning tree enable Use this command to enable the Multiple Spanning Tree Protocol on a bridge Use the no parameter to disable the command Command Syntax no bridge 1 32 multiple span...

Страница 54: ...mmand to specify the number for configuration information Command Syntax bridge 1 32 revision REVISION_NUM 1 32 Specify the bridge group ID REVISION_NUM 0 255 Revision number Command Mode MST Configur...

Страница 55: ...cost of path in the range of 1 200000000 a lower path cost indicates a greater likelihood of the specific interface becoming a root Command Mode Interface mode Default Assuming a 10 Mb s link speed t...

Страница 56: ...21 4 4 11 clear spanning tree detected protocols Use this command to clear the detected protocols for a specific bridge or interface Command Syntax clear spanning tree detected protocols bridge 1 32 i...

Страница 57: ...ays the number of instances created and VLANs associated with it Command Syntax show spanning tree mst Command Mode Enable mode and Interface mode Usage The following is an output of this command disp...

Страница 58: ...0 CIST Bridge Priority 0 1 Forward Delay 15 Hello Time 2 Max Age 20 Max hops 20 1 CIST Root Id 0000009027342b72 1 CIST Reg Root Id 0000009027342b72 1 CST Bridge Id 0000009027342b72 1 portfast bpdu fil...

Страница 59: ...000 eth2 Configured CST External Path cost 200000 eth2 CST Priority 128 MSTI Priority 128 eth2 Designated Root 8001009027342b72 eth2 Designated Bridge 8001009027342b72 eth2 Message Age 0 Max Age 0 eth...

Страница 60: ...imer 0 Hello Timer 1 eth1 Port 3 Id 8003 Role Designated State Discarding eth1 Designated Internal Path Cost 0 Designated Port Id 8003 eth1 Configured Internal Path Cost 200000 eth1 Configured CST Ext...

Страница 61: ...red Disable rapid transition point to point Enable rapid transition Command Mode Interface mode Usage MSTP has a backward compatible STP mode spanning tree link type shared An alternative is the spann...

Страница 62: ...nto binary 0s and 1s the results determine which address bits are to be considered in processing the traffic A 0 indicates that the address bits must be considered exact match a 1 in the mask is a don...

Страница 63: ...an id 1 4094 clear Reset functions mac address table MAC forwarding table static Static entries dynamic Dynamic entries address Address keyword MAC MAC address in HHHH HHHH HHHH format interface Inter...

Страница 64: ...the dir command to display a list of files on your system Command Syntax Dir Command Mode Exec mode Default No default Examples AsGOS dir rw r r 1 1000 users 7 5M Jul 10 2007 asgos ver1 0 bin rw r 1 r...

Страница 65: ...LightBolt config 5 1 8 Flolwcontrol Use the flowcontrol interface configuration command to set the receive or send flow control value for an interface When flow control send is on for a device and it...

Страница 66: ...Default Examples Related Commands 5 1 10 Interface Use the interface global configuration command to enter in the configuration mode for a physical interface or to create or access switch virtual inte...

Страница 67: ...h Use the no form of this command to remove an IP address or to disable IP processing Command Syntax ip address ip address subnet mask no ip address ip address subnet mask Command Mode Interface Defau...

Страница 68: ...time that a dynamic entry remains in the MAC address table after the entry is used or updated Use the NO form of this command to return to the default setting The aging time applies to all VLANs The d...

Страница 69: ...ble freeze Examples LightBolt configure t LightBolt configure mac address table freeze Related Commands no mac address table freeze 5 1 15 mac address table static Use the mac address table static glo...

Страница 70: ...ig interface ge2 AsGOS interface switchport Related Commands 5 1 17 switchport mode Use the switchport mode interface configuration command to configure the VLAN membership mode of a port Use the no f...

Страница 71: ...ured for this port Range 2 4093 Vlan staking use this command to enable vlan staking on a particular port Q in Q method All frames will be tagged on top of the existing tag Customer Tag with the VLAN...

Страница 72: ...tabase VLAN Switchport mode ble static 0001 fa09 0909 vlan 20 interface ge1 Related Commands no mac address table static MAC vlan 1 4094 interface IFNAME 5 1 20 switchport Use this command to put a po...

Страница 73: ...to point link between two switches or between a switch and a router AsGa LightBolt switches use 802 1Q tag encapsulation method Hibrid This mode set the trunk in an hybrid mode witch means that the p...

Страница 74: ...ommand to configure the VLAN filtering mode of a port Under this command just only those VLANs defined will be accepted by this trunk port Any non taggued frame will be discarded Command Syntax Switch...

Страница 75: ...ccess vlan 200 AsGOS interface switchport access vlan staking Related Commands vlandatabase VLAN Switchport mode 5 1 24 switchport trunk Use the switchport trunk interface configuration command to set...

Страница 76: ...10Gig Ethernet standard Command Syntax speed 10 100 1000 auto 10 Port runs at 10 Mbps 100 Port runs at 100 Mbps 1000 Port run at 1000 Mbps auto Port automatically detects the speed it should run at ba...

Страница 77: ...0 f6 04 aa 00 10 ge15 ETH down yes 1522 RT 00 f6 04 aa 00 11 ge16 ETH down yes 1522 RT 00 f6 04 aa 00 12 ge17 ETH down yes 1522 RT 00 f6 04 aa 00 13 ge18 ETH down yes 1522 RT 00 f6 04 aa 00 14 ge19 ET...

Страница 78: ...me ge3 Total Packets Received Octets 0 Total Packets Received Without Errors 0 Total Packets Received Discarded 0 Total Packets Transmitted Octets 5312 Total Packets Transmitted Successfully 83 Total...

Страница 79: ...elated Commands 5 1 28 Shutdown Use the shutdown interface configuration command to disable an interface Use the no form of this command to restart a disabled port or switch virtual interface SVI The...

Страница 80: ...4 u ge15 u ge16 u ge17 u ge18 u ge19 u ge20 u ge21 u ge22 u ge23 u ge24 u xe1 u xe2 u xe3 u xe4 u Related Commands 5 1 30 show outbound access priority table Use this command to display data about the...

Страница 81: ...t of this command displaying the traffic class table for interface eth1 AsGOS show traffic class table interface eth1 User Prio Num Traffic Classes 1 2 3 4 5 6 7 8 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0...

Страница 82: ...accomplished multicast use this key to limit the maximum multicast traffic to be admitted by a specific port level specify the maximum level of the specific traffic admitted by a specific port This le...

Страница 83: ...ty string upd port port Examples LightBOLT config snmp server manager 192 168 1 1 traps version 1 community AsGa upd port 162 LightBOLT config snmp server manager 192 168 1 1 traps version 2c communit...

Страница 84: ...ap linkUp linkDown coldstart warmreset config bridge vlancreate vlandelete copy config snmp notify all snmp server Configure parameters to SNMP Agent enable Enable SNMP traps configuration disable Dis...

Страница 85: ...MP Blank spaces are not permitted in the community string ro Optional Specifies read only access Authorized management stations can retrieve only MIB objects rw Optional Specifies read write access Au...

Страница 86: ...obal configuration mode To remove the system contact information use the no form of this command Command Syntax snmp server contact text no snmp server contact Command Mode Exec mode Usage LightBOLT c...

Страница 87: ...the view oid tree specify the oid of a particular view witch can be included or excluded Command Mode Exec mode Usage snmp server view name of the view oid tree include exclude Examples LightBOLT conf...

Страница 88: ...ocal remote 5 1 43 snmp server user create Use this command to define the users under SNMP V3 mode Command Syntax snmp server users create username auth md5 sha auth password priv priv password snmp s...

Страница 89: ...view View Name Oid tree Type interfaces 1 3 6 1 2 1 2 included interfaces 1 3 6 1 2 1 31 1 1 included vlan 1 3 6 1 2 1 17 included vlan 1 3 6 1 2 1 17 6 excluded Related Commands snmp server view no s...

Страница 90: ...Exec mode Usage LightBOLT show log files Examples LightBOLT show log files File name File type teste2 log Log file teste log Log file Related Commands 5 1 47 show config files This command shows all c...

Страница 91: ...show mac address table dynamic static interface IFNAME vlan 1 4094 show Show running system information mac address table MAC forwarding table cr All table dynamic Show only dynamic entries static Sh...

Страница 92: ...50 storm control Use this command to select the appropriate storm control level for broadcast multicast packets or for a Destination Lookup Failure DLF Use the no form of this command to negate its ac...

Страница 93: ...AN 5 1 52 VLAN Use the VLAN configuration command to configure virtual LAN VLAN characteristics for a specific VLAN Use the no form of this command without additional parameters to delete a VLAN All V...

Страница 94: ...Syntax vlan classifier group rule vlan classifier group group number add delete rule rule number vlan classifier rule rule number ipv4 mac proto ipv4 format A B C D M ipv4 address in A B C D M format...

Страница 95: ...er group 1 add rule 2 vlan classifier group 1 add rule 3 vlan database vlan 300 bridge 1 name TEST3 vlan 300 bridge 1 state enable interface ge4 switchport bridge group 1 switchport mode access vlan c...

Страница 96: ...rting small mechanical shocks Transport to long distances Resistant to splashes of water In the unpacking of the AsGa switches it is recommended to Handle the box carefully In the opening of the adhes...

Страница 97: ...e ascent conveyor they should be tied to it in the lower part of the steps and conducted to the QDF or power supply point intended for the equipment always verifying if the protection fuse or appropri...

Страница 98: ...rack is its mechanical fixation in the rack That is done with the aid of the fixation kit that is composed of four cage nuts and four M5x16 screws Once the cage nuts have been fastened in the rack th...

Страница 99: ...verified AsGa will decide on changing or repairing the defective equipment The transportation expenses related to the Customer s equipment for AsGa will run due to the Customer The shipment expenses...

Страница 100: ...Ga L AsGa L AsGa L AsGa Light ight ight ightBOLT BOLT BOLT BOLT 10GigE Switch 10GigE Switch 10GigE Switch 10GigE Switch U U U User Guide ser Guide ser Guide ser Guide Warranty Warranty Warranty Warran...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды