Lantronix LSB4 Скачать руководство пользователя страница 33 | Manualshive

Страница: 33 / 74

Lantronix LSB4 Скачать руководство пользователя страница 33

LSB4 Reference Manual

Filter Commands

6-3

Creating a “Firewall”

A firewall is one use of a filter list. Firewalls are often used to prevent all but one
type of traffic (for example, traffic from a specific node) from reaching a partic-
ular network segment. When traffic destined for a specific segment reaches the
LSB4, it will be compared to a filter list; if it is any but a specified type of traffic,
it hits a ÒfirewallÓ and goes no further--the packet is discarded.

The commands listed below [Figure 6-3] create a firewall between LAN 1 and
any other network segment. Filter 1 is configured to deny access to IP packets;
this filter is assigned to port 1, preventing IP packets from traveling from port 1
to other segments.

Figure 6-3: Preventing IP Traffic Out of Port 1

Figure 6-3 included a

Set Privileged

command before the Set Filter command.

The Set Filter command requires privileged status; if privileged status is current-
ly enabled, the Set Privileged command will not be necessary.

The commands in Figure 6-4 prevent any IP traffic between LSB4 ports; for ex-
ample, IP packets from LAN 1 cannot reach LAN 2, and IP packets from LAN 2
cannot reach LAN 4.

Figure 6-4: Preventing IP Traffic Between All Segments

The

Set Switch

command used above did not specify a particular ethernet port

to be used with filter 1, as a result, all LSB4 ports will deny IP traffic.

Figure 6-5 gives an example of a firewall that enables two nodes to send packets
to each other through the LSB4; traffic from any other node will not be permitted
passage between the two nodes.

Figure 6-5: Isolating Two Nodes With a Firewall

Local_1> SET PRIVILEGED

Local_1> SYSTEM (not echoed)

Local_1>> SET FILTER 1 APPEND PROTOCOL IP DENY

Local_1>> SET SWITCH ETHERNET 1 FILTER 1

Local> SET PRIVILEGED

Password> SYSTEM (not echoed)

Local_1>> SET FILTER 1 APPEND PROTOCOL IP DENY

Local_1>> SET SWITCH FILTER 1

Local_1> SET PRIVILEGED

Local_1>> SYSTEM (not echoed)

Local_1>> SET FILTER 1 APPEND SOURCE 0:80:a3:01:02:03

Local_1>> SET FILTER 1 APPEND SOURCE 0:80:a3:03:02:01

Local_1>> SET FILTER 1 APPEND ALL DENY

«
...
31
32
33
34
35
...
»

Содержание LSB4

Страница 1: ...vice pursuant to Part 15 of FCC Rules These limits are designed to provide reasonable pro tection against such interference when operating in a commercial environment This equip ment generates uses and can radiate radio frequency energy and if not installed and used in accordance with this guide may cause harmful interference to radio communications Operation of this equipment in a residential are...

Страница 2: ...LSB4 Reference Manual For Lantronix LSB4 Ethernet Switch ...

Страница 3: ... Set Define System 2 2 Show Monitor List System 2 4 Set Privileged 2 5 3 Protocol Commands Introduction 3 1 Set Define Protocol 3 2 Show List Protocol 3 4 4 Port Commands Introduction 4 1 Set Define Port 4 2 Show Monitor List Port 4 4 5 SNMP Commands Introduction 5 1 Set Define SNMP 5 2 Show List SNMP 5 3 ...

Страница 4: ... 12 7 Switch Commands Introduction 7 1 Set Define Switch 7 2 Show Monitor List Switch 7 5 8 Save Command Introduction 8 1 Save 8 2 9 Miscellaneous Commands Introduction 9 1 Cls 9 2 Finger 9 2 Help 9 2 Initialize 9 3 Lock 9 4 Logout 9 5 Netstat 9 5 Ping 9 5 Show Users 9 6 Unlock 9 6 Zero Counters 9 7 Technical Support Glossary Index ...

Страница 5: ...1 Introduction About This Manual 1 1 Manual Conventions 1 2 Required Parameters 1 2 Optional Parameters 1 2 User Defined Parameters 1 2 Restrictions 1 2 ...

Страница 6: ...is manual covers the following topics Manual conventions System commands Set Define System Show Monitor List System Set Privileged Protocol commands Set Define Protocol Show List Protocol Port commands Set Define Port Show Monitor List Port SNMP commands Set Define SNMP Show List SNMP Filter commands Set Define Filter Show List Filter Clear Purge Filter Switch commands Set Define Switch Show Monit...

Страница 7: ...lparametersappearinallcapitallettersandwithinbrack ets When there is a choice of two or more optional parameters that may be used with a command all available options will be dis played within brackets For example if either Characteristics or Counters may be used with a command the parameters will be displayed as follows User Defined Parameters These parameters are displayed in italics The name of...

Страница 8: ...2 System Commands Introduction 2 1 Set Define System 2 2 Show Monitor List System 2 4 Set Privileged 2 5 ...

Страница 9: ...t commands function in a similar manner to the Set Define commands Show displays the current settings including those Set but not saved as permanent changes Monitor displays the same current information as Show but is updated every three seconds The List command displays perma nent settings Set Define System Set System and Define System accept the following parameters Incoming SpeciÞes login restr...

Страница 10: ... from remote hosts systemname Any combination of up to sixteen characters When the LSB4 is shipped the system name is in the form LSB4_xxxxxx The six xÕs represent the last six hexadecimal digits of the ethernet address Privileged Password Establishes or changes the password required to use privi leged commands SET DEFINE SYSTEM INCOMING TELNET NONE PASSWORD NOPASSWORD LOGIN PASSWORD CurrentPswd N...

Страница 11: ...Refresh Specifies how often information displayed by a Monitor com mand is updated seconds A value from 2 to 60 Software Specifies the name and path to the file to be downloaded to the LSB4 at boot time filename Any combination of up to forty six characters The file name may contain up to fifteen characters and the path may be up to thirty one characters Restrictions This command requires privileg...

Страница 12: ...ags and any login restric tions Counters Displays a current count of traffic being directed to the LSB4 The counters represent traffic to the switch telnet sessions traffic to the switch ping traffic to the switch etc not traffic that is being forwarded The counters are reset every time the LSB4 is turned on re booted re initialized or a Zero Counters System command is entered Status Displays avai...

Страница 13: ...is status will remain in effect until the user logs out of the LSB4 a Set Privileged Override command is entered or a Set Noprivileged command is entered Override Permits user to obtain supervisor status when another user is currently logged into the LSB4 with supervisor status When this command is entered supervisor status is given and the other user s supervisor status is immediately disabled No...

Страница 14: ...System Commands LSB4 Reference Manual 2 6 ...

Страница 15: ...3 Protocol Commands Introduction 3 1 Set Define Protocol 3 2 Show List Protocol 3 4 ...

Страница 16: ...arameters Show List Protocol Show Protocol and List Protocol display the status of the LSB4Õs protocol set tings Protocol Parameter Function AppleTalk Zone IdentiÞes an AppleTalk zone for the LSB4 IP IPaddress SpeciÞes an IP address for the LSB4 Loadhost SpeciÞes a host from which to download software to the LSB4 Subnet Mask Assigns a subnet mask Netware Loadhost SpeciÞes a host from which to down...

Страница 17: ...ks An IP address must be in the following form nnn nnn nnn nnn where nnn is a decimal number between 0 and 255 IP IPaddress Specifies the LSB4Õs IP address address An IP address in the following form nnn nnn nnn nnn where nnn is a decimal number between 0 and 255 SET DEFINE PROTOCOL APPLETALK ZONE zonename ENABLED DISABLED IP ENABLED DISABLED IPADDRESS address LOADHOST name SECONDARY LOADHOST addr...

Страница 18: ...ost cannot be reached address An IP address in the following form nnn nnn nnn nnn where nnn is a decimal number between 0 and 255 The peri ods must be included IP Subnet Mask Specifies the IP address of a subnet mask A subnet mask is automatically assigned when Set Define Protocol IP IPAd dress is used to specify an IP address This parameter is used to override the assigned subnet mask address An ...

Страница 19: ...mples Local SET PROTOCOL IP LOADHOST elmer cid ins com Local SET PROTOCOL APPLETALK ZONE Lab_Zone Local SET PROTOCOL NETWARE LOADHOST Acct_Fserv See Also Set Privileged page 2 5 Show List Protocol Parameters AppleTalk IP Netware Displays the current AppleTalk IP or Netware configuration SHOW LIST PROTOCOL APPLETALK IP NETWARE ...

Страница 20: ...4 Port Commands Introduction 4 1 Set Define Port 4 2 Show Monitor List Port 4 4 ...

Страница 21: ...re the LSB4 Parity Speed and Type functions properly when connected to a modem or terminal Command Completion Instructs the LSB4 to complete a keyword when keywords are being entered and the space bar is pressed Show Monitor List Port Show Port Monitor Port and List Port display the current and permanent set tings of the LSB4 s serial console port 4chapternumber For an explanation of the Set and D...

Страница 22: ...n the user logs out of the switch If remotely logged into the LSB4 the configura tions will take effect when the user logs out of the port The LSB4 does not have to be rebooted or initialized to store port configurations in current memory SET DEFINE PORT CHARACTER SIZE 7 8 COMMAND COMPLETION ENABLED DISABLED FLOW CONTROL CTS DSR XON NONE MODEM CONTROL ENABLED DISABLED PARITY ODD EVEN SPACE MARK NO...

Страница 23: ...l console port drops When disabled the LSB4 will ignore the status of DTR and DSR signals Parity Specifies a parity setting of Odd Even Space Mark or None Speed Specifies one of the following baud rates 300 600 1200 2400 4800 9600 19200 38400 57600 115200 Type Use this parameter to specify the desired output from the se rial console port If ANSI is selected the output will contain cursor movement ...

Страница 24: ...ular port number enter the Show Users command or the Show Port All command What is displayed depends on any additional parameters specified For example if Counters is specified the port counters will be displayed If a port number is specified with out another parameter the Characteristics for the specified port will be displayed All Displays the serial console port and any other current net work c...

Страница 25: ...5 SNMP Commands Introduction 5 1 Set Define SNMP 5 2 Show List SNMP 5 3 ...

Страница 26: ...eters to different nodes on the local area network SNMP commands described below are used to specify and configure limits to the usage of SNMP Set Define SNMP These commands specify which users can configure and obtain information from the LSB4 using SNMP Show List SNMP Show SNMP and List SNMP display the current status and settings of SNMP re strictions 5chapternumber For an explanation of the Sh...

Страница 27: ...cess Gives a specified type of access to a specified community name None denies access to SNMP packets containing the specified community name Readonly permits SNMP packets containing the specified community name to query the LSB4 for information Readwrite permits full access SNMP packets containing the specified community name may query for information and specify commands that can alter the conf...

Страница 28: ...LSB4 Reference Manual SNMP Commands 5 3 Show List SNMP Show SNMP and List SNMP display the SNMP community names and access types SHOW LIST SNMP ...

Страница 29: ...SNMP Commands LSB4 Reference Manual 5 4 ...

Страница 30: ...6 Filter Commands Introduction 6 1 Configuring a Filter List 6 2 Set Define Filter 6 4 Show List Filter 6 11 Clear Purge Filter 6 12 ...

Страница 31: ...th the different LSB4 ports using the Set Define Switch command The LSB4 compares each data packet against each filter starting with the first fil ter on the list up to 16 entries may be included in a filter list It continues com paring until the data packet matches a filter on the list The packet will then be either permitted or denied passage through the switch If no match is found the packet is...

Страница 32: ... necessary After a filter list is associated with a port the filterÕs configuration must be spec ified using Set Define Filter commands These commands specify the following information the filter list number where the new filter will be placed in the filter list the packet type to be filtered and whether to forward or discard the speci fied type of packet A complete explanation of the Set Define F...

Страница 33: ... ly enabled the Set Privileged command will not be necessary The commands in Figure 6 4 prevent any IP traffic between LSB4 ports for ex ample IP packets from LAN 1 cannot reach LAN 2 and IP packets from LAN 2 cannot reach LAN 4 Figure 6 4 Preventing IP Traffic Between All Segments The Set Switch command used above did not specify a particular ethernet port to be used with filter 1 as a result all...

Страница 34: ... for example if you enter a value of 3 the new filter will be inserted into the list just before the filter currently occupying position 3 If you enter a value larger than the current number of filters on the list the new filter will be added at the end of the list All Specifies that every data packet will be allowed or denied pas sage through the LSB4 Using the All parameter and specify ing Allow...

Страница 35: ... will be filtered For example the following pat tern 0 80 a3 will filter all packets that have 0 80 a3 as the first three bytes of their source address The final three bytes represented by asterisks may vary Destination address Permits or denies passage of data packets destined for a spe cific node on the local area network As with Source the address may be specified in one of two ways with the sp...

Страница 36: ...address of a specific node The address may be specified in one of two ways with the specific Ether net address or with patterns If a pattern is entered instead of a complete address packets with source addresses matching the pattern will be filtered For example the following pat tern 0 80 a3 will filter all packets that have 0 80 a3 as the first three bytes of their source address The final three ...

Страница 37: ...ocols present in the local area network A protocol can be identified by entering hexa decimal characters or by selecting a protocol mnemonic for example IP Protocols may have mnemonics for subgroups and these subgroups may have further subgroups For clarity proto cols one two or three are identified In the syntax on page 6 9 the protocol mnemonics in the leftmost column are lev el one If a level o...

Страница 38: ...and three pro tocols will be denied passage through the LSB4 with the ex ception of the TCP IP data packets allowed by the preceding command It is important to note that if the order of the two command ex amples above were reversed the results would be different No IP data packets would be passed by the switch regardless of the subsequent filter command If the information on Protocol identifier is...

Страница 39: ... cont PROTOCOL protocol ident APPLETALK ATP PAP AFP NBP ZIP RTMP ARP AARP DECNET IGRP IP TCP SMTP FTP RUNIX SPORT portIdent DPORT portIdent ICMP OSPF RIP UDP NFS SNMP RPC SPORT portIdent DPORT portIdent IPX RIP SAP SPX MOPRC MOPDL SNA SNMP SNMPT VINES LAVC XNS ...

Страница 40: ...l port of the data packet Sport is used to define the source protocol port of a data pack et Dport defines the destination protocol port portident is one byte four hexadecimal characters long The hexadecimal characters must be preceded by 0x Allow Deny Permits or denies passage of data packets that meet the spec ified filter criteria Examples Local SET FILTER 0 APPEND PROTOCOL MOPRC DENY Local SET...

Страница 41: ... 11 Show List Filter Parameters Filter Displays the specified filter list filtr A value between 1 and 4 All Displays all filter lists If the filtr and All parameters are omit ted all filters will be shown or listed SHOW LIST FILTER filtr ALL ...

Страница 42: ...ilter Item Command An ÒitemÓ may consist of one item a list of items range of items or a combination Some examples are given below Figure 6 11 Figure 6 11 Item Parameter Examples All Removes the entire specified filter list If both All and Item itemnumber are omitted filters will not be cleared or purged Restrictions This command requires privileged status See Also Set Privileged page 2 5 CLEAR PU...

Страница 43: ...7 Switch Commands Introduction 7 1 Set Define Switch 7 2 Show Monitor List Switch 7 5 ...

Страница 44: ... node before it removes its hard ware address from the address table Ethernet SpeciÞes which LSB4 port will be conÞgured by Set DeÞne Switch commands Path Cost Assigns a path cost value State Enables or disables the LSB4 or a particular port Filter Associates a Þlter list with an LSB4 port The Spanning Tree Algorithm requires certain timing values to operate correct ly If an attempt is made to set...

Страница 45: ...ot to remain the root When the LSB4 has not heard from the root received a BPDU pack et by this time it will assume that the root is down and will attempt to find a new root age A value between 6 and 40 It must be less than 2 x Forward Delay 1 and larger than 2 x HelloTime 1 SET DEFINE SWITCH BRIDGE FORWARD DELAY delay HELLO TIME time MAXIMUM AGE age PRIORITY value SPANNING TREE ENABLED DISABLED W...

Страница 46: ... Define Switch commands port A value between 1 and 4 designating which port is to be con figured Path Cost Specifies the cost to send a packet from the LSB4 to the root through a particular port The Spanning Tree algorithm uses current path cost values to determine which links in the net work to disable If necessary the port with the higher path cost value will be disabled first value A value betw...

Страница 47: ...r commands If the Ethernet port parameter is omitted the specified filter list will be associated with all LAN ports Speed Defines the speed of the LSB4 Fast Sets the LSB4 to fast mode in this mode the LSB4 can obtain its peak performance When Speed is set to Fast user defined filters traffic counters and some bridge MIB SNMP counters will be unavailable Normal Sets the LSB4 speed to normal perfor...

Страница 48: ...t port parameters Status Address Counters and Traffic are omitted Status in formation will be displayed Addresses Displays the ethernet addresses heard on each LAN port The addresses most recently heard from will be displayed num Specifies a number of minutes Show Switch Address num will display all addresses heard from within num All Displays all known addresses Counters Displays a current count ...

Страница 49: ...collisions and or excessive deferrals If a packet is delayed the LSB4 will attempt to retrans mit it until transmission is successful Switch Counters LSB4 Version V1 0 1 940119 Topology Changes 11 Time Since Enabled 1 15 07 Packets Received 1143399 Packets Transmitted 231662 Missed packets 23 Delayed Transmissions 14 Octets Received 290628732 Octets Transmitted 69685850 Packets Filtered 923719 Pac...

Страница 50: ...her node attempts to send a packet onto the ethernet at the same time the LSB4 is sending a packet Misaligned Packets Rx Displays the total number packets received with Frame Alignment Errors Missed Packets Displays the total number of packets ÒdroppedÓ by the LSB4 This occurs when the LSB4 has used all of its memory re sources for buffering incoming packets RBA RRA this number should be small Mul...

Страница 51: ... Packets Not Forwarded Displays the total number of packets not transmitted due to transmit buffers being exhausted during transmit queue over runs Packets Received Displays the total number of ethernet pack ets received by the LSB4 Packets To Us Displays the total number of packets re ceived with the ethernet destination ad dress matching one of the LSB4Õs hardware addresses Packets Transmitted D...

Страница 52: ...occurred Transmit Queue Overrun Displays the total number of packets the LSB4 attempted to transmit onto the LAN but could not This condition usually oc curs when the LSB4 has its allocated Trans mit Buffers exhausted Transmit Queue Size Of the total number of transmit slots avail able in the queue displays the number of packets that the LSB4 currently has queued to transmit Parameters Traffic Fun...

Страница 53: ...Switch Commands LSB4 Reference Manual 7 10 ...

Страница 54: ...8 Save Command Introduction 8 1 Save 8 2 ...

Страница 55: ...d or initialized Configurations made with Set Define Port and Set Define Switch commands will not be affected by the Save System command Save Port or Save Switch must be used to save these commands in permanent memory Save accepts the following parameters Port Saves the speciÞed portÕs current settings in permanent memory System Saves all current system conÞgurations in permanent memory Protocol S...

Страница 56: ...configurations in the LSB4Õs permanent memory All Saves all current filter configurations num A number between 1 and 4 specifying a particular filter list The current filter configurations on this list will be saved in permanent memory SNMP Saves the current SNMP settings in the LSB4Õs permanent memory Switch Bridge Saves the current switch and filter settings SAVE PORT num SYSTEM PROTOCOL IP NETW...

Страница 57: ...anual Save Command 8 3 Save cont Restrictions This command requires privileged status Examples Local SAVE FILTER 3 Local SAVE PROTOCOL APPLETALK Local SAVE SYSTEM Local SAVE FILTER ALL See Also Set Privileged page 2 5 ...

Страница 58: ...Save Command LSB4 Reference Manual 8 4 ...

Страница 59: ...9 Miscellaneous Commands Introduction 9 1 Cls 9 2 Finger 9 2 Help 9 2 Initialize 9 3 Lock 9 4 Logout 9 5 Netstat 9 5 Ping 9 5 Show Users 9 6 Unlock 9 6 Zero Counters 9 7 ...

Страница 60: ...ts on the network Help Accesses the switch help text Initialize Initializes ÒrebootsÓ the LSB4 Lock Prevents other users from accessing a login session Logout Logs out of the LSB4 Netstat Displays a list of network logins Ping Tests IP access to another host Show Users Displays all users currently logged into the LSB4 Unlock Unlocks a currently locked port Zero Counters Resets counters to zero 9ch...

Страница 61: ...aracters or an IP address If an IP address is used it must be in the following format nnn nnn nnn nnn where nnn is a decimal number between 0 and 255 Help This command displays information about a particular LSB4 command If the current user level does not permit the use of a particular command Help will not be available for that command Parameters commandname Any combination of characters If the c...

Страница 62: ...ayed initialization Factory Resets all LSB4 configurations to those in effect when the unit left the factory Use caution with this parameter it will over write all configurations made using Set Save and Define commands Noboot Forces the LSB4 to remain in the Boot Configuration Program and prevents it from booting from its loadhost Reload Updates the LSB4 s Flash ROM For instructions on reloading F...

Страница 63: ...mand will be aborted After the verified password has been accepted the Unlock Password prompt will appear Figure 9 1 Figure 9 1 Lock Command A locked session can be unlocked by doing one of the following Entering the same password used to lock the session at the Unlock Password prompt Entering the Unlock command page 9 6 through a different port Forcibly ending the session with a Logout command pa...

Страница 64: ...f all network sessions currently connected to the LSB4 The information will be grouped by protocol Ping This command sends a request for an echo packet to another IP network host Parameters host host is any combination of characters or an IP address Any character string entered must be resolvable to an IP address If an IP address is used it must be in the following format nnn nnn nnn nnn where nnn...

Страница 65: ... about all users currently logged into the LSB4 Unlock This command unlocks a previously locked port Parameters port A value between 1 and 4 representing the port number to be unlocked Restrictions This command requires privileged status See Also Set Privileged page 2 5 SHOW USERS UNLOCK PORT port ...

Страница 66: ...gin events on the two LAN ports and the serial console port All Resets the counters on all ports Ethernet port Resets the counters on a specified LAN port port A value between 1 and 4 representing the port to be reset Restrictions This command requires privileged status See Also Set Privileged page 2 5 ZERO COUNTERS SYSTEM SWITCH BRIDGE ALL ETHERNET port ...

Страница 67: ...Miscellaneous Commands LSB4 Reference Manual 9 8 ...

Страница 68: ...re submitting a problem please provide the following information Your name company name address and phone number Product name Unit serial number Software version available by issuing the Show Server command Network configuration including the output from a Netstat command Description of the problem Provide a Debug report stack dump if applicable Product status when the problem occurred Please try ...

Страница 69: ...i to notify switches on the network of its exist ence Used to monitor that the root is up and running in addition it enables the switch receiving the packet to monitor the path to the root Bridge A device that moves ÒswitchesÓ packets from one network seg ment to another The LSB4 moves packets according to the scheme described in the IEEE 802 1d bridging specification Broadcast A packet sent out t...

Страница 70: ...et the max imum possible forwarding rate is 14880 packets per second Learning State When the Spanning Tree Algorithm is enabled the LSB4 can be in a number of different states During the Learning state the LSB4 collects hardware address information for its internal address table Listening State When the Spanning Tree Algorithm is enabled the LSB4 can be in a number of different states During the L...

Страница 71: ...A method used to ensure that there is only one possible path between network segments The Spanning Tree Algorithm is enabled by default on the LSB4 To disable or modify the use of the Spanning Tree Algo rithm refer to Chapter 7 Switch A device that moves ÒswitchesÓ packets from one network segment to another The LSB4 moves packets according to the scheme described in the IEEE 802 1d bridging speci...

Страница 72: ...mand 5 2 Counters Show Monitor List System command 2 4 D Define Port command 4 2 Define Protocol command 3 2 Examples 3 4 Define SNMP command 5 2 Define System command 2 2 Examples 2 3 F Filter Save command 8 2 Filter Commands 6 1 Filter lists creating 6 2 Firewalls creating 6 3 I Incoming Set Define System command 2 2 IP IPaddress Set Define Protocol command 3 2 IP Subnet Mask Set Define Protocol...

Страница 73: ...Pinouts B 1 RJ45 to DB9 B 3 Port Save command 8 2 Privileged Set Privileged command 2 5 Privileged Password Set Define System command 2 2 P cont Prompt Set Define System command 2 3 Protocol Save command 8 2 R RJ45 B 3 S Save command 8 2 Secondary Loadhost Set Define Protocol command 3 3 Serial cable limits B 3 Set Port command 4 2 Set Privileged command 2 5 Set Protocol command 3 2 Examples 3 4 S...

Страница 74: ...Index iii T Telnet Set Define System command 2 2 Type Set Define Port command 4 3 ...

Отзывы:

Нет отзывов