Allied Telesis Layer 3 Switches Switch User Manual


  Open as PDF
of 31
 
C613-16103-00 REV A
www.alliedtelesis.com
How To |
Introduction
Allied Telesis switches include a range of sophisticated security features at layer 2 and layer 3.
This How To Note describes these features and includes brief examples of how to configure
them.
The implementations shown in this How To Note should be thought of as industry-standard
best practices.
Contents
Introduction .............................................................................................................................................. 1
Which products and software versions does this information apply to? ................................... 2
Securing the device ................................................................................................................................. 3
Protecting the network .......................................................................................................................... 3
Protecting against packet flooding ................................................................................................ 3
Protecting against rapid MAC movement ................................................................................... 6
Controlling multicast traffic ........................................................................................................... 7
Managing the device securely ................................................................................................................ 9
Using Secure Shell (SSH) ................................................................................................................ 9
Using SSL for secure web access ................................................................................................ 10
Using SNMPv3 ................................................................................................................................ 10
Whitelisting telnet hosts .............................................................................................................. 12
Identifying the user ................................................................................................................................ 14
IP spoofing and tracking ................................................................................................................ 14
Rejecting Gratuitous ARP (GARP) ............................................................................................ 15
DHCP snooping ............................................................................................................................. 15
Using 802.
1
x port authentication ............................................................................................... 17
Protecting the user ................................................................................................................................ 18
Using private VLANs ..................................................................................................................... 18
Using local proxy ARP and MAC-forced forwarding ............................................................. 19
Using IPsec to make VPNs ........................................................................................................... 24
Protecting against worms ............................................................................................................. 25
Create A Secure Network With Allied Telesis
Managed Layer 3 Switches
next