Filter
Top Products
Protecting the user
Create A Secure Network With Allied Telesis Managed Layer 3 Switches 24
Configuration
of edge
switches
1. Create a VLAN for each type of service (for example, voice, video, and data). With
software versions 291-04 and earlier, the VLANs must be private VLANs. With software
versions 291-05 and later, you can use non-private VLANs. However, we recommend you
use private VLANs for maximum security.
2. Add the uplink and private ports to the VLANs as tagged ports.
3. Enable DHCP snooping and ARP security. ARP security ensures that ARP packets received
on untrusted (client) ports are only forwarded if they originate from an IP in the DHCP
snooping database of current valid entries.
4. Specify the trusted ports. Private VLAN uplink ports need to be trusted ports, so that they
can forward DHCP packets.
5. Configure other aspects of DHCP snooping, such as static IP address bindings and the
maximum number of leases for ports.
6. On AT-8948, AT-9900, and x900-48 Series switches, create classifiers for DHCP snooping.
7. Enable MAC-forced forwarding.
8. Configure any other requirements, such as a management IP address, STP and LACP.
Configuration
of access
router
1. Create the VLANs and add ports to them.
2. Enable IP and configure IP addresses on each VLAN.
3. Create classifiers to match the traffic that you need to control.
4. Create hardware filters to forward or drop the classified traffic.
5. Disable ICMP redirection.
6. Configure any other required networking features.
Example
How To Use MAC-Forced Forwarding with DHCP Snooping to Create Enhanced Private VLANs
includes the full configuration for the network on page 19, including the three client
residential gateways, the three edge switches, and the access router. For your convenience,
we have reproduced the configuration scripts for the edge switches and the access router in
“Appendix: Configuration scripts for MAC-forced forwarding example” on page 27.
Using IPsec to make VPNs
IPsec is a frequently-used secure remote access technology.
It is particularly useful for connecting remote offices over
long distances and for giving access to travelling employees.
IPsec offers authentication, highly secure access, and highly
granular access.
The AlliedWare IPsec implementation is RFC compliant and
offers extensive options.
Examples
For examples of the many ways to configure IPsec, see the following How To Notes:
z How To Configure VPNs In A Corporate Network, With Optional Prioritisation Of VoIP
z How To Configure Microsoft® Windows 2000 Virtual Private Network (VPN) client
interoperability without NAT-T support
z How To Configure Microsoft® Windows 2000 Virtual Private Network (VPN) client
interoperability with NAT-T support
Products
Rapier i Series
Rapier Series
AT-8800 Series
Software Versions
All