Filter
Top Products
Create A Secure Network With Allied Telesis Managed Layer 3 Switches 3
Securing the device
Securing the device
The first step towards making a secure network is to secure
the networking equipment itself.
There are two aspects to this. Firstly, physical security is
vital—lock your networking equipment away.
Secondly, straight after powering up any new piece of
networking equipment, change the default administrator user’s password. On an Allied
Telesis managed layer 3 switch, the default user is “manager”. To change the password, use
the following command:
set user=manager password=<new-password>
The default password is well-known. If you do not change it, anyone with physical or IP access
could reconfigure the switch.
Protecting the network
This section describes layer 2 based methods for controlling the negative impact of
misconfigured devices and misuse of the network. These solutions work at the Ethernet level
of a packet and cause no degradation in the switch's throughput.
You can protect your network against the following:
z traffic storms (“Protecting against packet flooding” on page 3)
z excessive MAC address learning (“Protecting against rapid MAC movement” on page 6)
z unwanted multicast traffic (“Controlling multicast traffic” on page 7)
Protecting against packet flooding
Service providers are often vulnerable to traffic storms, primarily when incorrectly
configured customer equipment is directly connected to the provider. Storms overwhelm a
subnet, and all of the switches in that subnet, with traffic. Such misconfiguration can quickly
lead to widespread outages and compromise guaranteed service levels.
Storms are a reality in any network. They can occur by accident, maliciously, or when a
network device fails. They occur naturally in a network where switches are connected more
than once to the same VLAN, so administrators must employ a method to prevent these
switch loops.
Spanning Tree Protocol based solutions are the most common method of preventing loops.
However, incorrect configuration or other network issues can cause STP to fail. For example,
if a single switch in the VLAN does not have STP enabled, the STP tree will not converge
properly. Spanning tree protocols can even fail if a broadcast storm drowns out STP
messages.
Products
All switches listed on page 2
Software Versions
All