Filter
Top Products
Create A Secure Network With Allied Telesis Managed Layer 3 Switches 7
Protecting the network
2. Set the sensitivity in detecting rapid MAC movement, by using the following command to
tell the switch how many times a MAC address can move ports in one second:
set switch thrashlimit=5..255
Configuration
on trunk
groups
Rapid MAC movement protection also works with trunk groups. If one switch in a trunk fails,
the switches probably cannot negotiate STP or any other trunks that they belong to. This
immediately causes a broadcast storm. Rapid MAC movement protection on the other
switch in the trunk group detects such a storm because flooding of the same packet occurs
on all trunk ports connected to the failed switch.
For a static trunk, to make use of rapid MAC movement protection, create the trunk and
specify the optional thrashaction and thrashtimeout parameters:
create switch trunk=<name> port=<ports>
thrashaction={learndisable|linkdown|none|portdisable|
vlandisable} thrashtimeout={none|1..86400}
For a dynamic trunk using LACP, enable LACP, add ports, and set the optional thrashaction
and thrashtimeout parameters:
enable lacp
add lacp port=<ports>
set lacp thrashaction={learndisable|linkdown|none|portdisable|
vlandisable} thrashtimeout={none|1..86400}
Controlling multicast traffic
In a busy network, or one that has subscription-only access to multicast services, tight
per-port control of multicast traffic is required. IGMP makes multicasting fairly efficient, but
the extra control offered by AlliedWare helps increase efficiency.
When multicasting, it is essential to avoid filling the network with unnecessary multicast data
and to make sure that the clients who join a group are entitled to receive it. It is also
important to minimise delays in joining a group and to efficiently handle those who leave a
group.
The following sections outline some of the IGMP controls that are particularly relevant for
security. For detailed information on how to control IGMP in the network, see How To
Configure IGMP for Multicasting on Routers and Managed Layer 3 Switches. This How To Note is
available from www.alliedtelesis.com/resources/literature/howto.aspx.
IGMP snooping
IGMP snooping is enabled by default on Allied Telesis
managed layer 3 switches. IGMP snooping monitors the
streams and clients involved in each multicast group,
independent from IP itself. A snooping switch ensures that
only ports that are interested in a group are sent it. This
basic level of management works in tandem with the
subnetwork's IGMP querier and makes sure that the querier
gets notified of any client who wants to join the group.
Products
All switches listed on page 2
Software Versions
All