Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 V6224. 2 1. 2. 3. System 4. System 5. 6. 7. Sample configuration 8.

Similar presentations


Presentation on theme: "1 V6224. 2 1. 2. 3. System 4. System 5. 6. 7. Sample configuration 8."— Presentation transcript:

1 1 V6224

2 System 4. System Sample configuration 8.

3 ) ) Block Diagram ) ) CLI

4 4 ) ( ) Console Port [RJ-45 to DB-9] 8 Modular Service Slot MGM T Port uplink port status LED 1.

5 5 ) ( ) Power 1000Base-FX (uplink) modular GBIC( 4port) 1.

6 6 ) Block Diagram 1.

7 7 ) Processor : powerPC DRAM Memory : 256MB 32MB Flash Memory Power: AC V, DC-48V, 50/60Hz, Dual Power, 120W Type, (H * W * D)43 * 432 * Gbps Non-Blocking, 13Mpps VLAN 4,094 MAC Address 8,192 : 10/100 Base-TX or 100 Base-FX [24] : 10/100/1000 Base-TX, 100 Base-FX, or 1000 Base-X GBIC [4] VLAN Trunk(802.1Q), STP(802.1D), RSTP(802.1w), QOS(802.1p) Transmission rate control : per port rate control (1mbps~ ) L2 : 802.3ad L3 : routing(static, default, RIPv1/v2, OSPF v2, BGPv4) IP packet filtering DHCP Server/Relay SNMP /, RMON, Telnet, FTP, TFTP, DHCP, TACACS+ Processor : powerPC DRAM Memory : 256MB 32MB Flash Memory Power: AC V, DC-48V, 50/60Hz, Dual Power, 120W Type, (H * W * D)43 * 432 * Gbps Non-Blocking, 13Mpps VLAN 4,094 MAC Address 8,192 : 10/100 Base-TX or 100 Base-FX [24] : 10/100/1000 Base-TX, 100 Base-FX, or 1000 Base-X GBIC [4] VLAN Trunk(802.1Q), STP(802.1D), RSTP(802.1w), QOS(802.1p) Transmission rate control : per port rate control (1mbps~ ) L2 : 802.3ad L3 : routing(static, default, RIPv1/v2, OSPF v2, BGPv4) IP packet filtering DHCP Server/Relay SNMP /, RMON, Telnet, FTP, TFTP, DHCP, TACACS+ 1.

8 8 ) CLI CLI ( Level ) Top ModeSWITCH#,, Global ModeSWITCH(config)# SNMP DHCP ModeSWITCH(config-dhcp)# DHCP QOS ModeSWITCH(qos)# QOS (classify, ) Bridge ModeSWITCH(bridge)# MAC, VLAN,, STP Layer 2 Interface ModeSWITCH(config-if)# Router ModeSWITCH(config-router)# Route-Map ModeSWITCH(config-route-map)# Route-map (, ) 1.

9 9 : : SWITCH# ? bping Broadcast ICMP echo request to connected network hosts clock Manually set the system clock configure Configuration from dsh interface exit Exit current mode and down to previous mode ftp Open a ftp connection help Description of the interactive help system list Print command list ping Send ICMP echo request quote Execute external command reload Reload the system set Configure switch show Display NOS version sping Send ICMP echo request to network host with given source IP telnet Open a telnet connection terminal Set terminal line parameters tftp Open a tftp connection where List active user connections write Write running configuration ) CLI 1.

10 10 :, SWITCH# s? show Display NOS version sping Send ICMP echo request to network host with given source IP Switch# ) CLI 1.

11 ) Console ) Version ) System ) Hostname ) Password ) Clock ) Syslog ) SNMP ) L3 )

12 12 ) Console Console ( login: root, Password: vertex25) 2.

13 13 ) Version Running OS Version Flash OS Version SWITCH# show version Switch OS Version : 7.08z #4259 SWITCH# SWITCH# show flash Flash Information(Bytes) Area total used free checksum OS1(default) x4bdd9b8a 7.08z #4259 OS x4bdd9b8a 7.08z #4259 Config x2f Total SWITCH# 2.

14 14 ) System Model Name, Memory Size, Flash Memory Size, NOS Version SWITCH# show system sysinfo(System Information) Model Name : V6224 Main Memory Size : 256 MB F flash Memory Size:32MB(INTEL IN28F128J3) S/W Compatibility : 3 H/W Revision : DS-Q4-14S-B1 NOS Version : 7.08z SWITCH# 2.

15 15 ) Hostname Hostname hostname string Hostname Config SWITCH(config)# hostname power power(config)# 2.

16 16 ) Password passwd Config Passwd username Config Password power(config)# passwd Changing password for root Old password: Enter the new password (minimum of 5, maximum of 8 characters) Please use a combination of upper and lower case letters and numbers. Enter new password: Re-enter new password: Password changed. power(config)# 2.

17 17 ) Clock Syslog Clock Clock. power# show clock Mon, 1 Jan :01: power# clock Mon, 14 Feb :53: power# show clock Mon, 14 Feb :53: power# 2.

18 18 ) Syslog (continued) default sysloger syslog Level. 0 – emerg, Panic, User Broadcasst, 1 – alert, System db 2 – crit, 3 – err(error), 4 – warning(warn) 5 – notice, 6 - info 7 - debug Serverity 2.

19 19 ) Syslog (continued) Syslog sample SWITCH(config)# syslog output info console SWITCH(config)# syslog output info local volatile SWITCH(config)# syslog output info local non-volatile SWITCH(config)# syslog output info remote SWITCH(config)# show syslog System logger on running! info local volatile info console info local non-volatile info remote SWITCH(config)# -. Syslog start. -. No syslog syslog start -. Remote server syslogd. -. Show running, show syslog. 2.

20 20 ) SNMP (continued) SNMP Community SNMP Trap Read community strings : system (read-olny) Read-write community strings : system (read & write) SWITCH# configure terminal SWITCH(config)# snmp community public ro SWITCH(config)# snmp community private rw trap receiver. SWITCH# configure terminal SWITCH(config)# snmp trap-host

21 21 ) SNMP (continued) snmp sample SWITCH(config)# snmp community dasan rw SWITCH(config)# snmp community networks ro SWITCH(config)# snmp trap-host SWITCH(config)# no snmp trap link-down 5-8 SWITCH(config)# no snmp trap link-up 1-4 SWITCH(config)# no snmp trap cpu-threshold SWITCH(config)# show snmp 2.

22 22 ) L3 Port VLAN power(config)# show config-list ========================= CONFIG-LIST ========================= l3_default power(config)# copy l3_default startup-config [OK] power(config)# exit power# reload Warning : Changed configuration was not saved to flash memory. Do you still want to reload the system?[y|N] y Jun 7 20:00:48 UTC 2005 Restarting system. 2.

23 23 ) Command Reload Flash Memory SWITCH# write memory Building configuration... [OK] SWITCH# 2.

24 24 3. System 3. System ) VLAN ) IP ) Port ) Routing

25 25 ) VLAN (Continued) VLAN VLAN : VLAN Database VLAN Switch port : access Trunk VLAN VLAN : VLAN port VLAN set vlan create vlan-name vlan vlan-name brN Bridge set vlan del vlan-name port-number port br1 set vlan del br1 3 Bridge set vlan add vlan-name port-number {tagged | untagged} vlan. vlan interface shutdown interface no shutdown Bridge 3. System

26 26 ) VLAN (Continued) VLAN 1)VLANid 10 VLAN br10, port 9 10 vlan 10. VLAN SWITCH(config)# bridge SWITCH(bridge)# set vlan create br10 10 SWITCH(bridge)# set vlan pvid SWITCH(bridge)# set vlan del br SWITCH(bridge)# set vlan add br untagged SWITCH(bridge)# exit SWITCH(config)# interface br10 SWITCH(config-if)# no shutdown VLAN SWITCH(bridge)# show vlan u: untagged port, t: tagged port | 1 Name( VID) | ( ) br1( 1) |uuuuuuuu br10( 10) | uu System

27 27 ) VLAN (Continued) VLAN – cont. 2) tagged VLAN br10. SWITCH(bridge)# set vlan add br tagged Switch# show vlan u: untagged port, t: tagged port | Name( VID) | br1( 1) |uuuuuuuuuuuuuuuuuuuuuuuuuu br10( 10) | tt % untagged port PVID tagged port. PVID VID. 3. System

28 28 ) IP interface IP address SWITCH# conf t SWITCH(config)# int br1 SWITCH(config-if)# ip address /30 SWITCH(config-if)# no shutdown SWITCH(config-if)# description This Inteface For AAA Corp. SWITCH(config-if)# exit SWITCH(config)# int br2 SWITCH(config-if)# ip address /30 SWITCH(config-if)# no shutdown SWITCH(config-if)# description This Inteface For BBB Corp. 3. System

29 29 ) Port Physical interface set port enable port-number Physical port enable (default)Bridge set port disable port-number Physical port disableBridge set port nego port-number on auto negotiation Bridge set port nego port-number off auto negotiation Bridge set port speed port-number {10 | 100|1000} Interface speed Bridge set port duplex port-number {full | half} Interface duplex Bridge set port flow-control port-number {on | off} Bridge 3. System

30 30 ) Routing (Continued) Default Gateway SWITCH# configure terminal SWITCH(config)# ip route / Routing Table SWITCH(config)# show ip route Codes: K - kernel route, C - connected, S - static, R- RIP, O - OSPF, B - BGP, > - selected route, *- FIB route S>* /0 [1/0] via , br2 C>* /24 is directly connected, br1 C>* /24 is directly connected, br2 C>* /24 is directly connected, br3 C>* /8 is directly connected, lo -- End System

31 31 Static Routing ip route ip-address ip-address {ip-address interface-name}[1-255] SWITCH(config)# ip route / SWITCH(config)# ip route / SWITCH(config)# show ip route Codes: K - kernel route, C - connected, S - static, R- RIP, O - OSPF, B - BGP, > - selected route, *- FIB route S>* /0 [1/0] via , br2 C>* /24 is directly connected, br1 C>* /24 is directly connected, br2 C>* /24 is directly connected, br3 S>* /24 [1/0] via , br1 S>* /24 [1/0] via , br1 C>* /8 is directly connected, lo -- End -- ) Routing 3. System

32 32 4. System 4. System ) (Uptime) ) Port Traffic ) RMON ) CPULoad ) ARP, MAC Address

33 33 ) (Uptime) SWITCH# show uptime 0 days 0 hours 10 minutes seconds SWITCH# 4. System

34 34 ) Port Traffic Traffic 5 /1 /10 PPS/BPS/bps ( ) SWITCH# show port statistics avg-pkt 1-2,10 ============================================================================== Port | Tx | Rx Time | pkts/s | bytes/s | bits/s | pkts/s | bytes/s | bits/s ============================================================================== port sec: min: min: port sec: , min: , min: , port sec: , ,176 1 min: , , min: , ,240 SWITCH # 4. System

35 35 ) RMON RMON SWITCH# show port statistics rmon 24 Port 24 ethernet etherStatsDropEvents 0 etherStatsOctets etherStatsPkts etherStatsBroadcastPkts etherStatsMulticastPkts etherStatsCRCAlignErrors 0 etherStatsUndersizePkts 0 etherStatsOversizePkts 708 etherStatsFragments 0 etherStatsJabbers 0 etherStatsCollisions 0 etherStatsPkts64Octets etherStatsPkts65to127Octets etherStatsPkts128to255Octets etherStatsPkts256to511Octets etherStatsPkts512to1023Octets etherStatsPkts1024to1518Octets System

36 36 ) CPULoad CPU Load 5 /1 /10 SWITCH# show cpuload Average CPU load sec: 0.53( 0.00) % 1 min: 0.51( 0.00) % 10 min: 0.51( 0.00) % CPU Load Threshold : 50 SWITCH# 4. System

37 37 ) ARP, MAC Address ARP Learning MAC Address SWITCH# show arp Address HWtype HWaddress Flags Mask Iface ether 00:D0:CB:0A:10:58 C br1 SWITCH# show mac br1 port (id) mac addr permission eth01(1) 00:00:e2:82:e2:36 OK eth01(1) 00:00:e2:8a:ec:a2 OK eth01(1) 00:00:f0:71:50:99 OK eth01(1) 00:01:02:96:1a:21 OK eth01(1) 00:01:e6:25:43:5b OK eth01(1) 00:02:78:e0:7d:d5 OK 4. System

38 ) (Bandwidth Control) ) Storm Control ) Port Mirroring ) (Max-hosts) ) Port Trunking ) STP ) MAC-Filter ) ACL ) OS Upgrade ) Password Recovery

39 39 ) (Bandwidth Control) 1Mbps SWITCH(config)# br SWITCH(bridge)# set rate egress SWITCH(bridge)# show rate Port Ingress Egress | Port Ingress Egress N/A 10M | 2 N/A 10M 3 N/A 10M | 4 N/A 10M 5 N/A 10M | 6 N/A 10M 7 N/A 10M | 8 N/A 10M 9 N/A 10M | 10 N/A 10M 11 N/A 10M | 12 N/A 10M 13 N/A 10M | 14 N/A 10M 15 N/A 10M | 16 N/A 10M 17 N/A 10M | 18 N/A 10M 19 N/A 10M | 20 N/A 10M 21 N/A 10M | 22 N/A 10M 23 N/A 10M | 24 N/A 10M 25 N/A N/A | 26 N/A N/A 5.

40 40 ) Storm-Control Broadcast/Multicast/Flooding SWITCH(bridge)# set storm-control enable SWITCH(bridge)# set storm-control add broadcast 32 Broadcast 32 [, Vlan 2 Vlan 16 SWITCH(bridge)# set storm-control add 1 16 Vlan Flooding.[1 Vlan 16 ] SWITCH(bridge)# set storm-control add :00:5e:00:00:01 Vlan Mac Multicast.[1 Vlan 32 ] SWITCH(bridge)# set storm-control add SWITCH(bridge)# show storm-control status Vlan id UseGroupMAC GroupMACAddress PacketsPerTimeUnit No 01:00:5e:00:00: No ff : ff : ff : ff : ff : ff No -- : -- : -- : -- : -- : SWITCH(bridge)# 5.

41 41 ) Port-mirroring Mirrored Port In/Out Traffic Monitor Port SWITCH# conf t SWITCH(config)# br SWITCH(bridge)# set mirror monitor 1 SWITCH(bridge)# set mirror add 2 SWITCH(bridge)# set mirror add 3 SWITCH(bridge)# set mirror enable SWITCH(bridge)# show mirror Mirroring enabled Monitor port = 1 Ingress-mirrored ports Egress-mirrored ports Monitor port snipper enable 23 5.

42 42 ) (Max-hosts) Max-hosts : Mac host SWITCH# conf t SWITCH(config)# br SWITCH(bridge)# set max-hosts 1 1 SWITCH(bridge)# show max SWITCH(bridge)# show max-hosts port 1 : 1/1 (current/max) port 2 : 0/Unlimited (current/max) port 3 : 0/Unlimited (current/max) SWITCH(bridge)# show mac br1 port (id) mac addr permission in use eth01 (1) 00:00:39:ca:89:98 OK yes eth01 (1) 00:d0:cb:0a:a3:4a OK yes client 5.

43 43 ) Port trunking Port Trunk 1. Trunk port port SWITCH(bridge)# set trunk add SWITCH(bridge)# show trunk Trunk Group 0 : 1(o) 2(x) 3(x) 4(x) Trunk Group 1 : Inactive Trunk Group 2 : Inactive Trunk Group 3 : Inactive Trunk Group 11 : Inactive Trunk Group 12 : Inactive Trunk Group 13 : Inactive SWITCH(bridge)# set vlan pvid 29 1 SWITCH(bridge)# set vlan add br1 29 untagged 5.

44 44 ) Mac-filter Default-policy MAC-Filter MAC-Filter. SWITCH(bridge)# set mac-filter default-policy deny 1-3 SWITCH(bridge)# set mac-filter default-policy deny 7 SWITCH(bridge)# show mac-filter default-policy PORT POLICY | PORT POLICY DENY | 21 PERMIT 2 DENY | 22 PERMIT 3 DENY | 23 PERMIT 4 PERMIT | 24 PERMIT PERMIT | 35 PERMIT 16 PERMIT | 36 PERMIT 17 PERMIT | 37 PERMIT 18 PERMIT | 38 PERMIT 19 PERMIT | 39 PERMIT 20 PERMIT | 40 PERMIT SWITCH(bridge)# set mac-filter add 00:02:a5:74:9b:17 permit 1 1 SWITCH(bridge)# set mac-filter add 00:01:a7:70:01:d2 permit 1 1 SWITCH(bridge)# show mac-filter 1 A: 00:02:a5:74:9b:17 B: 00:01:a7:70:01:d2 C: 00:01:a7:11:22:33 ABC 5.

45 45 ) STP L2 Loop SWITCH(bridge)# show stp bridge name bridge id STP enabled mode br d0cb26021c no stp SWITCH(bridge)# set stp enable br1 [STP ] SWITCH(bridge)# set stp disable br1 [STP ] SWITCH(bridge)# % Default Disable. 5.

46 46 ) ACL (Continued) Packet Rule 1. L2/L3/L4 packet SWITCH(qos)# classify packet L2-rule-name 0800 unicast [0800 & unicast packet] SWITCH(qos)# classify host L3-rule-name ip dst /24 any any any [Destination ip /24] SWITCH(qos)# classify l4 L4-rule-name ip tcp dst 21 any [Destination port 21 ] 2. Main rule SWITCH(qos)#classify main main-1 add l2-rule any l3-rule any l4-rule any [packet.] [0800 & unicast packet] [Destination ip /24] [Destination port 21 ] main-1 3. rule match SWITCH(qos)# classify main main-1 match drop [main-1 drop.] 1. L2/L3/L4 packet 2. Main rule 3. Rule match 5.

47 47 Destination Packet ACL SWITCH# configure terminal admin-access-rule ) # admin-access-rule [name] classify [priority] ip [source ip address] [destination ip address] [protocol] [source port] [destination port] ) # admin-access-rule [name] match [permit/deny] ADMIN-IP telnet admin-access-rule SWITCH(config)# admin-access-rule telnet-deny classify low ip any any tcp any 23 SWITCH(config)# admin-access-rule telnet-deny match deny SWITCH(config)# admin-access-rule telnet-permit classify medium ip any tcp any 23 SWITCH(config)# admin-access-rule telnet-permit match permit % Telnet Permit Telnet Session. ) ACL (Continued) 5.

48 48 ) OS Upgrade OS Upgrade PC Console Cable Cross Cable Management Ethernet Port s Boot Mode pc ip ip ( ) save reboot s TFTP Server(PC) OS down Load load prog V z.x load prog reboot tftp boot load 5.

49 49 root=/dev/ram console=ttyS0,9600 Switch OS Version : 7.08z #4259 CPU manufacturer : Motorola [rev=1014] CPU speed : 200MHz Memory : 256M (available k) INIT: version 2.77 booting Control-C INIT: Entering runlevel: 3 (none) login: root Password: login[22]: root login on `ttyS0' *SWITCH# tar xPvf /dev/conf *SWITCH# savecfg *SWITCH# reboot ) Password Recovery Password recovery 5.

50 50 6. Sample Configuration

51 51 hostname power_apt bridge set vlan pvid 1-23, set vlan pvid set vlan create br1 set vlan create br24 set vlan add br1 1-23,25-26 untagged set vlan add br24 24 untagged set mac-flood-guard set storm-control enable 100 set storm-control add broadcast 2032 interface br1 description power_apt101 ip address /24 interface br24 description uplink port ip address /30 ip martian-filter br1 Sample Configuration (Continued) 6. Sample Configuration

52 52 qos classify l4 igmp_src ip igmp src classify l4 igmp_dst ip igmp dst 0 classify l4 udp_1434_src ip udp src 1434 classify l4 udp_1434_dst ip udp dst 1434 classify l4 tcp_445 ip tcp dst 445 any classify l4 tcp_4444_dst ip tcp dst 4444 any classify main IGMP_SRC add any any any igmp_src any any classify main IGMP_SRC match drop classify main IGMP_DST add any any any any igmp_dst any classify main IGMP_DST match drop classify main TCP_4444_DST add any any any any tcp_4444_dst any classify main TCP_4444_DST match drop classify main UDP_1434_SRC add any any any udp_1434_src any any classify main UDP_1434_SRC match drop classify main UDP_1434_DST add any any any any udp_1434_dst any classify main UDP_1434_DST match drop classify main TCP_445_DST add any any any any tcp_445 any classify main TCP_445_DST match drop ip route ip tcp ignore rst-unknown ip tcp syncookies ip dhcp mode relay snmp community ro inetin snmp community ro powernms snmp community ro dacom snmp trap-host Sample Configuration 6. Sample Configuration

53 ) Case-I

54 54 APT L3 Switch(V6224) 1.Hostname:ISP -APT -L 2.Vlan Vlan uplink default Vlan (port ) vlan. br1 management/Gate-way ip 3. Link address(br24 uplink ) IP(10.x.x.x/30) ( IP ) 4. description 5.Default Route Link address Default route ) 6. Martian-filter soure ip spoofing ) ip martian-filter br1 ) Case-I (V V2124) 7. IP ISP 100M FX APT MDF L3 Switch M FX M FX

55 55 APT L3 Switch(V6224) 7.DHCP Relay ) ip dhcp mode relay x.x.x.x(server address) 8.Storm-control Broadcast, Multicast traffic ) set storm-control add broadcast 2040 set storm-control add (GMAC) 9.NMS snmp community ro dacom (ro: read-only) snmp community ro inetin snmp community ro powernms snmp trap-host (trap server) 10. admin-access-rule ) Case-I (V V2124) 7. IP ISP 100M FX APT MDF L3 Switch M FX M FX

56 56 APT L3 Switch(V6224) 11. SYN Attack TCP UDP Port Sync Attack Drop ) ip tcp syncookies TCP UDP Port Sync Attack Syncookies. ) ip tcp ignore rst-unknown 12. QoS Virus 13. MAC-Flood guard 1~23 MAC 400 Packet MAC Address Deny. ) set mac-flood-guard ) Case-I (V V2124) 7. IP ISP 100M FX APT MDF L3 Switch M FX M FX

57 57 QoS classify l4 igmp_src ip igmp src classify l4 igmp_dst ip igmp dst 0 Bomba Traffic classify l4 udp_1434_src ip udp src 1434 <- MS SQL server Virus Packet classify l4 udp_1434_dst ip udp dst 1434 classify l4 tcp_445 ip tcp dst 445 any classify l4 tcp_4444_dst ip tcp dst 4444 any <- Mblast classify main IGMP_SRC add any any any igmp_src any any classify main IGMP_SRC match drop classify main IGMP_DST add any any any any igmp_dst any classify main IGMP_DST match drop classify main TCP_4444_DST add any any any any tcp_4444_dst any classify main TCP_4444_DST match drop classify main UDP_1434_SRC add any any any udp_1434_src any any classify main UDP_1434_SRC match drop classify main UDP_1434_DST add any any any any udp_1434_dst any classify main UDP_1434_DST match drop classify main TCP_445_DST add any any any any tcp_445 any classify main TCP_445_DST match drop ! ) Case-I (V V2124) 7.


Download ppt "1 V6224. 2 1. 2. 3. System 4. System 5. 6. 7. Sample configuration 8."

Similar presentations


Ads by Google