Reference Guide
Page 62
... of filters including: • Rule Priority • Interface • Management Method • IP Address • Prefix Length • Forwarding Action To define profile rules: 1. Click Apply. The Source IP Address field is updated. The possible field values are composed of bits that... attached to the device. Permit - The Profile Rules Page opens: 54 Chapter 4: Configuring Device Security Defining Access Method Chapter 4 SGE2000/SGE2000P Gigabit Ethernet Switch Reference Guide - Determines what subnet the source IP Address belongs to the device. - Permits access to in...
... of filters including: • Rule Priority • Interface • Management Method • IP Address • Prefix Length • Forwarding Action To define profile rules: 1. Click Apply. The Source IP Address field is updated. The possible field values are composed of bits that... attached to the device. Permit - The Profile Rules Page opens: 54 Chapter 4: Configuring Device Security Defining Access Method Chapter 4 SGE2000/SGE2000P Gigabit Ethernet Switch Reference Guide - Determines what subnet the source IP Address belongs to the device. - Permits access to in...
Reference Guide
Page 68
...or causing the network to all ports on all ports by a single port. A Broadcast Storm is enabled per all ports. Forwarded message responses are flooded to time out. The system measures the incoming Broadcast and Multicast frame rates separately on each port and discards... the frames when the rate exceeds a user-defined rate. Chapter 4 SGE2000/SGE2000P Gigabit Ethernet Switch Reference Guide Defining Traffic Control The Traffic Control section contains the following fields: 60 Chapter 4: Configuring Device ...
...or causing the network to all ports on all ports by a single port. A Broadcast Storm is enabled per all ports. Forwarded message responses are flooded to time out. The system measures the incoming Broadcast and Multicast frame rates separately on each port and discards... the frames when the rate exceeds a user-defined rate. Chapter 4 SGE2000/SGE2000P Gigabit Ethernet Switch Reference Guide Defining Traffic Control The Traffic Control section contains the following fields: 60 Chapter 4: Configuring Device ...
Reference Guide
Page 69
... : - Disable - Define the relevant fields. 3. Click Security Suite > Traffic Control > Storm Control. Indicates the row number to be forwarded. - Enable - Disables Broadcast packet types to which unknown packets are copied. • Unit Number - The possible field values are displayed....enabled on the specific interface. Click Apply. Chapter SGE2000/SGE2000P Gigabit Ethernet Switch Reference Guide 4 • Copy From Entry Number - The maximum rate (packets per second) at which storm control parameters are forwarded. Displays the stacking member for which storm control ...
... : - Disable - Define the relevant fields. 3. Click Security Suite > Traffic Control > Storm Control. Indicates the row number to be forwarded. - Enable - Disables Broadcast packet types to which unknown packets are copied. • Unit Number - The possible field values are displayed....enabled on the specific interface. Click Apply. Chapter SGE2000/SGE2000P Gigabit Ethernet Switch Reference Guide 4 • Copy From Entry Number - The maximum rate (packets per second) at which storm control parameters are forwarded. Displays the stacking member for which storm control ...
Reference Guide
Page 70
Chapter 4 SGE2000/SGE2000P Gigabit Ethernet Switch Reference Guide • Broadcast Mode - Counts Broadcast and ...3,500 - 1,000,000 kbits/sec. 3. Locked port security monitors both received and learned packets that are either: • Forwarded • Discarded with no trap • Discarded with a trap • Cause the port to be shut down. Counts ...or it is locked. The possible field values are activated from the Port Security Page. These addresses are forwarded. Click Apply. Note To configure port lock, 802.1x multiple host mode must be increased by limiting access...
Chapter 4 SGE2000/SGE2000P Gigabit Ethernet Switch Reference Guide • Broadcast Mode - Counts Broadcast and ...3,500 - 1,000,000 kbits/sec. 3. Locked port security monitors both received and learned packets that are either: • Forwarded • Discarded with no trap • Discarded with a trap • Cause the port to be shut down. Counts ...or it is locked. The possible field values are activated from the Port Security Page. These addresses are forwarded. Click Apply. Note To configure port lock, 802.1x multiple host mode must be increased by limiting access...
Reference Guide
Page 72
...the number of time (in the Interface Status field. The Max Entries field is enabled only if Locked is received on the port. Forwards packets from any unlearned source. This is selected. Discards packets from an unknown source without learning the MAC address. - Disables traps. ...until the device is 10 seconds. 2. Click Security Suite > Traffic Control > Port Security. The possible field values are : - Chapter 4 SGE2000/SGE2000P Gigabit Ethernet Switch Reference Guide In order to change the Learning Mode, the Lock Interface must be set to packets arriving on a locked ...
...the number of time (in the Interface Status field. The Max Entries field is enabled only if Locked is received on the port. Forwards packets from any unlearned source. This is selected. Discards packets from an unknown source without learning the MAC address. - Disables traps. ...until the device is 10 seconds. 2. Click Security Suite > Traffic Control > Port Security. The possible field values are : - Chapter 4 SGE2000/SGE2000P Gigabit Ethernet Switch Reference Guide In order to change the Learning Mode, the Lock Interface must be set to packets arriving on a locked ...
Reference Guide
Page 73
... to the maximum addresses allowed on the port. The port is reset. • Enable Trap - The default is received on Violation - Forwards packets from any unlearned source and shuts down until reactivated, or until the device is immediately locked, regardless of the number of addresses that ... is currently unlocked. Indicates the action to be learned on a locked port. Enable - Click Apply. The port remains shut down the port. Forward - Indicates the port is selected in the Interface Status field. In order to change the Learning Mode, the Lock Interface must be reinstated. ...
... to the maximum addresses allowed on the port. The port is reset. • Enable Trap - The default is received on Violation - Forwards packets from any unlearned source and shuts down until reactivated, or until the device is immediately locked, regardless of the number of addresses that ... is currently unlocked. Indicates the action to be learned on a locked port. Enable - Click Apply. The port remains shut down the port. Forward - Indicates the port is selected in the Interface Status field. In order to change the Learning Mode, the Lock Interface must be reinstated. ...
Reference Guide
Page 77
... - Specifies the number of seconds that lapses before the switch resends a request to Force-Authorized (forward traffic). - The total amount of seconds in the quiet state following a failed authentication exchange (Range: 0-65535). • Resending EAP - Chapter SGE2000/SGE2000P Gigabit Ethernet Switch Reference Guide 4 • Periodic Reauthentication - Specifies the number of EAP requests...
... - Specifies the number of seconds that lapses before the switch resends a request to Force-Authorized (forward traffic). - The total amount of seconds in the quiet state following a failed authentication exchange (Range: 0-65535). • Resending EAP - Chapter SGE2000/SGE2000P Gigabit Ethernet Switch Reference Guide 4 • Periodic Reauthentication - Specifies the number of EAP requests...
Reference Guide
Page 78
... the admin port authorization state. • Enable Guest VLAN - The controlled port state is set to Force-Authorized (forward traffic). - Enable - Specifies the number of seconds in which the selected port is enabled, the unauthorized port automatically ... port authorization state. • Admin Port Control - This is 3600 seconds. • Reauthenticate Now - Force-Authorized - Chapter 4 SGE2000/SGE2000P Gigabit Ethernet Switch Reference Guide Port Authentication Settings Page The Port Authentication Settings Page contains the following fields: • Port - Enables...
... the admin port authorization state. • Enable Guest VLAN - The controlled port state is set to Force-Authorized (forward traffic). - Enable - Specifies the number of seconds in which the selected port is enabled, the unauthorized port automatically ... port authorization state. • Admin Port Control - This is 3600 seconds. • Reauthenticate Now - Force-Authorized - Chapter 4 SGE2000/SGE2000P Gigabit Ethernet Switch Reference Guide Port Authentication Settings Page The Port Authentication Settings Page contains the following fields: • Port - Enables...
Reference Guide
Page 80
Chapter 4 SGE2000/SGE2000P Gigabit Ethernet Switch Reference Guide • Unit Number - Forwards the packet. - Discards the packets. This is reset. • Traps - The ports remains shut down , or the port control is not the supplicant MAC address.... Hosts parameters are : • Action on the interface in Auto Mode - The possible field values are enabled. Click Security Suite > 802.1X > Multiple Host. Forward - DiscardDisable - Discards the packets and shuts down . The 802.1X Properties Page opens: 2. If there is an asterisk (*), the port is either the port control...
Chapter 4 SGE2000/SGE2000P Gigabit Ethernet Switch Reference Guide • Unit Number - Forwards the packet. - Discards the packets. This is reset. • Traps - The ports remains shut down , or the port control is not the supplicant MAC address.... Hosts parameters are : • Action on the interface in Auto Mode - The possible field values are enabled. Click Security Suite > 802.1X > Multiple Host. Forward - DiscardDisable - Discards the packets and shuts down . The 802.1X Properties Page opens: 2. If there is an asterisk (*), the port is either the port control...
Reference Guide
Page 81
...from a host whose MAC address is not the supplicant MAC address. Chapter 4: Configuring Device Security 73 Defining 802.1x Chapter SGE2000/SGE2000P Gigabit Ethernet Switch Reference Guide 4 Multiple Host Settings Page The Multiple Host Settings Page contains the following fields: •...; Port - Checked - This is reset. • Enable Traps - Forward - Unchecked - Unchecked - Discards the packets. Click Apply. Multiple hosts must be defined only if multiple hosts are defined, and the ...
...from a host whose MAC address is not the supplicant MAC address. Chapter 4: Configuring Device Security 73 Defining 802.1x Chapter SGE2000/SGE2000P Gigabit Ethernet Switch Reference Guide 4 Multiple Host Settings Page The Multiple Host Settings Page contains the following fields: •...; Port - Checked - This is reset. • Enable Traps - Forward - Unchecked - Unchecked - Discards the packets. Click Apply. Multiple hosts must be defined only if multiple hosts are defined, and the ...
Reference Guide
Page 84
... the destination MAC address to a packet on a first-match basis. Mask - Wildcard bits to be applied to the ACE. Indicates the ACL forwarding action. MAC Address - Matches the source MAC address to which ACE is matched to which bits are ignored. • Destination Address - Wildcards ...Address - Indicates the destination MAC Address wild card mask. Matches the packet's VLAN ID to the CoS. • Ether Type - Chapter 4 SGE2000/SGE2000P Gigabit Ethernet Switch Reference Guide Add MAC Based ACL Page The Add MAC Based ACL Page contains the following fields: • ACL Name -...
... the destination MAC address to a packet on a first-match basis. Mask - Wildcard bits to be applied to the ACE. Indicates the ACL forwarding action. MAC Address - Matches the source MAC address to which ACE is matched to which bits are ignored. • Destination Address - Wildcards ...Address - Indicates the destination MAC Address wild card mask. Matches the packet's VLAN ID to the CoS. • Ether Type - Chapter 4 SGE2000/SGE2000P Gigabit Ethernet Switch Reference Guide Add MAC Based ACL Page The Add MAC Based ACL Page contains the following fields: • ACL Name -...
Reference Guide
Page 85
... defined for IP Based ACLs. 1. Select an existing ACL. 2. Define the relevant fields. 4. Click Security Suite >Access Control > IP Based ACL. Chapter SGE2000/SGE2000P Gigabit Ethernet Switch Reference Guide 4 - Forwards packets which meet the ACL criteria. - The IP Based ACL Page opens: Chapter 4: Configuring Device Security 77 Defining Access Control Drops packet...
... defined for IP Based ACLs. 1. Select an existing ACL. 2. Define the relevant fields. 4. Click Security Suite >Access Control > IP Based ACL. Chapter SGE2000/SGE2000P Gigabit Ethernet Switch Reference Guide 4 - Forwards packets which meet the ACL criteria. - The IP Based ACL Page opens: Chapter 4: Configuring Device Security 77 Defining Access Control Drops packet...
Reference Guide
Page 87
... Port Management page. - The Add IP Based ACL Page opens: Chapter 4: Configuring Device Security 79 Defining Access Control Chapter SGE2000/SGE2000P Gigabit Ethernet Switch Reference Guide 4 - Matches the source port IP address to which packets are filtered by ICMP message .... Match IP Precedence - The possible field range is assigned rate limiting restrictions for filtering ICMP packets. Indicates and ICMP message code for forwarding. Indicates the action assigned to Layer 2 Internet Protocol (L2IP). - L2IP - Mask - Select either Match DSCP or Match IP ...
... Port Management page. - The Add IP Based ACL Page opens: Chapter 4: Configuring Device Security 79 Defining Access Control Chapter SGE2000/SGE2000P Gigabit Ethernet Switch Reference Guide 4 - Matches the source port IP address to which packets are filtered by ICMP message .... Match IP Precedence - The possible field range is assigned rate limiting restrictions for filtering ICMP packets. Indicates and ICMP message code for forwarding. Indicates the action assigned to Layer 2 Internet Protocol (L2IP). - L2IP - Mask - Select either Match DSCP or Match IP ...
Reference Guide
Page 88
... first-match basis. • Protocol - Filtering packets by the ICMP message code. • IGMP - The possible field values are either forwarded or dropped. Matches the source port IP address to which rule is matched. Indicates the rule priority, which determines which packets are selected in ...; New Rule Priority - Defines the TCP/UDP destination port. The possible field range is 0 - 65535. • Destination Port - Chapter 4 SGE2000/SGE2000P Gigabit Ethernet Switch Reference Guide Add IP Based ACL Page The Add IP Based ACL Page contains the following fields: • ACL Name -...
... first-match basis. • Protocol - Filtering packets by the ICMP message code. • IGMP - The possible field values are either forwarded or dropped. Matches the source port IP address to which rule is matched. Indicates the rule priority, which determines which packets are selected in ...; New Rule Priority - Defines the TCP/UDP destination port. The possible field range is 0 - 65535. • Destination Port - Chapter 4 SGE2000/SGE2000P Gigabit Ethernet Switch Reference Guide Add IP Based ACL Page The Add IP Based ACL Page contains the following fields: • ACL Name -...
Reference Guide
Page 89
... first-match basis. • Protocol - Packets are as follows: - Drops packets which the packet was addressed. The options are forwarded or dropped. Defining Rules Associated with IP-ACL Page contains the following fields: • ACL Name - Click Security Suite >Access Control... • Action - Indicates the action assigned to the ACE. Filtered packets are either forwarded or dropped. Matches the packet IP Precedence value to the packet matching the ACL. Chapter SGE2000/SGE2000P Gigabit Ethernet Switch Reference Guide 4 • Match IP Precedence - Click Apply.
... first-match basis. • Protocol - Packets are as follows: - Drops packets which the packet was addressed. The options are forwarded or dropped. Defining Rules Associated with IP-ACL Page contains the following fields: • ACL Name - Click Security Suite >Access Control... • Action - Indicates the action assigned to the ACE. Filtered packets are either forwarded or dropped. Matches the packet IP Precedence value to the packet matching the ACL. Chapter SGE2000/SGE2000P Gigabit Ethernet Switch Reference Guide 4 • Match IP Precedence - Click Apply.
Reference Guide
Page 90
Chapter 4 SGE2000/SGE2000P Gigabit Ethernet Switch Reference Guide • ICMP - Matches the packet to the ACE. This field is active only if 800/6-TCP or 800/17-UDP are forwarded or dropped. Ports are selected in the Select from the Port Management page. The Add IP Based ...Rule Page opens: 82 Chapter 4: Configuring Device Security Defining Access Control Indicates and ICMP message code for forwarding. IP Address - Matches the packet IP Precedence value to the DSCP tag value. • Match IP Precedence - This field is ...
Chapter 4 SGE2000/SGE2000P Gigabit Ethernet Switch Reference Guide • ICMP - Matches the packet to the ACE. This field is active only if 800/6-TCP or 800/17-UDP are forwarded or dropped. Ports are selected in the Select from the Port Management page. The Add IP Based ...Rule Page opens: 82 Chapter 4: Configuring Device Security Defining Access Control Indicates and ICMP message code for forwarding. IP Address - Matches the packet IP Precedence value to the DSCP tag value. • Match IP Precedence - This field is ...
Reference Guide
Page 91
... packets are as follows:. • ICMP Code - Filtering packets by the ICMP message code. • IGMP - The possible field values are either forwarded or dropped. Defines the TCP/UDP source port to the ACE. • Dest. Filters packets by IGMP message or message types. • Source ... the TCP/UDP destination port. Filters packets by TCP flag. The possible field range is 0 - 65535. • Destination Port - Chapter SGE2000/SGE2000P Gigabit Ethernet Switch Reference Guide 4 Add IP Based Rule Page The Add IP Based Rule Page contains the following fields: • ACL Name...
... packets are as follows:. • ICMP Code - Filtering packets by the ICMP message code. • IGMP - The possible field values are either forwarded or dropped. Defines the TCP/UDP source port to the ACE. • Dest. Filters packets by IGMP message or message types. • Source ... the TCP/UDP destination port. Filters packets by TCP flag. The possible field range is 0 - 65535. • Destination Port - Chapter SGE2000/SGE2000P Gigabit Ethernet Switch Reference Guide 4 Add IP Based Rule Page The Add IP Based Rule Page contains the following fields: • ACL Name...
Reference Guide
Page 92
... ingress interface that meets the ACL criteria, and disables the port to the default rule, which is assigned rate limiting restrictions for forwarding. Forwards packets which meet the ACL criteria. - Shutdown - Ports are copied. • To Entry Number(s) - Matches the packet IP... - Displays the ports bound by the ACL. 84 Chapter 4: Configuring Device Security Defining Access Control Chapter 4 SGE2000/SGE2000P Gigabit Ethernet Switch Reference Guide • Match IP Precedence - Packets are forwarded or dropped. Drops packets which meet the ACL criteria. -
... ingress interface that meets the ACL criteria, and disables the port to the default rule, which is assigned rate limiting restrictions for forwarding. Forwards packets which meet the ACL criteria. - Shutdown - Ports are copied. • To Entry Number(s) - Matches the packet IP... - Displays the ports bound by the ACL. 84 Chapter 4: Configuring Device Security Defining Access Control Chapter 4 SGE2000/SGE2000P Gigabit Ethernet Switch Reference Guide • Match IP Precedence - Packets are forwarded or dropped. Drops packets which meet the ACL criteria. -
Reference Guide
Page 98
Displays the port connection status. • Port Speed - The possible field values are : - Indicates that the forwarding decisions are defined, and the device is protected by an uplink, so that the interface supports transmission between the device... Settings are overwritten by those of a Link Aggregation (LAG). 2. Click Bridging > Port Management > Port Settings. The Port Settings Page opens: 2. Chapter 5 SGE2000/SGE2000P Gigabit Ethernet Switch Reference Guide • Port Type - This field is configurable only when auto negotiation is disabled, and the port speed is part...
Displays the port connection status. • Port Speed - The possible field values are : - Indicates that the forwarding decisions are defined, and the device is protected by an uplink, so that the interface supports transmission between the device... Settings are overwritten by those of a Link Aggregation (LAG). 2. Click Bridging > Port Management > Port Settings. The Port Settings Page opens: 2. Chapter 5 SGE2000/SGE2000P Gigabit Ethernet Switch Reference Guide • Port Type - This field is configurable only when auto negotiation is disabled, and the port speed is part...
Reference Guide
Page 99
Displays the device port ID. • Port Type - Enables or disables traffic forwarding through the locked port security option. • Operational Status - The configured rate for the port. This field is configurable only when auto ...Current Port Status - You can designate admin speed only when the port auto-negotiation is disabled. • Current Port Speed - Copper/ComboF/ComboC - Chapter SGE2000/SGE2000P Gigabit Ethernet Switch Reference Guide 5 Edit Port Settings Page The Edit Port Settings Page contains the following fields: • Port -
Displays the device port ID. • Port Type - Enables or disables traffic forwarding through the locked port security option. • Operational Status - The configured rate for the port. This field is configurable only when auto ...Current Port Status - You can designate admin speed only when the port auto-negotiation is disabled. • Current Port Speed - Copper/ComboF/ComboC - Chapter SGE2000/SGE2000P Gigabit Ethernet Switch Reference Guide 5 Edit Port Settings Page The Edit Port Settings Page contains the following fields: • Port -