Junos Enterprise Switching
|
|
- Aleesha Eaton
- 6 years ago
- Views:
Transcription
1 Junos Enterprise Switching Chapter 6: Device Security and Firewall Filters 2011 Juniper Networks, Inc. All rights reserved. Worldwide Education Services
2 Chapter Objectives After successfully completing this chapter, you will be able to: Describe the storm control security feature Configure and monitor the storm control security feature Describe firewall filter support for EX Series switches Implement and monitor the effects of a firewall filter 6-2
3 Agenda: Device Security and Firewall Filters Storm Control Firewall Filters 6-3
4 Traffic Storms Some traffic types, such as broadcast and unknown unicast, can continuously propagate through a LAN consuming resources and affecting performance User A initiates traffic to a destination MAC address not known or located in the network User A MAC: 00:26:88:02:74:86 Switch-1 Switch-2 User C MAC: 00:26:88:02:74:88 User B MAC: 00:26:88:02:74:87 Flood Traffic Storm Flood User D MAC: 00:26:88:02:74:89 Switch-3 Flood User E MAC: 00:26:88:02:74:90 User F MAC: 00:26:88:02:74:
5 Introducing Storm Control Storm control monitors traffic levels and drops traffic when the threshold (storm control level) is exceeded Prevents traffic from proliferating and degrading the LAN Switch-1 Traffic Storm The storm control feature ensures traffic storms do not degrade LAN performance 6-5
6 Storm Control Configuration Storm control is enabled by default on EX switches Default storm control level is 80 percent for all interfaces You can modify the default configuration settings at the [edit ethernet-switching-options] hierarchy {master:0[edit] load factory-default warning: activating factory configuration Switch-1 {master:0[edit] show ethernet-switching-options storm-control { interface all; Note: Using the default configuration, all broadcast, multicast, and unknown unicast traffic in excess of 80 percent is dropped
7 Changing the Default Configuration Before modifying the default configuration, monitor broadcast, multicast, and unknown unicast traffic levels in LAN under normal operating conditions Use benchmark data to determine acceptable traffic levels Configure storm control to set the level at which you want to drop broadcast traffic, multicast traffic, unknown unicast traffic, or all three. Is too high? Default Storm Control Level Is acceptable? Is too low? 6-8
8 Storm Control Actions When the storm control level is exceeded, the switch can either drop offending traffic (default) or shut down the interface through which the traffic is passing {master:0[edit ethernet-switching-options] show storm-control { interface all; Traffic is discarded Bit Bucket {master:0[edit ethernet-switching-options] user@switch-1# show storm-control { action-shutdown; interface all; Use the action-shutdown option to alter the default behavior Interface is disabled 6-9
9 Automatic Error Condition Recovery By default, when the action-shutdown option is used and the storm control level is exceeded the interface is shut down until it is manually re-enabled Alternatively, you can automate error condition recovery using the port-error-disable option: {master:0[edit ethernet-switching-options] show port-error-disable { disable-timeout 300; storm-control { action-shutdown; interface all; Specify a disable timeout value between 10 and 3600 seconds
10 Monitoring Automatic Recovery You can monitor the automatic recovery process by: Using show ethernet-switching interfaces to view interface state details: {master:0 show ethernet-switching interfaces Interface State VLAN members Tag Tagging Blocking ge-0/0/6.0 up v11 11 untagged unblocked ge-0/0/8.0 up v11 11 tagged unblocked ge-0/0/9.0 down v11 11 tagged Storm control in effect (00:03:57) remaining me0.0 up mgmt untagged unblocked Using show log messages to view violation details: {master:0 show log messages match storm match ge-0/0/9 Jul 29 09:38:23 Switch-1 eswd[856]: ESWD_ST_CTL_ERROR_DISABLED: ge-0/0/9.0: storm control disabled port Jul 29 09:43:23 Switch-1 eswd[856]: ESWD_ST_CTL_ERROR_ENABLED: ge-0/0/9.0: storm control enabled port Interface was re-enabled after disable timeout period (5 minutes)
11 Clearing Violations Manually Use clear ethernet-switching port-error interface to clear violations manually: {master:0 show ethernet-switching interfaces Interface State VLAN members Tag Tagging Blocking ge-0/0/6.0 up v11 11 untagged unblocked ge-0/0/8.0 up v11 11 tagged unblocked ge-0/0/9.0 down v11 11 tagged Storm control in effect (00:04:17) remaining me0.0 up mgmt untagged unblocked {master:0 clear ethernet-switching port-error interface ge-0/0/9 {master:0 show ethernet-switching interfaces Interface State VLAN members Tag Tagging Blocking ge-0/0/6.0 up v11 11 untagged unblocked ge-0/0/8.0 up v11 11 tagged unblocked ge-0/0/9.0 up v11 11 tagged unblocked me0.0 up mgmt untagged unblocked
12 Agenda: Device Security and Firewall Filters Storm Control Firewall Filters
13 Firewall Filters: A Review Firewall filters control the traffic entering and leaving a networking device in a stateless fashion: Processes every packet independently Used to filter and monitor network traffic
14 Firewall Filter Types Firewall filter types include: Filter Type Port-based VLAN-based Router-based Application Description Applied to Layer 2 switch ports in ingress and egress directions Applied to Layer 2 VLANs in the ingress and egress directions Applied to Layer 3 routed interfaces in ingress and egress directions {master:0[edit firewall] user@switch-1# edit family? Possible completions: > any Protocol-independent filter > ethernet-switching Protocol family Ethernet Switching for firewall filter > inet Protocol family IPv4 for firewall filter > inet6 Protocol family IPv6 for firewall filter Port-based and VLAN-based filters use family ethernet-switching option while routerbased filters use family inet or family inet6 depending on the traffic type
15 Processing Order of Firewall Filters Processing order considerations: Ingress processing order is port, VLAN, then router Egress processing is performed in the reverse order A router-based filter applied to an RVI does not apply to switched packets in the same VLAN Router Filter Router Filter VLAN Filter VLAN Filter Port Filter Port Filter Rx Packet Input Tx Packet Output
16 Building Blocks of Firewall Filters Firewall filters consist of one or more terms; the software evaluates terms sequentially until it reaches a terminating action from statements describe match conditions my-filter term firstterm from then match no match term secondterm from then match no match term Default discard User-defined filter and term names then statements describe the actions to take if a match with the from statement occurs Default action for packets not explicitly allowed Note: Ordering matters! If you must reorder terms within a filter, consider using the insert CLI command
17 Common Match Criteria Can match based on most header fields: Match conditions categories include: Numeric range Address Bit field The from statements describe match conditions term firstterm from then match
18 Firewall Filter Actions Common actions in firewall filters: Terminating actions: accept discard reject Action modifiers: analyzer, count, log, and syslog forwarding-class and loss-priority policer term firstterm from then match The then statements describe actions to take Note: The software discards all traffic not explicitly allowed!
19 Case Study: Topology and Objectives Objectives: Implement filters on the access ports so that only frames using the expected source MAC addresses are permitted Discard and count frames sourced from any other MAC addresses Implement a filter on both VLANs to block frames destined to MAC address 01:80:c2:00:00:00 Discard and count frames destined to the referenced MAC address User A - (VLAN: v11) /24 MAC: 00:26:88:02:74:86 Switch-1 Access ports User B - (VLAN: v12) /24 MAC: 00:26:88:02:74:
20 Case Study: Configuring the Filters (1 of 2) {master:0[edit firewall family ethernet-switching] show filter limit-mac-ge006 term 1 { from { source-mac-address { 00:26:88:02:74:86; then accept; term 2 { then { discard; count ge006-invalid-mac; {master:0[edit firewall family ethernet-switching] user@switch-1# show filter limit-mac-ge007 term 1 { from { source-mac-address { 00:26:88:02:74:87; then accept; term 2 { then { discard; count ge007-invalid-mac; User A - (VLAN: v11) /24 MAC: 00:26:88:02:74:86 Switch-1 Access ports User B - (VLAN: v12) /24 MAC: 00:26:88:02:74:
21 Case Study: Configuring the Filters (2 of 2) {master:0[edit firewall family ethernet-switching] show filter block-dest-mac-01:80:c2:00:00:00 term 1 { from { destination-mac-address { 01:80:c2:00:00:00; then { discard; count block-stp-bpdus; term 2 { then accept; User A - (VLAN: v11) /24 MAC: 00:26:88:02:74:86 Switch-1 Access ports User B - (VLAN: v12) /24 MAC: 00:26:88:02:74:
22 Case Study: Applying the Filters (1 of 2) {master:0[edit interfaces] show ge-0/0/6 unit 0 { family ethernet-switching { vlan { members v11; filter { input limit-mac-ge006; {master:0[edit interfaces] user@switch-1# show ge-0/0/7 unit 0 { family ethernet-switching { vlan { members v12; filter { input limit-mac-ge007; User A - (VLAN: v11) /24 MAC: 00:26:88:02:74:86 Switch-1 Access ports User B - (VLAN: v12) /24 MAC: 00:26:88:02:74:
23 Case Study: Applying the Filters (2 of 2) {master:0[edit vlans] show v11 { vlan-id 11; filter { input block-dest-mac-01:80:c2:00:00:00; l3-interface vlan.11; v12 { vlan-id 12; filter { input block-dest-mac-01:80:c2:00:00:00; l3-interface vlan.12; User A - (VLAN: v11) /24 MAC: 00:26:88:02:74:86 Switch-1 Access ports User B - (VLAN: v12) /24 MAC: 00:26:88:02:74:
24 Case Study: Monitoring Firewall Filters {master:0 show firewall Filter: block-dest-mac-01:80:c2:00:00:00 Counters: Name Bytes Packets block-stp-bpdus Filter: limit-mac-ge006 Counters: Name Bytes Packets ge006-invalid-mac Filter: limit-mac-ge007 Counters: Name Bytes Packets ge007-invalid-mac User A - (VLAN: v11) /24 MAC: 00:26:88:02:74:86 Switch-1 Access ports User B - (VLAN: v12) /24 MAC: 00:26:88:02:74:
25 Summary In this chapter, we: Described the storm control security feature Configured and monitored the storm control security feature Described firewall filter support for EX Series switches Implemented and monitored the effects of a firewall filter
26 Review Questions 1. What is a traffic storm and how is it created? 2. What actions can be taken when a storm control level is exceeded? 3. Which types of firewall filters are supported on EX Series switches? Where are they applied?
27 Lab 5: Storm Control and Firewall Filters Implement the storm control security feature. Configure and monitor firewall filters
28 Worldwide Education Services
Example: Configuring Layer 2 Protocol Tunneling on EX Series Switches
Example: Configuring Layer 2 Protocol Tunneling on EX Series Switches Requirements Layer 2 protocol tunneling (L2PT) allows you to send Layer 2 protocol data units (PDUs) across a service provider network
More informationDevice Security Feature Guide for EX9200 Switches
Device Security Feature Guide for EX9200 Switches Release 16.2 Modified: 2016-11-02 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net Juniper Networks,
More informationExample: Configuring DHCP Snooping, DAI, and MAC Limiting on an EX Series Switch with Access to a DHCP Server Through a Second Switch
Example: Configuring DHCP Snooping, DAI, and MAC Limiting on an EX Series Switch with Access to a DHCP Server Through a Second Switch Requirements You can configure DHCP snooping, dynamic ARP inspection
More informationGuideTorrent. The best excellent exam certification guide torrent and dumps torrent provider
GuideTorrent http://www.guidetorrent.com The best excellent exam certification guide torrent and dumps torrent provider Exam : JN0-343 Title : Juniper Networks Certified Internet Specialist (JNCIS-ENT)
More informationConfiguring Port-Based Traffic Control
CHAPTER 18 This chapter describes how to configure port-based traffic control features on the Catalyst 3750 Metro switch. For complete syntax and usage information for the commands used in this chapter,
More informationConfiguring Port-Based Traffic Control
CHAPTER 22 This chapter describes how to configure the port-based traffic control features on the Cisco ME 3400 Ethernet Access switch. For complete syntax and usage information for the commands used in
More informationConfiguring Firewall Filters (J-Web Procedure)
Configuring Firewall Filters (J-Web Procedure) You configure firewall filters on EX Series switches to control traffic that enters ports on the switch or enters and exits VLANs on the network and Layer
More informationConfiguring Port-Based Traffic Control
Overview of Port-Based Traffic Control, page 1 Finding Feature Information, page 2 Information About Storm Control, page 2 How to Configure Storm Control, page 4 Information About Protected Ports, page
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST \ http://www.pass4test.com We offer free update service for one year Exam : JN0-643 Title : Enterprise Routing and Switching, Professional (JNCIP- ENT) Vendor : Juniper Version : DEMO Get Latest
More informationJunos Security. Chapter 4: Security Policies Juniper Networks, Inc. All rights reserved. Worldwide Education Services
Junos Security Chapter 4: Security Policies 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net Worldwide Education Services Chapter Objectives After successfully completing this chapter,
More informationConfiguring IEEE 802.1Q Tunneling and Layer 2 Protocol Tunneling
CHAPTER 14 Configuring IEEE 802.1Q Tunneling and Layer 2 Protocol Tunneling With Release 12.1(13)E and later, the Catalyst 6500 series switches support IEEE 802.1Q tunneling and Layer 2 protocol tunneling.
More informationConfiguring Port-Based Traffic Control
Overview of Port-Based Traffic Control, page 2 Finding Feature Information, page 2 Information About Storm Control, page 2 How to Configure Storm Control, page 4 Finding Feature Information, page 9 Information
More informationExample: Configuring DHCP Snooping and DAI to Protect the Switch from ARP Spoofing Attacks
Example: Configuring DHCP Snooping and DAI to Protect the Switch from ARP Spoofing Attacks In an ARP spoofing attack, the attacker associates its own MAC address with the IP address of a network device
More informationActual4Test. Actual4test - actual test exam dumps-pass for IT exams
Actual4Test http://www.actual4test.com Actual4test - actual test exam dumps-pass for IT exams Exam : JN0-102 Title : Juniper Networks Certified Internet Associate, Junos (JNCIA-Junos) Vendor : Juniper
More informationJN0-343 Q&As. Juniper Networks Certified Internet Specialist (JNCIS-ENT) Pass Juniper JN0-343 Exam with 100% Guarantee
JN0-343 Q&As Juniper Networks Certified Internet Specialist (JNCIS-ENT) Pass Juniper JN0-343 Exam with 100% Guarantee Free Download Real Questions & Answers PDF and VCE file from: 100% Passing Guarantee
More informationExample: Setting Up Basic Bridging and a VLAN for an EX Series Switch
Example: Setting Up Basic Bridging and a VLAN for an EX Series Switch Requirements EX Series switches use bridging and virtual LANs (VLANs) to connect network devices in a LAN desktop computers, IP telephones,
More informationStorm Control over EVC
This chapter describes and procedures to configure., page 1 Restrictions for, page 1 Configuring, page 2 Examples, page 3 Verification, page 5 Storm control prevents traffic on a LAN from being disrupted
More informationTechnology Overview. Retrieving VLAN Information Using SNMP on an EX Series Ethernet Switch. Published:
Technology Overview Retrieving VLAN Information Using SNMP on an EX Series Ethernet Switch Published: 2014-01-10 Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408-745-2000
More informationExample: Configuring IP Source Guard with Other EX Series Switch Features to Mitigate Address-Spoofing Attacks on Untrusted Access Interfaces
Example: Configuring IP Source Guard with Other EX Series Switch Features to Mitigate Address-Spoofing Attacks on Untrusted Access Interfaces Requirements Ethernet LAN switches are vulnerable to attacks
More informationExample: Configuring Static MAC Bypass of Authentication on an EX Series Switch
Example: Configuring Static MAC Bypass of Authentication on an EX Series Switch Requirements To allow devices to access your LAN through 802.1X-configured interfaces without authentication, you can configure
More informationConfiguring Traffic Storm Control
19 CHAPTER This chapter describes how to configure traffic storm control on the NX-OS device. This chapter includes the following sections: Information About Traffic Storm Control, page 19-1 Virtualization
More informationExample: Configuring IP Source Guard on a Data VLAN That Shares an Interface with a Voice VLAN
Example: Configuring IP Source Guard on a Data VLAN That Shares an Interface with a Voice VLAN Requirements Ethernet LAN switches are vulnerable to attacks that involve spoofing (forging) of source IP
More informationJUNIPER JN0-643 EXAM QUESTIONS & ANSWERS
JUNIPER JN0-643 EXAM QUESTIONS & ANSWERS Number: JN0-643 Passing Score: 800 Time Limit: 120 min File Version: 48.5 http://www.gratisexam.com/ JUNIPER JN0-643 EXAM QUESTIONS & ANSWERS Exam Name: Enterprise
More informationLab 5. Spanning Tree. Overview. JNCIS-ENT Bootcamp
Lab 5 Spanning Tree Overview This lab demonstrates basic configuration and monitoring tasks when implementing spanning tree and some related protection features on EX Series switches. In this lab, you
More informationConfigure Ethernet Physical Interface Properties on page 82. Configure 802.1Q VLANs on page 83. Configure the Management Ethernet Interface on page 84
Chapter 8 The JUNOSg cable modem termination system (CMTS )supports the following types of Ethernet interfaces: Fast Ethernet Gigabit Ethernet Management Ethernet interface, which is an out-of-band management
More informationIT Certification Exams Provider! Weofferfreeupdateserviceforoneyear! h ps://
IT Certification Exams Provider! Weofferfreeupdateserviceforoneyear! h ps://www.certqueen.com Exam : JN0-343 Title : Juniper Networks Certified Internet Specialist (JNCIS-ENT) Version : DEMO 1 / 6 1.How
More informationLab 2. Spanning Tree Protocols. Overview. JNCIS-ENT++ Bootcamp
Lab 2 Spanning Tree Protocols Overview This lab demonstrates basic configuration and monitoring tasks when implementing spanning tree and some related protection features on EX Series switches. In this
More informationUnderstanding Issues Related to Inter VLAN Bridging
Understanding Issues Related to Inter VLAN Bridging Document ID: 11072 Contents Introduction Prerequisites Requirements Components Used Conventions Spanning Tree Topology Concerns Recommended Use of Hierarchical
More informationChapter 4 Configuring Switching
Chapter 4 Configuring Switching Using the Switching Tab The navigation tabs on the top of the home page include a Switching tab that lets you manage your GS108T Gigabit Smart Switch using features under
More informationNetwork Configuration Example
Network Configuration Example Configuring Private VLANs on a QFX Switch Using Extended Functionality Modified: 2016-08-01 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000
More informationTable of Contents 1 VLAN Configuration 1-1
Table of Contents 1 VLAN Configuration 1-1 Overview 1-1 Introduction to VLAN 1-1 VLAN Fundamentals 1-2 Types of VLAN 1-3 Introduction to Port-Based VLAN 1-3 Configuring a VLAN 1-4 Configuration Task List
More informationFSOS. Ethernet Configuration Guide
FSOS Ethernet Configuration Guide Contents 1 Configuring Interface... 1 1.1 Overview...1 1.2 Configuring Interface State...1 1.2.1 Configurations...1 1.2.2 Validation...1 1.3 Configuring Interface Speed...
More informationMonitoring Ports. Port State
The Ports feature available on the ME 1200 Web GUI allows you to monitor the various port parameters on the ME 1200 switch. Port State, page 1 Port Statistics Overview, page 2 QoS Statistics, page 2 QCL
More informationJunos Security. Chapter 3: Zones Juniper Networks, Inc. All rights reserved. Worldwide Education Services
Junos Security Chapter 3: Zones 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net Worldwide Education Services Chapter Objectives After successfully completing this chapter, you will be
More informationLesson 9 OpenFlow. Objectives :
1 Lesson 9 Objectives : is new technology developed in 2004 which introduce Flow for D-plane. The Flow can be defined any combinations of Source/Destination MAC, VLAN Tag, IP address or port number etc.
More informationNetwork Configuration Example
Network Configuration Example Configuring Multichassis Link Aggregation on a QFX Series Switch Release NCE 64 Modified: 2016-08-01 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089
More informationLab 4. Firewall Filters and Class of Service. Overview. Introduction to JUNOS Software & Routing Essentials
Lab 4 Firewall Filters and Class of Service Overview This lab demonstrates configuration and monitoring of Firewall Filters and Class of Service on JUNOS devices. In this lab, you use the Command Line
More informationConfiguring Traffic Storm Control
This chapter describes how to configure traffic storm control on the Cisco NX-OS device. This chapter includes the following sections: Finding Feature Information, page 1 Information About Traffic Storm
More informationConfiguring Q-in-Q VLAN Tunnels
Information About Q-in-Q Tunnels, page 1 Licensing Requirements for Interfaces, page 7 Guidelines and Limitations, page 7 Configuring Q-in-Q Tunnels and Layer 2 Protocol Tunneling, page 8 Configuring Q-in-Q
More informationHP 6125G & 6125G/XG Blade Switches
HP 6125G & 6125G/XG Blade Switches Layer 2 - LAN Switching Configuration Guide Part number:5998-3155a Software version: Release 2103 and later Document version: 6W102-20141218 Legal and notice information
More informationConfiguring Interfaces and Circuits
CHAPTER 5 This chapter describes how to configure the CSS interfaces and circuits and how to bridge interfaces to Virtual LANs (VLANs). Information in this chapter applies to all CSS models, except where
More informationConfiguring Access and Trunk Interfaces
Configuring Access and Trunk Interfaces Ethernet interfaces can be configured either as access ports or trunk ports. Trunks carry the traffic of multiple VLANs over a single link and allow you to extend
More informationENTERPRISE MPLS. Kireeti Kompella
ENTERPRISE MPLS Kireeti Kompella AGENDA The New VLAN Protocol Suite Signaling Labels Hierarchy Signaling Advanced Topics Layer 2 or Layer 3? Resilience and End-to-end Service Restoration Multicast ECMP
More informationConfiguring Port-Based and Client-Based Access Control (802.1X)
9 Configuring Port-Based and Client-Based Access Control (802.1X) Contents Overview..................................................... 9-3 Why Use Port-Based or Client-Based Access Control?............
More informationConfiguring SPAN and RSPAN
34 CHAPTER This chapter describes how to configure the Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN) on the Catalyst 4500 series switches. SPAN selects network traffic for analysis by a network
More informationIMPLEMENTING A LAYER 2 ENTERPRISE INFRASTRUCTURE WITH VIRTUAL CHASSIS TECHNOLOGY
IMPLEMENTATION GUIDE IMPLEMENTING A LAYER 2 ENTERPRISE INFRASTRUCTURE WITH VIRTUAL CHASSIS TECHNOLOGY Although Juniper Networks has attempted to provide accurate information in this guide, Juniper Networks
More informationExample: Setting Up 802.1X for Single Supplicant or Multiple Supplicant Configurations on an EX Series Switch
Example: Setting Up 802.1X for Single Supplicant or Multiple Supplicant Configurations on an EX Series Switch 802.1x Port-Based Network Access Control (PNAC) authentication on EX Series switches provides
More informationNetwork Configuration Example
Network Configuration Example Configuring CoS Hierarchical Port Scheduling Release NCE 71 Modified: 2016-12-16 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net
More informationConfiguring Q-in-Q VLAN Tunnels
This chapter describes how to configure Q-in-Q VLAN tunnels. Finding Feature Information, page 1 Feature History for Q-in-Q Tunnels and Layer 2 Protocol Tunneling, page 1 Information About Q-in-Q Tunnels,
More informationConfiguring Port Channels
CHAPTER 5 This chapter describes how to configure port channels and to apply and configure the Link Aggregation Control Protocol (LACP) for more efficient use of port channels in Cisco DCNM. For more information
More informationConfiguring VLANs. Understanding VLANs CHAPTER
7 CHAPTER This chapter describes how to configure normal-range VLANs (VLAN IDs 1 to 1005) and extended-range VLANs (VLAN IDs 1006 to 4094) on the Cisco MWR 2941 router. It includes information about VLAN
More informationConfiguring VLANs. Understanding VLANs CHAPTER
CHAPTER 11 This chapter describes how to configure normal-range VLANs (VLAN IDs 1 to 1005) and extended-range VLANs (VLAN IDs 1006 to 4094) on the Cisco ME 3400 Ethernet Access switch. It includes information
More informationConfiguring Ethernet Virtual Connections on the Cisco ASR 1000 Series Router
Configuring Ethernet Virtual Connections on the Cisco ASR 1000 Series Router Ethernet virtual circuit (EVC) infrastructure is a Layer 2 platform-independent bridging architecture that supports Ethernet
More informationConfiguring EtherChannels
This chapter describes how to configure EtherChannels and to apply and configure the Link Aggregation Control Protocol (LACP) for more efficient use of EtherChannels in Cisco NX-OS. It contains the following
More informationUser Handbook. Switch Series. Default Login Details. Version 1.0 Edition
User Handbook Switch Series Zyxel GS1920 / GS2210 / XGS2210 / GS3700 / XGS3700 / XGS4600 / XS1920 / XS3700 Default Login Details LAN IP Address https://192.168.1.1 User Name admin Password 1234 Version
More informationIP SLA Service Performance Testing
This module describes how to configure the ITU-T Y.1564 Ethernet service performance test methodology that measures the ability of a network device to enable movement of traffic at the configured data
More informationVLANs Level 3 Unit 9 Computer Networks
VLANs Some Requirements of LANs Need to split up broadcast domains to make good use of bandwidth People in different departments may need to be grouped together for access to servers Security: restrict
More informationJ-series Advanced Switching Configuration
Application Note J-series Advanced Switching Configuration Configuring JUNOS Software Advanced Switching on J-series Services Routers Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California
More informationFSOS Security Configuration Guide
FSOS Security Configuration Guide Contents 1 Configuring Port Security...8 1.1 Overview...8 1.2 Topology... 9 1.3 Configurations...9 1.4 Validation... 10 2 Configuring Vlan Security... 11 2.1 Overview...
More informationConfiguring SPAN and RSPAN
Prerequisites for SPAN and RSPAN, page 1 Restrictions for SPAN and RSPAN, page 1 Information About SPAN and RSPAN, page 3 How to Configure SPAN and RSPAN, page 14 Monitoring SPAN and RSPAN Operations,
More informationLecture 9: Switched Ethernet Features: STP and VLANs
Lecture 9: Switched Ethernet Features: STP and VLANs Dr. Mohammed Hawa Electrical Engineering Department University of Jordan EE426: Communication Networks Ethernet Switch Features The following features
More informationReferences: tates-roles.html
Volume: 65 Questions Question No: 1 What are three RSTP port states? (Choose three.) A. learning B. forwarding C. listening D. blocking E. discarding Answer: A,B,E Explanation: Port States in STP and RSTP
More informationHP 5120 SI Switch Series
HP 5120 SI Switch Series Layer 2 - LAN Switching Configuration Guide Part number: 5998-1807 Software version: Release 1513 Document version: 6W100-20130830 Legal and notice information Copyright 2013 Hewlett-Packard
More information3. INTERCONNECTING NETWORKS WITH SWITCHES. THE SPANNING TREE PROTOCOL (STP)
3. INTERCONNECTING NETWORKS WITH SWITCHES. THE SPANNING TREE PROTOCOL (STP) 3.1. STP Operation In an extended Ethernet network (a large network, including many switches) multipath propagation may exist
More informationCertkiller JN q
Certkiller JN0-102 242q Number: JN0-102 Passing Score: 800 Time Limit: 120 min File Version: 26.5 http://www.gratisexam.com/ Juniper JN0-102 Juniper Networks Certified Internet Associate, Junos 100% Valid
More informationNetwork Configuration Example
Network Configuration Example Configuring Dual-Stack Lite for IPv6 Access Release NCE0025 Modified: 2016-10-12 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net
More informationmls qos (global configuration mode)
mls qos (global configuration mode) mls qos (global configuration mode) To enable the quality of service (QoS) functionality globally, use the mls qos command in global configuration mode. To disable the
More informationQuality of Service. Understanding Quality of Service
The following sections describe support for features on the Cisco ASR 920 Series Router. Understanding, page 1 Configuring, page 2 Global QoS Limitations, page 2 Classification, page 3 Marking, page 6
More informationConfiguring EtherChannels
Configuring EtherChannels This chapter describes how to configure EtherChannels and to apply and configure the Link Aggregation Control Protocol (LACP) for more efficient use of EtherChannels in Cisco
More informationConfiguring SPAN and RSPAN
41 CHAPTER This chapter describes how to configure the Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN) on the Catalyst 4500 series switches. SPAN selects network traffic for analysis by a network
More informationThe features and functions of the D-Link Smart Managed Switch can be configured through the web-based management interface.
4 Configuration The features and functions of the D-Link Smart Managed Switch can be configured through the web-based management interface. Web-based Management After a successful login you will see the
More informationModular Policy Framework. Class Maps SECTION 4. Advanced Configuration
[ 59 ] Section 4: We have now covered the basic configuration and delved into AAA services on the ASA. In this section, we cover some of the more advanced features of the ASA that break it away from a
More informationConfiguring IGMP Snooping
This chapter describes how to configure Internet Group Management Protocol (IGMP) snooping on a Cisco NX-OS device. About IGMP Snooping, page 1 Licensing Requirements for IGMP Snooping, page 4 Prerequisites
More informationH3C S10500 Attack Protection Configuration Examples
H3C S10500 Attack Protection Configuration Examples Copyright 2015 Hangzhou H3C Technologies Co., Ltd. All rights reserved. No part of this manual may be reproduced or transmitted in any form or by any
More informationFiberstoreOS. Security Configuration Guide
FiberstoreOS Security Configuration Guide Contents 1 Configuring Port Security...1 1.1 Overview...1 1.2 Topology... 2 1.3 Configurations...2 1.4 Validation... 3 2 Configuring Vlan Security... 4 2.1 Overview...4
More informationConfiguring SPAN. About SPAN. SPAN Sources
This chapter describes how to configure an Ethernet switched port analyzer (SPAN) to analyze traffic between ports on Cisco NX-OS devices. This chapter contains the following sections: About SPAN, page
More informationASR 5000 Series ICMP Packet Generation from the CLI and Fragmentation Identification
ASR 5000 Series ICMP Packet Generation from the CLI and Fragmentation Identification Document ID: 119210 Contributed by Dave Damerjian, Cisco TAC Engineer. Jul 27, 2015 Contents Introduction Problem Solution
More information8-Port Gigabit Ethernet Smart Managed Plus Switch with Integrated Cable Management User Manual
8-Port Gigabit Ethernet Smart Managed Plus Switch with Integrated Cable Management User Manual Model GS908E December 2017 202-11807-03 350 E. Plumeria Drive San Jose, CA 95134 USA Support Thank you for
More informationManagement Software AT-S67 AT-S68. User s Guide FOR USE WITH AT-FS7016 AND AT-FS7024 SMART SWITCHES VERSION PN Rev A
Management Software AT-S67 AT-S68 User s Guide FOR USE WITH AT-FS7016 AND AT-FS7024 SMART SWITCHES VERSION 1.0.0 PN 613-50494-00 Rev A Copyright 2003 Allied Telesyn, Inc. 960 Stewart Drive Suite B, Sunnyvale,
More informationConfiguring SPAN and RSPAN
CHAPTER 32 This chapter describes how to configure Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN) on the Catalyst 3750-X or 3560-X switch. Unless otherwise noted, the term switch refers to a Catalyst
More informationConfigure Virtual LANs in Layer 2 VPNs
The Layer 2 Virtual Private Network (L2VPN) feature enables Service Providers (SPs) to provide L2 services to geographically disparate customer sites. A virtual local area network (VLAN) is a group of
More informationHP A3100 v2 Switch Series
HP A3100 v2 Switch Series Layer 2 - LAN Switching Configuration Guide HP A3100-8 v2 SI Switch (JG221A) HP A3100-16 v2 SI Switch (JG222A) HP A3100-24 v2 SI Switch (JG223A) HP A3100-8 v2 EI Switch (JD318B)
More informationA. ARPANET was an early packet switched network initially connecting 4 sites (Stanford, UC Santa Barbara, UCLA, and U of Utah).
Volume: 245 Questions Question No: 1 Which of the following statements best describes ARPANET? A. ARPANET was an early packet switched network initially connecting 4 sites (Stanford, UC Santa Barbara,
More informationIP SLA Service Performance Testing
This module describes how to configure the ITU-T Y.1564 Ethernet service performance test methodology that measures the ability of a network device to enable movement of traffic at the configured data
More informationConfiguring Port Channels
This chapter contains the following sections: Information About Port Channels, page 1, page 9 Verifying Port Channel Configuration, page 16 Verifying the Load-Balancing Outgoing Port ID, page 17 Feature
More informationConfiguring IEEE 802.1Q Tunneling
CHAPTER 26 This chapter describes how to configure IEEE 802.1Q tunneling in Cisco IOS Release 12.2SX. For complete syntax and usage information for the commands used in this chapter, see the Cisco IOS
More informationJuniper.Selftestengine.jn0-694.v by.KIM-HL.52q
Juniper.Selftestengine.jn0-694.v2013-10-24.by.KIM-HL.52q Number: jn0-694 Passing Score: 800 Time Limit: 120 min File Version: 18.5 http://www.gratisexam.com/ Exam Code: JN0-694 Exam Name: Enterprise Routing
More informationConfiguring Tap Aggregation and MPLS Stripping
This chapter contains the following sections: Information About Tap Aggregation, page 1 Information About MPLS Stripping, page 3 Configuring Tap Aggregation, page 4 Verifying the Tap Aggregation Configuration,
More informationConfiguring Port-Based Traffic Control
CHAPTER 17 This chapter describes how to configure the port-based traffic control features on your switch. For complete syntax and usage information for the commands used in this chapter, refer to the
More informationConfiguring sflow. Information About sflow. sflow Agent. This chapter contains the following sections:
This chapter contains the following sections: Information About sflow, page 1 Licensing Requirements, page 2 Prerequisites, page 2 Guidelines and Limitations for sflow, page 2 Default Settings for sflow,
More informationJunos Security. Chapter 11: High Availability Clustering Implementation
Junos Security Chapter 11: High Availability Clustering Implementation 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net Worldwide Education Services Chapter Objectives After successfully
More informationVLAN Configuration. Understanding VLANs CHAPTER
CHAPTER 11 This chapter describes how to configure normal-range VLANs (VLAN IDs 1 to 1005) and extended-range VLANs (VLAN IDs 1006 to 4094) on the CGR 2010 ESM. It includes information about VLAN membership
More informationJN0-346 juniper
JN0-346 juniper Number: JN0-346 Passing Score: 800 Time Limit: 120 min Exam A QUESTION 1 Click the Exhibit button. Referring to the exhibit, what does the asterisk (*) indicate? A. The router received
More informationSpecialist Level Certification JNCIS-ENT; 5 Days; Instructor-led
Specialist Level Certification JNCIS-ENT; 5 Days; Instructor-led Course Description The JNCIS-ENT Certification BootCamp course is a 5-day Blended-Learning event that covers technology aspects that meet
More informationConfiguring sflow. About sflow. sflow Agent
About sflow This chapter describes how to configure sflow on Cisco NX-OS devices. This chapter includes the following sections: About sflow, on page 1 Licensing Requirements for sflow, on page 2 Prerequisites
More informationConfiguring Port Channels
This chapter contains the following sections: Information About Port Channels, page 1, page 10 Verifying Port Channel Configuration, page 21 Verifying the Load-Balancing Outgoing Port ID, page 22 Feature
More informationH3C S5130-EI Switch Series
H3C S5130-EI Switch Series OpenFlow Command Reference New H3C Technologies Co., Ltd. http://www.h3c.com Software version: Release 311x Document version: 6W102-20180323 Copyright 2016-2018, New H3C Technologies
More informationConfiguring Private VLANs
CHAPTER 15 This chapter describes how to configure private VLANs on the Cisco 7600 series routers. Note For complete syntax and usage information for the commands used in this chapter, refer to the Cisco
More informationConfiguring EtherChannels
CHAPTER 11 This chapter describes how to configure EtherChannels and to apply and configure the Link Aggregation Control Protocol (LACP) for more efficient use of EtherChannels in Cisco NX-OS. This chapter
More informationTraditional network management methods have typically
Advanced Configuration for the Dell PowerConnect 5316M Blade Server Chassis Switch By Surendra Bhat Saurabh Mallik Enterprises can take advantage of advanced configuration options for the Dell PowerConnect
More information