Allied Telesis at-8516f User Guide
74
Rapier Switch User Guide
Software Release 2.6.1
C613-02025-00 REV C
C613-02025-00 REV C
Figure 13: Example output from the SHOW SWITCH PORT INTRUSION command.
A switch port can be manually locked before it reaches the learning limit, by
using the command:
using the command:
ACTIVATE SWITCH PORT={port-list|ALL} LOCK
Addresses can be manually added to a port locked list up to a total of 256 MAC
addresses, and the learning limit can be extended to accommodate them, by
using the command:
addresses, and the learning limit can be extended to accommodate them, by
using the command:
ADD SWITCH FILTER ACTION={FORWARD|DISCARD} DESTADDRESS=macadd
PORT=port [ENTRY=entry] [LEARN] [VLAN={vlanname|1..4094}]
Learned addresses on locked ports can be saved as part of the switch
configuration, so that they will be part of the configuration after a power cycle,
using the command:
configuration, so that they will be part of the configuration after a power cycle,
using the command:
CREATE CONFIG=filename
If the configuration is not saved when there is a locked list for a port, the
learning process begins again after the switch is restarted.
learning process begins again after the switch is restarted.
Virtual Local Area Networks (VLANs)
A Virtual LAN (VLAN) is a logical, software-defined subnetwork. It allows
similar devices on the network to be grouped together into one broadcast
domain, irrespective of their physical position in the network. Multiple VLANs
can be used to group workstations, servers, and other network equipment
connected to the switch, according to similar data and security requirements.
similar devices on the network to be grouped together into one broadcast
domain, irrespective of their physical position in the network. Multiple VLANs
can be used to group workstations, servers, and other network equipment
connected to the switch, according to similar data and security requirements.
Decoupling logical broadcast domains from the physical wiring topology
offers several advantages, including the ability to:
offers several advantages, including the ability to:
■
Move devices and people with minimal, or no, reconfiguration
■
Change a device’s broadcast domain and access to resources without
physically moving the device, by software reconfiguration or by moving its
cable from one switch port to another
physically moving the device, by software reconfiguration or by moving its
cable from one switch port to another
■
Isolate parts of the network from other parts, by placing them in different
VLANs
VLANs
■
Share servers and other network resources without losing data isolation or
security
security
■
Direct broadcast traffic to only those devices which need to receive it, to
reduce traffic across the network
reduce traffic across the network
■
Connect 802.1Q-compatible switches together through one port on each
switch
switch
Switch Port Information
----------------------------------------------------------------------------
Port 2 - 13 intrusion(s) detected
00-00-c0-1d-2c-f8 00-90-27-87-a5-22 00-00-cd-01-00-4a
00-d0-b7-4d-93-c0 08-00-5a-a1-02-3f 00-d0-b7-d5-5f-a9
00-b0-d0-20-d1-01 00-90-99-0a-00-49 00-10-83-05-72-83
00-00-cd-00-45-9e 00-00-c0-ad-a3-d0 00-a0-24-8e-65-3c
00-90-27-32-ad-61
----------------------------------------------------------------------------