Allied Telesis x900 User's Manual
Contents
1. interface vlan 72 ip address 192 168 172 1 24 ip dhcp relay server address 192 168 169 254 Configure a default route to external networks ip route 0 0 0 0 0 192 168 169 254 Configure NTP Network Time Protocol with the IP ntp server 192 168 10 11 address of the NTP server end Allied Telesis www alliedtelesis com NETWORK RESILIENCY SOLUTIONS VCStack Link aggregation 8600 Configuration To enable secure HTTP management to use certificates a distinguished name is required and system security must set system distinguished cn switch o alliedtelesis c nz be enabled enable system security Storm control is configured to prevent downstream loops from affecting the inner layers of the network set switch port 1 24 bclimit 3000 mclimit 3000 dlflimit 3000 By default all ports are put into VLAN 171 create vlan edge vid 1 7 add vlan 171 port 1 26 enable stp default set stp default mode rapid disable stp default port 24 Spanning tree needs to be disabled on the edge facing ports as it cannot co exist with 802 x authentication The two gigabit ports are aggregated together to create a resilient link to the network core create switch trunk aggregation port 25 26 speed 000m 802 Ix authentication is enabled on all the client facing ports Clients cannot access the network without being authenticated ___ enable portauth 802Ix enable portauth 8021x port 1 24 type authenticator e2. interface port2 0 switchport switchport mode access switchport access vlan 169 Create link aggregation groups across the VCStack static channel group members for resiliency One for servers and three for edge switches interface port 0 3 switchport switchport mode access switchport access vlan 70 static channel group 2 interface port2 0 3 switchport switchport mode access switchport access vlan 70 static channel group 2 interface port 0 5 switchport switchport mode access switchport access vlan 7 static channel group 3 Allied Telesis www alliedtelesis com NETWORK RESILIENCY SOLUTIONS VCStack Link aggregation interface port2 0 5 switchport switchport mode access switchport access vlan 171 static channel group 3 interface port1 0 7 Create link aggregation groups across the VCStack switchport members for resiliency One for servers and three for switchport mode access edge switches switchport access vlan 72 static channel group 4 interface port2 0 7 switchport switchport mode access switchport access vlan 72 static channel group 4 interface vlan 69 ip address 192 168 169 1 24 interface vlan 70 ip address 192 168 170 1 24 ip dhcp relay server address 192 168 169 254 Assign an IP address to each VLAN Configure DHCP relay to forward DHCP requests to the server interface vian 7 ip address 192 168 171 1 24 ip dhcp relay server address 192 168 169 254
3. list mlist deny service telnet deny service http permit port channel exit management access class mlist Management access is ONLY possible via the core connected aggregated link Access via insecure methods Telnet and HTTP are blocked Remote management sessions must use SSH and or HTTPS ip ssh server ip https server All log messages are sent to a syslog server Higher severity log messages are also buffered on the switch itself Allow read only SNMP monitoring from one management ____snmp server community public ro 192 168 10 13 view Default station Send traps to that same management station snmp server host 192 168 10 13 public traps 2 ntp client enable vlan 70 lock source sntp s System time is provided from an SNTP server SEES sntp unicast client enable sntp server 192 168 10 3 logging 192 168 10 11 logging buffered errors line console The console port can auto detect the terminal data rate autobaud exit VCStack Allied Telesis www alliedtelesis com NETWORK RESILIENCY SOLUTIONS VCStack Link aggregation About Allied Telesis Allied Telesis is a world class leader in delivering IP Ethernet network solutions to the global market place We create innovative standards based IP networks that seamlessly connect you with voice video and data services Enterprise customers can build complete end to end networking solutions through a single vendor with core to edge technologies rang
4. Network Resiliency Solutions We Allied Telesis x900 Advanced Gigabit Layer 3 Expandable Switches Tested Solution VCStack Link Aggregation Prior to the advent of the Virtual Chassis Stacking VCStack solution high availability in enterprise networks was achieved by provisioning redundant links with STP and redundant routers with VRRP In normal operation bandwidth and routing power would sit idle in the network Allied Telesis now provides a truly resilient network In normal operation all bandwidth and all routing power in the network are fully available for use all the time If a link or device fails some of the bandwidth or forwarding power will be lost but the network will still be fully operational and all remaining resources will continue to be fully utilized Servers I Gigabit link 10 100 link O Link aggregation Diagram l VCStack Link Aggregation Key Benefits of the solution Full bandwidth utilization and maximum availability The key advantage comes from configuring the links from the edge to the core using 802 3ad link aggregation This is possible because VCS supports link aggregation on ports across different virtual chassis members providing m Full network bandwidth as both ports are active no links are blocked as some would be with spanning tree m Minimal network disruption if a link fails The process within a switch when an aggregated link fails is very simple and the virtual chassi
5. ing from powerful 10 Gigabit Layer 3 switches right through to media converters Allied Telesis also offer a wide range of access aggregation and backbone solutions for Service Providers Our products range from industry leading media gateways which allow voice video and data services to be delivered to the home and business right through to high end chassis based platforms providing significant network infrastructure Allied Telesis flexible service and support programs are tailored to meet a wide range of needs and are designed to protect your Allied Telesis investment well into the future Visit us online at www alliedtelesis com USA Headquarters 19800 North Creek Parkway Suite 100 Bothell WA 98011 USA T 1 800 424 4284 F 1 425 481 3895 European Headquarters Via Motta 24 6830 Chiasso Switzerland T 41 91 69769 00 F 41 91 69769 11 Asia Pacific Headquarters Tai Seng Link Singapore 534182 T 65 6383 3832 F 65 6383 3830 www alliedtelesis com 2008 Allied Telesis Inc All rights reserved Information in this document is subject to change without notice All company names logos and product designs that are trademarks or registered trademarks are the property of their respective owners 617 000170 Rev L Connecting The World MV Allied Telesis
6. nable dhcpsnooping DHCP snooping guards against rogue server attacks server enable dhcpsnooping arpsecurity exhaustion attacks arp poisoning attacks and IP spoofing enable dhcpsnooping log arpsecurity attacks Any ARP poisoning attempt will be logged set dhcpsnooping port 25 trusted yes set dhcpsnooping port 26 trusted yes ble i Attach t IP address to VLAN171 and provid means Bra et ane a a ang provide add ip int vianI7 ip 192 168 171 34 Aa add ip route 0 0 0 0 interface vlan171 nexthop 192 168 171 1 The Radius server is used for authenticating management add radius server 192 168 10 34 secret testing 23 2 sessions and also for authenticating 802 x clients port 1812 accport 1813 add switch 3filtter match dipaddress dclass host add switch 3filtter entry dipaddress 192 168 171 34 connected aggregated link Access via insecure methods action deny Telnet and HTTP are blocked add switch 3filter match none import true add switch l3filter 2 entry iport 26 action nodrop add switch l3filter 2 entry iport 25 action nodrop Management access is ONLY possible via the core disable telnet server Allied Telesis www alliedtelesis com NETWORK RESILIENCY SOLUTIONS VCStack Link aggregation enable ssh server serverkey hostkey 0 expirytime Remote management sessions must use SSH and or logintimeout 60 HTTPS add pki certificate cer_name location cer_name cer trust true set http server security on
7. s almost instantly adapts its data forwarding on the loss of the link Allied Telesis www alliedtelesis com NETWORK RESILIENCY SOLUTIONS VCStack Link aggregation Customers benefits Customer requirements met with the VCStack Link Aggregation resiliency solution m A resilient solution without using Spanning Tree m A simpler replacement for VRRP and or other legacy redundancy protocols m Simpler network management the virtual chassis is managed as a single unit The dedicated stacking link is backed up by a further resiliency link If the stacking link fails communication between the stack members is maintained to enable graceful reconfiguration Server farm Link aggregation to the servers creates a resilient connection to important data providing load sharing and high availability All switch tables are synchronized across the stack ensuring no loss of Y999 24XT Ezz forwarding information in the event of a stack member failing x900 24XT Link aggregation between the virtual chassis and edge switches provides full bandwidth and resiliency and negates the need to configure spanning tree Stackable edge switches increase resiliency and port density while providing simplified management as a single virtual switch 10 100 Gigabit Stacking Link Aggregation Allied Telesis Products The following products support Virtual Chassis Stacking SwitchBlade
8. sslkey 2 port 443 All log messages are sent to a syslog server Higher severity log messages are also buffered on the switch itself create log output destination syslog server 192 168 10 1 secure yes message 20 add log output filter severity gt enable snmp enable snmp authenticate_trap Allow read only SNMP monitoring from one management create snmp community public station Send traps to that same management station enable snmp community public trap add snmp community public manager 192 1 68 10 13 add snmp community public traphost 192 1 68 10 13 System time is provided from an NTP server enable ntp add ntp peer 192 168 10 3 Allied Telesis www alliedtelesis com NETWORK RESILIENCY SOLUTIONS VCStack Link aggregation 8000S Configuration interface range ethernet e 24 2 e 24 ____ port storm control broadcast enable port storm control include multicast exit Broadcast and multicast limiting prevent downstream loops from affecting the inner layers of the network interface range ethernet e 24 2 e 24 spanning tree portfast spanning tree guard root exit The client facing ports are configured as portfast so there is no delay in connectivity when client devices attach Root guard protects against STP spoofing attacks interface range ethernet e 1 24 2 e 24 Port security guards against MAC spoofing attacks and port security mode max addresses limits the abili
9. ty for intruders to connect to the network port security max 3 port security discard trap 60 exit By default all into VLAN 170 A y default all ports are put into dJefultevanvlarn 170 exit Two gigabit ports one from each stack member are interface range ethernet g1 2 gl aggregated together to create a resilient link to the channel group mode on network core exit dot x system auth control interface range ethernet e 1 24 2 e 1 14 dot x single host violation discard trap 30 dot x re authentication dot x port control auto exit 802 Ix authentication is enabled on all the client facing ports Clients cannot access the network without being authenticated ip dhcp snooping ip dhcp snooping vlan 170 DHCP snooping guards against rogue server and server baat batt k interface port channel ee ee ip dhcp snooping trust exit interface vlan 170 Attach a management IP address to VLAN 170 and provide ip address 192 168 170 45 255 255 0 0 a default gateway exit ip default gateway 192 1 68 170 VCStack Allied Telesis www alliedtelesis com NETWORK RESILIENCY SOLUTIONS VCStack Link aggregation radius server host 192 168 10 34 auth port 1812 acct port 1813 The Radius server is used for authenticating management key testing 23 2 sessions and also for authenticating 802 lx clients aaa authentication login default radius local aaa authentication dot x default radius management access
10. x908 advanced Layer 3 modular switch m x900 12X and 24X series advanced Gigabit L3 expandable switches This solution utilizes the following products at the network edge m AI 8600 series Layer 3 Fast Ethernet switches m AI 8000S series stackable Fast Ethernet edge switches Please see Resilient Networking with VCStack for more information on Allied Telesis Virtual Chassis Stacking solution www alliedtelesis com solutions Allied Telesis www alliedtelesis com NETWORK RESILIENCY SOLUTIONS VCStack Link aggregation x900 Configuration All log messages are sent to a syslog server Higher severity log buffered level errors log messages are also buffered on the switch itself log host 192 168 10 11 log host 192 168 10 1 level debugging Allow read only SNMP monitoring from one management access list permit 192 168 10 13 station snmp server enable trap auth nsm snmp server community public ro snmp server host 192 168 10 13 version 2c public A resiliency link backs up the dedicated stacking link If the stacking link fails communication is maintained to allow stack resiliencylink ethO graceful reconfiguration stack priority Use priority to pre elect the VCStack master switch Create VLANs VLAN 169 for servers and VLANs 70 172 vlan database for connectivity to edge switches vlan 169 172 state enable interface port 0 switchport switchport mode access switchport access vlan 169 static channel group
Download Pdf Manuals
Related Search