Enterasys Networks Security Router X-PeditionTM User Manual

Page 26

Advertising

background image

xxiv

DHCP Client Services .................................................................................................................................. 15-6

Router Option ......................................................................................................................................... 15-6
Parameter Request List Option .............................................................................................................. 15-6
DHCP Client Interaction ......................................................................................................................... 15-6

Secondary Address Caveats ............................................................................................................ 15-6
Interaction with Remote Auto Install (RAI)........................................................................................ 15-7

DHCP Client Timeouts ........................................................................................................................... 15-7

DHCP CLI Commands ................................................................................................................................. 15-8
DHCP Set Up Overview ............................................................................................................................... 15-9

Configuring DHCP Address Pools ......................................................................................................... 15-9
Configuring DHCP - Network Configuration Parameters ....................................................................... 15-9

Configuration Steps ...................................................................................................................................... 15-9

Create an IP Local Client Pool ............................................................................................................... 15-9
Create a Corresponding DHCP Pool ................................................................................................... 15-10
Configure DHCP Network Parameters ................................................................................................. 15-10
Enable the DHCP Server ..................................................................................................................... 15-10
Optional: Set Up a DHCP Nested Scope ............................................................................................. 15-10
Optional: Configure a DHCP Manual Binding ...................................................................................... 15-10

DHCP Server Configuration Examples ....................................................................................................... 15-11

Pool with Hybrid Servers Example ....................................................................................................... 15-11
Manual Binding Example ..................................................................................................................... 15-11
Manual Binding with Class Example .................................................................................................... 15-11
BOOTP Client Support Example .......................................................................................................... 15-12
DHCP Option Examples ....................................................................................................................... 15-12

Chapter 16: Configuring Security on the XSR

Features ....................................................................................................................................................... 16-1

Access Control Lists ............................................................................................................................... 16-1

ACL Violations Alarm Example......................................................................................................... 16-2

Packet Filtering ...................................................................................................................................... 16-2
LANd Attack ........................................................................................................................................... 16-2
Smurf Attack ........................................................................................................................................... 16-3
Fraggle Attack ........................................................................................................................................ 16-3
IP Packet with Multicast/Broadcast Source Address ............................................................................. 16-3
Spoofed Address Check ........................................................................................................................ 16-3
SYN Flood Attack Mitigation .................................................................................................................. 16-3
Fragmented and Large ICMP Packets ................................................................................................... 16-3

Fragmented ICMP Traffic ................................................................................................................. 16-3
Large ICMP Packets......................................................................................................................... 16-4
Ping of Death Attack......................................................................................................................... 16-4

Spurious State Transition ....................................................................................................................... 16-4

General Security Precautions ....................................................................................................................... 16-4
AAA Services ................................................................................................................................................ 16-5

Connecting Remotely via SSH or Telnet with AAA Service ................................................................... 16-6

Firewall Feature Set Overview ..................................................................................................................... 16-9

Reasons for Installing a Firewall ............................................................................................................ 16-9
Types of Firewalls ................................................................................................................................ 16-10

ACL and Packet Filter Firewalls ..................................................................................................... 16-10
ALG and Proxy Firewalls ................................................................................................................ 16-11
Stateful Inspection Firewalls........................................................................................................... 16-12

XSR Firewall Feature Set Functionality ...................................................................................................... 16-12

Stateful Firewall Inspection (SFI).................................................................................................... 16-12
Filtering non-TCP/UDP Packets ..................................................................................................... 16-12

Advertising

Popular Brands

Popular manuals