Umber, Imitation, Unction of – QTECH QSW-3400 Инструкция по настройке User Manual

Page 345: Vlan, Roubleshooting

Advertising
background image

+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1

344

In the network topology above, SWITCH B connects to many PC users, before enabling the

number limitation function of MAC and IP in Port, VLAN, if the system hardware has no other

limitation, SWTICH A and SWTICH B can get the MAC, ARP, ND list entries of all the PC, so

limiting the MAC, ARP list entry can avoid DOS attack to a certain extent. When malicious

users frequently do MAC, ARP cheating, it will be easy for them to fill the MAC, ARP list entries

of the switch, causing successful DOS attacks. Limiting the MAC, ARP, ND list entry can

prevent DOS attack.

On port 1/1 of SWITCH A, set the max number can be learnt of dynamic MAC address as 20,

dynamic ARP address as 20, NEIGHBOR list entry as 10. In VLAN 1, set the max number of

dynamic MAC address as 30, of dynamic ARP address as 30, NEIGHBOR list entry as 20.

SWITCH A configuration task sequence:
Switch (config)#interface ethernet 1/1
Switch (Config-If-Ethernet1/1)#switchport mac-address dynamic maximum
20
Switch (Config-If-Ethernet1/1)#switchport arp dynamic maximum 20
Switch (Config-If-Ethernet1/1)#switchport nd dynamic maximum 10
Switch (Config-if-Vlan1)#vlan mac-address dynamic maximum 30

41.4 The Number Limitation Function of MAC and IP in Port, VLAN
Troubleshooting Help

The number limitation function of MAC and IP in Port, VLAN is disabled by default, if users

need to limit the number of user accessing the network, they can enable it. If the number

limitation function of MAC address can not be configured, please check whether Spanning-tree,

dot1x, TRUNK is running on the switch and whether the port is configured as a MAC-binding

port. The number limitation function of MAC address is mutually exclusive to these

configurations, so if the users need to enable the number limitation function of MAC address

on the port, they should check these functions mentioned above on this port are disabled.

If all the configurations are normal, after enabling the number limitation function of MAC and IP

in Port, VLAN, users can use debug commands to debug every limitation, check the details of

number limitations and judge whether the number limitation function is correct. If there is any

problem, please sent result to technical service center.

Advertising
Popular Brands
Popular manuals