Home » ZyXEL Manuals » Networking » ZyXEL VES1724-56B2 » Manual Viewer

ZyXEL VES1724-56B2 User Guide - Page 287

Table 128, Label, Description

Add to My Manuals
Save this manual to your list of manuals

Page 287 highlights

Chapter 31 DoS Prevention The following table describes the labels in this screen. Table 128 DoS Prevention LABEL Active Action Mac IP ICMP TCP UDP Apply Cancel DESCRIPTION Select the check box to enable DoS prevention. Specify the action(s) and filtering criteria the Switch takes on all incoming packets. Select the If packets with source Mac address equals destination Mac address, drop them. check box to discard any packets whose source MAC address and destination MAC address are the same. Select the If packets with source IP address equals destination IP address, drop them. check box to discard any IP packets whose source IP address and destination IP address are the same. select the If the packets are fragmented ICMP packets, drop them. check box to have the Switch discard any fragmented ICMP packets. Select the Check TCP SYN packet with source port values are always 0, drop them. check box to have the Switch discard any TCP SYN packets whose source port numbers are zero. Select the TCP fragments with offset value of 1 are dropped. check box to have the Switch discard any TCP fragments with a Data Offset of 1. Select the TCP packets with control flags equals 0 and sequence number equals 0, drop them. check box to have the Switch discard any TCP packets whose control (flag) bit and sequence number are 0. Select the TCP packets with source port equals destination port, drop them. check box to have the Switch discard any TCP packets whose source port and destination port are the same. Select the TCP packets with SYN and FIN bits, drop them. check box to have the Switch discard the TCP packets that contain both SYN (SYNchronize) and FIN (Finish) flags. Select the TCP packets with FIN, URG and PSH bits and sequence number equals 0, drop them. check box to have the Switch discard any TCP packets whose FIN (Finish), URG (URGent) and PSH (Push) flags bits and sequence number are 0. Select the UDP packets with source port equals destination port, drop them. check box to have the Switch discard any UDP packets whose source port and destination port are the same. Click Apply to save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. VES1724-56 User's Guide 287

Section	Page
VES1724-56	1
Contents Overview	3
Table of Contents	5
User’s Guide	17
Getting to Know Your Switch	19
1.1 Introduction	19
1.2 Applications	19
1.2.1 MTU Application	19
1.2.2 Curbside Application	20
1.3 Ways to Manage the Switch	21
1.4 Good Habits for Managing the Switch	21
Hardware Installation and Connection	23
2.1 Installation Scenarios	23
2.2 Desktop Installation Procedure	23
2.3 Mounting the Switch on a Rack	24
2.3.1 Rack-mounted Installation Requirements	24
2.3.2 Attaching the Mounting Brackets to the Switch	24
2.3.3 Mounting the Switch on a Rack	25
2.4 Connecting the Frame Ground	25
Hardware Overview	26
3.1 Front Panel	26
3.1.1 Power Connector	26
3.1.2 Gigabit Ethernet Ports	27
3.1.3 Mini-GBIC Slots	28
3.1.4 Management Port	29
3.1.5 Console Port	30
3.1.6 ALARM Slot	30
3.2 LEDs	31
The Web Configurator	33
4.1 Introduction	33
4.2 System Login	33
4.3 The Port Status Screen	34
4.3.1 Change Your Password	39
4.4 Saving Your Configuration	39
4.5 Switch Lockout	39
4.6 Resetting the Switch	40
4.6.1 Reload the Configuration File	40
4.7 Logging Out of the Web Configurator	41
4.8 Help	41
Initial Setup Example	42
5.1 Overview	42
5.2 Configuring Switch Management IP Address	42
5.2.1 Creating a VLAN	43
5.2.2 Setting Port VID	44
Tutorials	46
6.1 How to Use DHCP Relay Per VLAN on the Switch	46
6.1.1 DHCP Relay Tutorial Introduction	46
6.1.2 Creating a VLAN	46
6.1.3 Configuring Management IP Address	48
6.1.4 Configuring DHCP VLAN Settings	49
6.1.5 Testing the Connection	50
Technical Reference	51
System Status and Port Statistics	53
7.1 Overview	53
7.2 Port Status Summary	53
7.2.1 VDSL Port Status Change	54
7.2.2 VDSL Port Details	55
7.2.3 Bonding Group Details	65
7.2.4 VDSL Summary	66
7.2.5 Port Details	67
Basic Setting	70
8.1 Overview	70
8.2 System Information	70
8.3 General Setup	72
8.4 Introduction to VLANs	74
8.5 Switch Setup Screen	75
8.6 IPv6 Introduction	76
8.6.1 IPv6 Addressing	76
8.6.2 IPv6 Prefix and Prefix Length	77
8.6.3 IPv6 Subnet Masking	77
8.6.4 Interface ID	77
8.6.5 Link-local Address	77
8.6.6 Global Address	77
8.6.7 Unspecified	78
8.6.8 EUI-64	78
8.6.9 Stateless Autoconfiguration	78
8.7 IP Setup	79
8.7.1 Management IP Addresses	79
8.8 External Alarm Switch	81
8.9 Port Setup	82
8.10 Rate Limit Profile Setup	84
8.10.1 Per Queue Ratelimit Profile	85
8.11 Hardware Alarm Profile	87
8.12 CPE Port Status	87
8.13 IPv6 Setup	88
8.13.1 IPv6 Setup: Configuration	90
8.13.2 IPv6 ND Setup	91
8.13.3 IPv6 Neighbor Setup	91
8.14 SFP Threshold Setup	93
VDSL Setup	97
9.1 VDSL Overview	97
9.1.1 VDSL Profile Example	101
9.1.2 Primary and Fallback VDSL Templates Example	102
9.2 VDSL Line Setup	103
9.3 VDSL Template Setup	104
9.3.1 VDSL Line Profile Setup	106
9.3.2 VDSL Line Profile Setup > Rate Adaptive	109
9.3.3 VDSL Line Profile Setup > MIB PSD Mask	111
9.3.4 VDSL Line Profile Setup > DPBO	112
9.3.5 VDSL Line Profile Setup > RFI Band	113
9.3.6 VDSL Line Profile Setup > Virtual Noise	115
9.3.7 VDSL Channel Profile Setup	116
9.3.8 VDSL G.INP Setup	118
9.3.9 VDSL INM Profile Setup	119
9.4 VDSL Alarm Template Setup	121
9.4.1 VDSL Line Alarm Profile Setup	122
9.4.2 VDSL Channel Alarm Profile Setup	124
9.5 VDSL Bonding Setup	125
VLAN	129
10.1 Introduction to IEEE 802.1Q Tagged VLANs	129
10.1.1 Forwarding Tagged and Untagged Frames	129
10.1.2 VLAN Tagging Priority	130
10.2 Automatic VLAN Registration	130
10.2.1 GARP	130
10.2.2 GVRP	130
10.3 Port VLAN Trunking	131
10.4 Select the VLAN Type	131
10.5 Static VLAN	132
10.5.1 Static VLAN Status	132
10.5.2 VLAN Details	133
10.5.3 Configure a Static VLAN	134
10.5.4 Configure a VLAN Profile	135
10.5.5 Configure VLAN Port Settings	137
10.6 Subnet Based VLANs	138
10.7 Configuring Subnet Based VLAN	139
10.8 Protocol Based VLANs	141
10.9 Configuring Protocol Based VLAN	142
10.10 Create an IP-based VLAN Example	143
10.11 Configuring MAC Based VLAN	144
10.12 Port Based VLAN Setup	146
10.12.1 Configure a Port Based VLAN	147
10.13 VLAN Counter	150
Static MAC Forward Setup	152
11.1 Overview	152
11.2 Configuring Static MAC Forwarding	152
Static Multicast Forward Setup	154
12.1 Static Multicast Forwarding Overview	154
12.2 Configuring Static Multicast Forwarding	155
Filtering	158
13.1 Configure a Filtering Rule	158
Spanning Tree Protocol	160
14.1 STP/RSTP Overview	160
14.1.1 STP Terminology	160
14.1.2 How STP Works	161
14.1.3 STP Port States	161
14.1.4 Multiple RSTP	162
14.1.5 Multiple STP	162
14.2 Spanning Tree Protocol Status Screen	165
14.3 Spanning Tree Configuration	165
14.4 Configure Rapid Spanning Tree Protocol	166
14.5 Rapid Spanning Tree Protocol Status	167
14.6 Configure Multiple Rapid Spanning Tree Protocol	168
14.7 Multiple Rapid Spanning Tree Protocol Status	170
14.8 Configure Multiple Spanning Tree Protocol	171
14.9 Multiple Spanning Tree Protocol Status	173
Broadcast Storm Control	176
15.1 Broadcast Storm Control Setup	176
Mirroring	178
16.1 Port Mirroring Setup	178
Link Aggregation	180
17.1 Link Aggregation Overview	180
17.2 Dynamic Link Aggregation	180
17.2.1 Link Aggregation ID	181
17.3 Link Aggregation Status	181
17.4 Link Aggregation Setting	182
17.5 Link Aggregation Control Protocol	183
17.6 Static Trunking Example	184
Port Authentication	186
18.1 Port Authentication Overview	186
18.1.1 IEEE 802.1x Authentication	186
18.1.2 MAC Authentication	187
18.2 Port Authentication Configuration	188
18.2.1 Activate IEEE 802.1x Security	188
18.2.2 Activate MAC Authentication	189
MAC Limit	191
19.1 MAC Limit Overview	191
19.2 MAC Limit	191
19.2.1 MAC Limit: VLAN Security	192
Classifier	194
20.1 About the Classifier and QoS	194
20.2 Configuring the Classifier	194
20.3 Viewing and Editing Classifier Configuration	197
20.4 Classifier Example	199
Policy Rule	200
21.1 Policy Rules Overview	200
21.1.1 DiffServ	200
21.1.2 DSCP and Per-Hop Behavior	200
21.2 Configuring Policy Rules	200
21.3 Policy Example	204
Queuing Method	205
22.1 Queuing Method Overview	205
22.1.1 Strictly Priority Queuing	205
22.1.2 Weighted Fair Queuing	205
22.1.3 Weighted Round Robin Scheduling (WRR)	205
22.2 Configuring Queuing	206
VLAN Stacking	208
23.1 VLAN Stacking Overview	208
23.1.1 VLAN Stacking Example	208
23.2 VLAN Stacking Port Roles	209
23.3 VLAN Tag Format	210
23.3.1 Frame Format	210
23.4 Configuring VLAN Stacking	211
23.4.1 Port-based Q-in-Q	212
23.4.2 Selective Q-in-Q	214
23.4.3 Port-based InnerQ	215
Multicast	217
24.1 Multicast Overview	217
24.1.1 IP Multicast Addresses	217
24.1.2 IGMP Filtering	217
24.1.3 IGMP Snooping	217
24.1.4 IGMP Snooping and VLANs	218
24.1.5 IGMP Proxy	218
24.1.6 Multicast Listener Discovery	218
24.1.7 MLD Messages	218
24.2 Multicast Status	219
24.3 Multicast Setting	224
24.4 IGMP Snooping VLAN	226
24.5 IGMP Filtering Profile	227
24.6 MVR Overview	229
24.6.1 Types of MVR Ports	229
24.6.2 MVR Modes	229
24.6.3 How MVR Works	229
24.7 General MVR Configuration	230
24.8 MVR Group Configuration	232
24.8.1 MVR Configuration Example	234
Authentication and Accounting	236
25.1 Authentication, Authorization and Accounting	236
25.1.1 Local User Accounts	236
25.1.2 RADIUS and TACACS+	237
25.2 Authentication and Accounting Screens	237
25.2.1 RADIUS Server Setup	237
25.2.2 TACACS+ Server Setup	240
25.2.3 Authentication and Accounting Setup	242
25.2.4 Vendor Specific Attribute	244
25.3 Supported RADIUS Attributes	245
25.3.1 Attributes Used for Authentication	245
25.3.2 Attributes Used for Accounting	246
IP Source Guard	249
26.1 IP Source Guard Overview	249
26.1.1 DHCP Snooping Overview	249
26.1.2 ARP Inspection Overview	251
26.2 IP Source Guard	253
26.3 IP Source Guard Static Binding	253
26.4 DHCP Snooping	255
26.5 DHCP Snooping Configure	257
26.5.1 DHCP Snooping Port Configure	259
26.5.2 DHCP Snooping VLAN Configure	260
26.6 ARP Inspection Status	261
26.6.1 ARP Inspection VLAN Status	263
26.6.2 ARP Inspection Log Status	264
26.7 ARP Inspection Configure	265
26.7.1 ARP Inspection Port Configure	266
26.7.2 ARP Inspection VLAN Configure	268
Loop Guard	270
27.1 Loop Guard Overview	270
27.2 Loop Guard Setup	272
CFM	274
28.1 CFM Overview	274
28.1.1 How CFM Works	274
28.2 CFM MA	275
28.3 CFM MD	277
VLAN Mapping	278
29.1 VLAN Mapping Overview	278
29.1.1 VLAN Mapping Example	278
29.2 Enabling VLAN Mapping	279
29.3 Configuring VLAN Mapping	280
Layer 2 Protocol Tunneling	282
30.1 Layer 2 Protocol Tunneling Overview	282
30.1.1 Layer 2 Protocol Tunneling Mode	283
30.2 Configuring Layer 2 Protocol Tunneling	284
DoS Prevention	286
31.1 DoS Prevention Overview	286
31.2 Configuring DoS Prevention	286
PPPoE IA	288
32.1 PPPoE Intermediate Agent Overview	288
32.1.1 PPPoE Intermediate Agent Tag Format	288
32.1.2 Sub-Option Format	289
32.1.3 PPPoE IA Configuration Options	289
32.2 The PPPoE IA Status Screen	290
32.3 PPPoE IA Port Tel Configuration	290
32.4 PPPoE IA Global Configuration	291
32.5 PPPoE IA VLAN Configuration	293
32.6 ADSL Fallback	295
32.6.1 PVC Configuration	295
32.6.2 IPPVC Configuration	297
32.6.3 PAEPVC Configuration	299
Static Route	301
33.1 Static Routing Overview	301
33.2 Configuring Static Routing	302
Differentiated Services	304
34.1 DiffServ Overview	304
34.1.1 DSCP and Per-Hop Behavior	304
34.1.2 DiffServ Network Example	304
34.2 Two Rate Three Color Marker Traffic Policing	305
34.2.1 TRTCM-Color-blind Mode	306
34.2.2 TRTCM-Color-aware Mode	306
34.3 Activating DiffServ	306
34.3.1 Configuring 2-Rate 3 Color Marker Settings	307
34.4 DSCP-to-IEEE 802.1p Priority Settings	309
34.4.1 Configuring DSCP Settings	309
DHCP	311
35.1 DHCP Overview	311
35.1.1 DHCP Modes	311
35.1.2 DHCP Configuration Options	311
35.2 DHCP Status	311
35.3 DHCP Port Tel	312
35.4 DHCP Relay	313
35.4.1 DHCP Relay Agent Information	313
35.4.2 DHCP Relay Agent Information Format	313
35.4.3 Sub-Option Format	313
35.4.4 Configuring DHCP Global Relay	314
35.4.5 Global DHCP Relay Configuration Example	317
35.5 Configuring DHCP VLAN Settings	318
35.5.1 Example: DHCP Relay for Two VLANs	320
35.6 DHCPv6 LDRA	321
35.6.1 DHCPv6 Counter	324
35.6.2 Snooping Configure	324
Maintenance	327
36.1 The Maintenance Screen	327
36.2 Firmware Upgrade	328
36.2.1 Dual Firmware Image	328
36.3 Restore a Configuration File	329
36.4 Backup a Configuration File	330
36.5 Load Factory Default	330
36.6 Save Configuration	331
36.7 Reboot System	331
36.8 FTP Command Line	331
36.8.1 Filename Conventions	331
36.8.2 FTP Command Line Procedure	332
36.8.3 GUI-based FTP Clients	333
36.8.4 FTP Restrictions	333
Access Control	334
37.1 Access Control Overview	334
37.2 The Access Control Main Screen	334
37.3 About SNMP	334
37.3.1 SNMP v3 and Security	335
37.3.2 Supported MIBs	336
37.3.3 SNMP Traps	336
37.3.4 Configuring SNMP	342
37.3.5 Configuring SNMP Trap Group	344
37.3.6 Setting Up Login Accounts	344
37.4 SSH Overview	346
37.5 How SSH works	346
37.6 SSH Implementation on the Switch	347
37.6.1 Requirements for Using SSH	347
37.7 Introduction to HTTPS	347
37.8 HTTPS Example	348
37.8.1 Internet Explorer Warning Messages	348
37.8.2 Mozilla Firefox Warning Messages	351
37.8.3 The Main Screen	352
37.9 Service Port Access Control	353
37.10 Remote Management	354
Diagnostic	356
38.1 Diagnostic	356
Syslog	358
39.1 Syslog Overview	358
39.2 Syslog Setup	359
39.3 Syslog Server Setup	360
Loop Diagnostic	361
40.1 Dual-End Loop Test	361
40.2 Single-End Loop Test (SELT)	363
MAC Table	365
41.1 MAC Table Overview	365
41.2 Viewing the MAC Table	366
ARP Table	367
42.1 ARP Table Overview	367
42.1.1 How ARP Works	367
42.2 Viewing the ARP Table	367
Hardware Information	369
43.1 Hardware Information	369
CFM Action	370
44.1 CFM Action	370
IPv6 Cache	372
45.1 Overview	372
45.2 Neighbor Cache	373
45.3 Router	374
45.4 Path MTU	375
Troubleshooting	377
46.1 Power, Hardware Connections, and LEDs	377
46.2 Switch Access and Login	378
46.3 Switch Configuration	380
Product Specifications	381
Common Services	397
Legal Information	401

Match case Limit results 1 per page

Chapter 31 DoS Prevention

VES1724-56 User’s Guide

287

The following table describes the labels in this screen.

Table 128

DoS Prevention

LABEL

DESCRIPTION

Active

Select the check box to enable DoS prevention.

Action

Specify the action(s) and filtering criteria the Switch takes on all incoming packets.

Mac

Select the

If packets with source Mac address equals destination Mac address, drop

them.

check box to discard any packets whose source MAC address and destination MAC

address are the same.

Select the

If packets with source IP address equals destination IP address, drop

them.

check box to discard any IP packets whose source IP address and destination IP

address are the same.

ICMP

select the

If the packets are fragmented ICMP packets, drop them.

check box to have

the Switch discard any fragmented ICMP packets.

TCP

Select the

Check TCP SYN packet with source port values are always 0, drop them.

check box to have the Switch discard any TCP SYN packets whose source port numbers are

zero.

Select the

TCP fragments with offset value of 1 are dropped.

check box to have the

Switch discard any TCP fragments with a Data Offset of 1.

Select the

TCP packets with control flags equals 0 and sequence number equals 0,

drop them.

check box to have the Switch discard any TCP packets whose control (flag) bit

and sequence number are 0.

Select the

TCP packets with source port equals destination port, drop them.

check

box to have the Switch discard any TCP packets whose source port and destination port are

the same.

Select the

TCP packets with SYN and FIN bits, drop them.

check box to have the Switch

discard the TCP packets that contain both SYN (SYNchronize) and FIN (Finish) flags.

Select the

TCP packets with FIN, URG and PSH bits and sequence number equals 0,

drop them.

check box to have the Switch discard any TCP packets whose FIN (Finish), URG

(URGent) and PSH (Push) flags bits and sequence number are 0.

UDP

Select the

UDP packets with source port equals destination port, drop them.

check

box to have the Switch discard any UDP packets whose source port and destination port are

the same.

Apply

Click

Apply

to save your changes to the Switch’s run-time memory. The Switch loses these

changes if it is turned off or loses power, so use the

Save

link on the top navigation panel to

save your changes to the non-volatile memory when you are done configuring.

Cancel

Click

Cancel

to begin configuring this screen afresh.