Manualshelf

Manual

ManualsBrandsQTECH ManualsAccessories communicationQSW-3400 Инструкция по настройке
341342343344345346347348349350
+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
344
In the network topology above, SWITCH B connects to many PC users, before enabling the
number limitation function of MAC and IP in Port, VLAN, if the system hardware has no other
limitation, SWTICH A and SWTICH B can get the MAC, ARP, ND list entries of all the PC, so
limiting the MAC, ARP list entry can avoid DOS attack to a certain extent. When malicious
users frequently do MAC, ARP cheating, it will be easy for them to fill the MAC, ARP list entries
of the switch, causing successful DOS attacks. Limiting the MAC, ARP, ND list entry can
prevent DOS attack.
On port 1/1 of SWITCH A, set the max number can be learnt of dynamic MAC address as 20,
dynamic ARP address as 20, NEIGHBOR list entry as 10. In VLAN 1, set the max number of
dynamic MAC address as 30, of dynamic ARP address as 30, NEIGHBOR list entry as 20.
SWITCH A configuration task sequence:
Switch (config)#interface ethernet 1/1
Switch (Config-If-Ethernet1/1)#switchport mac-address dynamic maximum
20
Switch (Config-If-Ethernet1/1)#switchport arp dynamic maximum 20
Switch (Config-If-Ethernet1/1)#switchport nd dynamic maximum 10
Switch (Config-if-Vlan1)#vlan mac-address dynamic maximum 30
41.4 The Number Limitation Function of MAC and IP in Port, VLAN
Troubleshooting Help
The number limitation function of MAC and IP in Port, VLAN is disabled by default, if users
need to limit the number of user accessing the network, they can enable it. If the number
limitation function of MAC address can not be configured, please check whether Spanning-tree,
dot1x, TRUNK is running on the switch and whether the port is configured as a MAC-binding
port. The number limitation function of MAC address is mutually exclusive to these
configurations, so if the users need to enable the number limitation function of MAC address
on the port, they should check these functions mentioned above on this port are disabled.
If all the configurations are normal, after enabling the number limitation function of MAC and IP
in Port, VLAN, users can use debug commands to debug every limitation, check the details of
number limitations and judge whether the number limitation function is correct. If there is any
problem, please sent result to technical service center.