Allied Telesis AT-9924T/4SP-A-20 User Manual

C613-16055-00 REV Ewww.alliedtelesis.comIntroductionThis document contains useful technical tips and tricks for Allied Telesis routers and managed Lay

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 10A simpler way to save the current configurationWith Software Versions 2.8.1 and

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 100How to use the trustprivate parameter on the firewall to block users on the pr

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 101with trustprivate=off, and explicitly configure rules to block access from any

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 102How to use the firewall to control Internet access on the basis of private hos

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 103Configuration on the firewallThe configuration required to enable this process

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 104BUT for the MAC authentication, we need to be able to say that certain MAC add

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 105How to configure a timeout on particular UDP ports in a firewall policyYou can

USA Headquar ters | 19800 Nor th Cr eek Parkwa y | Suite 200 | Bothell | WA 98011 | USA | T: +1 800 424 4284 | F: +1 425 481 3895

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 11How to store stack dump filesSince Software Version 2.7.6, the router or switch

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 12As mentioned previously, only a maximum of 8 files can be stored in flash at on

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 13How to securely manage remote devices from an Asyn (console) port on a router o

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 14 Connect to the remote device (in this example, the device attached to asyn1) b

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 15 Sending a Break command does not actually disconnect from the Asyn port. There

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 16How to reduce the impact of storms by using QoS policy storm protectionSoftware

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 17The following table explains the basic concepts involved with storm protection.

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 18How to reduce the impact of storms by controlling rapid MAC movementSoftware Ve

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 19To set a thrash action for a trunk, use the command:set lacp priority=priority

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 2This document also contains the following Tips and Tricks from earlier revisions

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 20How to use SNMP to monitor STP and RSTP linksSpanning Tree Protocol is used to

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 21 Now that you have placed the devices in the network, you need to link the devi

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 22Set the Status Variable as follows:1. click on the >> button (next to the

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 23 Now configure the alarms to alert you if a link fails in the STP loop. On the

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 24Finally select the Actions tab. Here you select a colour for the STP link to ch

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 25How to use SNMP to monitor master and slave SwitchBlade controller cardsIf you

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 26Creating an alert when a controller failsPerhaps the easiest way to create an a

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 27Then select the Attributes tab. On the Attributes tab, select the entry called

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 28 The final stage is to add alarms to alert you on screen if a SwitchBlade contr

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 29Enter a name for the filter event, such as “SB controller failure” and enter a

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 3How to capture command output in a text fileInstead of displaying command output

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 30Finally select the Actions tab. Here you select a colour to indicate controller

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 31 If there are some events for which you want to see alerts on the screen, then

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 32Why you need to use an idle timer on a PPPoE linkOn PPPoE interfaces, we recomm

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 33If PPPoE behaved like an always-up Layer 1 link, as described above, re-establi

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 34How to handle RIP route tagsRIP supports route tags from RIPv2 (RFC 1724). They

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 35The following figure shows output of the show ip route command from the router

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 36The following figure shows the BGP route table by using the show bgp route comm

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 37Route compatibility when RIP is set to receive both RIPv1 and RIPv2 routesThe r

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 38Switch_B sends two routes (172.17.0.0/16 and 192.168.0.0/16) to its neighbours,

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 39SolutionSetting Switch_A to accept RIPv2 (and not be compatible with RIPv1) cau

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 4Automatically uploading command output dailyYou can use the create file command,

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 40How to select the right ISAKMP policy during incoming Phase 1 ISAKMP proposalsV

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 41Understanding selectionIn these situations, it is important to appreciate which

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 42• These policies have different ID fields, but when using ISAKMP main mode, the

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 43Why the remote peer VPN router may set up multiple ISAKMP SAs when responding t

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 44The configuration of Router 2 is:create isakmp pol=isakmp peer=any key=1 mode=a

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 45that case, the ISAKMP SAs time out after 24 hours by default. If you have frequ

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 46When you have multiple policies to the same peer, you also need to consider the

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 47About the firewall’s aggressive modeAggressive mode is a state that the firewal

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 48The maximum number of retransmissions may be reached before the session timeout

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 49How to combine firewall standard and enhanced NATIt is possible to use standard

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 5How to automatically capture output when particular events occurOften when we ar

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 50add firewall poli=example rule=25 act=nat int=eth0-1 protocol=udp port=1-65000

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 51Why the switch has many “interface is UP” and “interface is DOWN” log messagesW

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 52How to gather useful debugging information for a suspected memory leakSituation

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 53The output of show buffer scan is also in the output of show debug, but it is i

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 54Figure 3 on page 54 and Figure 4 on page 54 show the second show time and show

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 55After the third show time and show buffer scan commands, the memory address has

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 56Once an address has been identified from the repeated show buffer scan command

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 57Example output from the show buffer scan=0007cc20 command (Continued)Figure 7 o

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 58Screen outputs showing details of these commands are shown below in Figure 8 on

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 59Figure 10: .Example output from the dump commandFigure 11: .Example output from

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 6Create a script called (for example) capture.scp, containing the following comma

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 60Figure 13: Example output from the dump a=0aab5b0c command.Why unexpected SNMP

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 61How to deal with spoofed packetsSpoofed packets are packets that have arrived i

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 62How to interrupt text flow that is continuously streaming to the CLIA keyboard

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 63How to set an inactivity timeout on console and TTY connectionsIt is possible t

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 64Figure 22: Example output from the show asyn commandManager > set asyn=0 idl

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 65How to set Summer Time and time zonesYou can configure the switch or router to

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 66Figure 23: Example output from the show summertime commandIt is also possible t

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 67How to ensure that system traffic is given priority when your switch is very bu

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 68On 8948_A we can see that the CPU is busy and the default queue (2) is overload

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 69First, give priority to routing protocol traffic sent to the CPU, by using the

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 7Run the script and send the output to a syslog serverAlternatively (or on older

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 70How to enable and install a release on the SwitchBlade with two controllersThis

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 71If the switch is running a version prior to 2.7.5AThe above procedure was not a

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 72How to fix switch port speed but still negotiate duplexIt is possible to fix th

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 73How to make private and public VLANs share the same uplinkOn AT-8600, AT-8700XL

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 74RSTP BPDU detection featuresWith RSTP it is never a good thing to have RSTP BPD

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 75How to allocate a WAN IP address to a PPP peer, and create a separate route to

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 76How to reflect TOS onto L2TP tunnelled packetsIt is possible to configure the r

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 77Router 1 configuration#L2TP configurationenable l2tpenable l2tp server=both# Co

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 78Router 2 configurationIn this example we are using a PPP template on Router 2,

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 79The screenshot below shows an ethereal capture of a packet from IP address 172.

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 8The output of a script that is called from a trigger can be sent to the log. The

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 80How to use Ping or Trace using Domain Name Service (DNS)It is possible to ping

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 81How OSPF metrics are calculated If O

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 82AS External route typesThere are two types of AS external routes—Type-1 and Typ

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 83Filtering OSPF static routes with a whitelist or blacklist route mapOSPF can be

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 84Now we add the commands for the filtering. In the following configuration outpu

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 85Once this “blacklist” route map has been applied on the ASBR, show ip route sho

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 86WhitelistNow change a little bit of the IP config—the action taken on matching

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 87How to identify and combat worm attacksThis Tip describes a method for dealing

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 88Use the following commands on AT-8600, AT-8700XL, AT-8800, AT-8900, AT-9900, x9

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 89Whether encryption is performed in hardware or softwareWhen no hardware encrypt

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 9How to upgrade the GUI when upgrading to Software Version 2.8.1The naming conven

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 90When an AT-AR011 v2 ECMAC is installed—AR300 Series routers, AR410, AR410S, AR7

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 91How and when to use VRRP IP address adoptionVRRP IP address adoption is when th

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 92Support for RADIUS accounting for 802.1x dynamic VLAN assignmentSupport for RAD

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 93How to configure the firewall to allow outward-going pings but to block inward-

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 94How to use firewall NAT to translate subnetsThis Tip gives an example of how yo

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 95A configuration example is shown below:create vlan="vlan10" vid=10add

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 96Correct use of firewall NAT when FTP does not use port 21Active and passive FTP

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 97How to enable the firewall enhanced fragment handling modeWhen using the firewa

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 98That packet gets dropped when it reaches the firewall. The results in the clien

Technical Tips and Tricks | for Routers and Managed Layer 3 Switches 99How to use the HTTP proxy (application gateway)The firewall's HTTP proxy i