Dec 7, 2015

エクストリーム・ネットワークス:Vlan のSecurity(XOS)

エクストリーム・ネットワークス(XOS)をご利用している場合、デフォルトですべてPort がDefault Vlan 1 にアサインします。つまり、Vlan 1 にアサインされた Active Port は Security hole になる可能性があります。 Best Practice のため、すべてのPort は Default vlan から削除することができます。

### 例 ####


* X480-48t.1.17.36 #
* X480-48t.1.17.36 # show vlan default
VLAN Interface with name Default created by user
    Admin State:         Enabled     Tagging:   802.1Q Tag 1
    Description:         None
    Virtual router:      VR-Default
    IPv4 Forwarding:     Disabled
    IPv4 MC Forwarding:  Disabled
    Primary IP:          172.16.1.103/24
    IPv6 Forwarding:     Disabled
    IPv6 MC Forwarding:  Disabled
    IPv6:                None
    STPD:                s0(Disabled,Auto-bind)
    Protocol:            Match all unfiltered protocols
    Loopback:            Disabled
    NetLogin:            Disabled
    OpenFlow:            Disabled
    TRILL:               Disabled
    QosProfile:          None configured
    Egress Rate Limit Designated Port: None configured
    Flood Rate Limit QosProfile:       None configured
    Ports:   48.          (Number of active ports=0)
       Untag:      !1,     !2,     !3,     !4,     !5,     !6,     !7,
                   !8,     !9,    !10,    !11,    !12,    !13,    !14,
                  !15,    !16,    !17,    !18,    !19,    !20,    !21,
                  !22,    !23,    !24,    !25,    !26,    !27,    !28,
                  !29,    !30,    !31,    !32,    !33,    !34,    !35,
                  !36,    !37,    !38,    !39,    !40,    !41,    !42,
                  !43,    !44,    !45,    !46,    !47,    !48
        Flags:    (*) Active, (!) Disabled, (g) Load Sharing port
                  (b) Port blocked on the vlan, (m) Mac-Based port
                  (a) Egress traffic allowed for NetLogin
                  (u) Egress traffic unallowed for NetLogin
                  (t) Translate VLAN tag for Private-VLAN
                  (s) Private-VLAN System Port, (L) Loopback port
                  (x) VMAN Tag Translated port
                  (G) Multi-switch LAG Group port
                  (H) Dynamically added by MVRP
                  (D) TRILL Designated, (A) TRILL Appointed Forwarder
                  (I) Dynamically added by IDM
                  (U) Dynamically added uplink port
                  (V) Dynamically added by VM Tracking

* X480-48t.1.17.37 #  config vlan "Default" delete ports all

* X480-48t.1.17.38 # show vlan "Default"
VLAN Interface with name Default created by user
    Admin State:         Enabled     Tagging:   802.1Q Tag 1
    Description:         None
    Virtual router:      VR-Default
    IPv4 Forwarding:     Disabled
    IPv4 MC Forwarding:  Disabled
    Primary IP:          172.16.1.103/24
    IPv6 Forwarding:     Disabled
    IPv6 MC Forwarding:  Disabled
    IPv6:                None
    STPD:                s0(Disabled,Auto-bind)
    Protocol:            Match all unfiltered protocols
    Loopback:            Disabled
    NetLogin:            Disabled
    OpenFlow:            Disabled
    TRILL:               Disabled
    QosProfile:          None configured
    Egress Rate Limit Designated Port: None configured
    Flood Rate Limit QosProfile:       None configured
####
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)