Tag: EOS

EOS – Password Control

14th January 2016 by Martin Flammia

Filed under Extreme Networks EOS

Last modified 18th January 2016

 

EOS – LinkFlap

14th January 2016 by Martin Flammia

Filed under Extreme Networks EOS

Last modified 14th January 2016

 

EOS – Broadcast Suppression

14th January 2016 by Martin Flammia

Filed under Extreme Networks EOS

Last modified 14th January 2016

To give the default rate of equal to 15% the following pps (packets per second) is configured per speed: for 100mb FE ports 22500, 1Gb ge ports 225000, 10Gb  tg ports 225000

 

EOS – ACL’s

14th January 2016 by Martin Flammia

Filed under Extreme Networks EOS

Last modified 14th January 2016

ACL’s can be written as standard and extended, with standard only the source IP address can be used. For an extended ACL, the protocol, source IP address, destination IP address, and in the case of the TCP or UDP protocols, matching source and destination ports are configurable. There are two ways to identify the new ACL: access‐list number or name. Standard ACL numbers can range …

EOS – MacLock

14th January 2016 by Martin Flammia

Filed under Extreme Networks EOS

Last modified 18th January 2016

Mac lock is a feature that can be configured so that only the MAC address/es of those configured or learnt can only talk on those ports. MAC Lock can also be configured to limit the amount of MAC addresses learnt, so for example, you can limit the learning to 1 MAC address so that should a hub be connected to a port those devices would …

EOS – DHCP Snooping

14th January 2016 by Martin Flammia

Filed under Extreme Networks EOS

Last modified 14th January 2016

DHCP snooping is used to ease drop onto the DHCP requests and create a binding table of IP addresses, mac addresses, ports and lease times. The idea is to stop man-in-the-middle attacks by spoofing an IP address or mac that is not a pair in the binding binding table. Untrusted

Trusted

DHCP Snooping / C – Series

 

EOS – Antispoof

14th January 2016 by Martin Flammia

Filed under Extreme Networks EOS

Last modified 18th January 2016

ANTI-SPOOF will not work without a Multiauth binding entry, so this will need to be configured along with auto-tracking! An Anti-spoofing is configured by defining class or classes that a single class can be added to all ports or different classes applied to different ports. As default threshold of 450 IP address changes per 30 seconds, to give an average of 15pps (packets per second) …

EOS – Auto Tracking

14th January 2016 by Martin Flammia

Filed under Extreme Networks EOS

Last modified 18th January 2016

Auto-tracking is a form of multiauth authentication used for populating the multiauth session table. This can be used for applications like NAC but is mandatory for the use of Anti-Spoofing, if you have no other form of multiauth authentication configured. Like configuring authentication in general this is best achieved through Netsight Policy Manager, but below is the command-line if needed.

 

EOS – 802.1x Configuration Example (C Series)

14th January 2016 by Martin Flammia

Filed under Extreme Networks EOS

Last modified 18th January 2016

Globally enable 802.1.x but don’t enforce port authentication

Enable port authentication

Disable port authentication

 

EOS – 802.1x Configuration Example (S/K Series)

14th January 2016 by Martin Flammia

Filed under Extreme Networks EOS

Last modified 18th January 2016

S/K Series Globally enable 802.1.x but don’t enforce port authentication

Enable port authentication (With auto-tracking disabled for use of anti-spoofing)

Disable port authentication (With auto-tracking enabled for use of anti-spoofing)