Security; Traffic Control - D-Link des-3010f User Manual

DES-3010F/DES-3010FL/DES-3010G/DES-3018/DES-3026 Fast Ethernet Switch Manual

Security

Traffic Control

Port Security
Port Lock Entries
802.1X
Trusted Host
Traffic Segmentation
The following section will aid the user in configuring security functions for the Switch. The Switch includes various functions for
security, including Traffic Control, Port Security, Port Lock Entries, 802.1X, Trusted Host and Traffic Segmentation all
discussed in detail in the following section.
Traffic Control
On a computer network, packets such as
Multicast packets and
continually flood the network as normal
procedure. At times, this traffic may increase do
to a malicious endstation on the network or a
malfunctioning device, such as a faulty network
card. Thus, switch throughput problems will
arise and consequently affect the overall
performance of the switch network. To help
rectify this packet storm, the Switch will monitor
and control the situation.
The packet storm is monitored to determine if
too many packets are flooding the network,
based on the threshold level provided by the
user. Once a packet storm has been detected, the
Switch will drop packets coming into the Switch
until the storm has subsided. This method can be
utilized by selecting the Drop option of the
Action field in the window below.
The Switch will also scan and monitor packets coming into the Switch by monitoring the Switch's chip counter. This method is
only viable for Broadcast and Multicast storms because the chip only has counters for these two types of packets. Once a storm
has been detected (that is, once the packet threshold set below has been exceeded), the Switch will shutdown the port to all
incoming traffic with the exception of STP BPDU packets, for a time period specified using the Count Down field. Although the
Count Down field can be specified, users are advised to disable this feature and assess the situation before recovering the port. The
Count Down field may be disabled by entering a value of 0 (zero).
If this field times out and the packet storm continues, the port will be placed in a Shutdown Forever mode which will produce a
warning message to be sent to the Trap Receiver. Once in Shutdown Forever mode, the user may recover the affected ports by
using the Traffic Control Recover section of the previous window and recover the ports shutdown forever. To utilize this method
of Storm Control, choose the Shutdown option of the Action field in the window below.
Use the Traffic Control menu to enable or disable storm control and adjust the threshold for multicast and broadcast storms, as
well as any unknown storms. To view the following window, click Security > Traffic Control:
To configure Traffic Control, enable or disable the Broadcast Storm, Multicast Storm and Unknown Unicast Storm using
their corresponding pull-down menus. Click Apply to implement changes made.
Broadcast packets
Section 10
Figure 10- 1. Traffic Control Settings window
113