Table of Contents
Advertisement
To block the W32.Slammer worm on port 1, which does not have an SQL client or server
Example
attached to it:
Blocking worms through QoS actions
On AT-8948, AT-9900, AT-9900s, and x900 Series switches,
use QoS to block traffic from a worm.
Configuration
1.
Find out which UDP or TCP port the worm attacks.
2.
Create a classifier to match traffic using that UDP or
TCP port.
3.
Create a flow group with an action of discard and add the
classifier to it.
4.
Create the rest of the QoS framework—traffic class and
policy.
5.
Apply the policy to the target switch ports (but not to ports that are attached to clients
who legitimately need to access the UDP or TCP port).
On these switches, AlliedWare classifiers offer a large range of matchable fields, including
destination port, source port, IPX, interface, TOS, DSCP value, and MAC source or
destination addresses. Once the classifier has selected a matched packet, what happens to it
can vary from discarding or forwarding it, to marking the DSCP value, and many other
alternatives.
To block the W32.Slammer worm on port 1, which does not have an SQL client or server
Example
attached to it:
Create A Secure Network With Allied Telesis Managed Layer 3 Switches
create classifier=1 udpdport=1434 protocol=ip iport=1
add switch hwfilter classifier=1 action=discard
create class=1 udpd=1434
create qos flow=1 action=discard
create qos trafficclass=1
create qos policy=1
add qos flow=1 class=1
add qos trafficclass=1 flow=1
set qos port=1 policy=1
Protecting the user
Products
AT-8948
x900-48 Series
AT-9900 Series
AT-9924Ts
x900-24 Series
Software Versions
2.7.3 or later
26
- Quick Links:
- Using Private Vlans
Hide quick links:
Advertisement
Table of Contents
