Enterasys Security Router X-PeditionTM User Manual page 26

DHCP Client Services .................................................................................................................................. 15-6
Router Option ......................................................................................................................................... 15-6
Parameter Request List Option .............................................................................................................. 15-6
DHCP Client Interaction ......................................................................................................................... 15-6
Secondary Address Caveats ............................................................................................................ 15-6
Interaction with Remote Auto Install (RAI)........................................................................................ 15-7
DHCP Client Timeouts ........................................................................................................................... 15-7
DHCP CLI Commands ................................................................................................................................. 15-8
DHCP Set Up Overview ............................................................................................................................... 15-9
Configuring DHCP Address Pools ......................................................................................................... 15-9
Configuring DHCP - Network Configuration Parameters ....................................................................... 15-9
Configuration Steps ...................................................................................................................................... 15-9
Create an IP Local Client Pool ............................................................................................................... 15-9
Create a Corresponding DHCP Pool ................................................................................................... 15-10
Configure DHCP Network Parameters ................................................................................................. 15-10
Enable the DHCP Server ..................................................................................................................... 15-10
Optional: Set Up a DHCP Nested Scope ............................................................................................. 15-10
Optional: Configure a DHCP Manual Binding ...................................................................................... 15-10
DHCP Server Configuration Examples ....................................................................................................... 15-11
Pool with Hybrid Servers Example ....................................................................................................... 15-11
Manual Binding Example ..................................................................................................................... 15-11
Manual Binding with Class Example .................................................................................................... 15-11
BOOTP Client Support Example .......................................................................................................... 15-12
DHCP Option Examples ....................................................................................................................... 15-12
Chapter 16: Configuring Security on the XSR
Features ....................................................................................................................................................... 16-1
Access Control Lists ............................................................................................................................... 16-1
ACL Violations Alarm Example......................................................................................................... 16-2
Packet Filtering ...................................................................................................................................... 16-2
LANd Attack ........................................................................................................................................... 16-2
Smurf Attack ........................................................................................................................................... 16-3
Fraggle Attack ........................................................................................................................................ 16-3
IP Packet with Multicast/Broadcast Source Address ............................................................................. 16-3
Spoofed Address Check ........................................................................................................................ 16-3
SYN Flood Attack Mitigation .................................................................................................................. 16-3
Fragmented and Large ICMP Packets ................................................................................................... 16-3
Fragmented ICMP Traffic ................................................................................................................. 16-3
Large ICMP Packets......................................................................................................................... 16-4
Ping of Death Attack......................................................................................................................... 16-4
Spurious State Transition ....................................................................................................................... 16-4
General Security Precautions ....................................................................................................................... 16-4
AAA Services ................................................................................................................................................ 16-5
Connecting Remotely via SSH or Telnet with AAA Service ................................................................... 16-6
Firewall Feature Set Overview ..................................................................................................................... 16-9
Reasons for Installing a Firewall ............................................................................................................ 16-9
Types of Firewalls ................................................................................................................................ 16-10
ACL and Packet Filter Firewalls ..................................................................................................... 16-10
ALG and Proxy Firewalls ................................................................................................................ 16-11
Stateful Inspection Firewalls ........................................................................................................... 16-12
XSR Firewall Feature Set Functionality ...................................................................................................... 16-12
Stateful Firewall Inspection (SFI).................................................................................................... 16-12
Filtering non-TCP/UDP Packets ..................................................................................................... 16-12
xxiv