Network Access Security With Vlans - Extreme Networks Ridgeline Guide Manual

Managing Network Security
Table 6: Security-based Syslog Messages
Error Message
USER: Login failed for user
through telnet
SYST: card.c 1000: Card 3
(type=2) is removed.
<WARN:KERN> fdbCreatePermEntry:
Duplicate entry found mac
00:40:26:75:06:c9, vlan 4095
You must make sure the Ridgeline is configured as a Syslog server on the devices you want to monitor.
The Syslog server function within Ridgeline can be enabled through Ridgeline Administration. See
"Server Properties Administration" in the Ridgeline Reference Guide for more information.

Network Access Security with VLANs

Network administrators need to prevent unauthorized access to their network to protect sensitive
corporate data as well as to guarantee network availability. To achieve this, you need to combine edge
security features such as firewalls with network controls such as IP access lists and network
segmentation using VLANs. Unauthorized access attempts can originate from hosts external to your
network as well as from benign or malicious attempts from within your network that can disrupt or
overload your enterprise network. Using Ridgeline, you can configure VLANs to segment your physical
LAN into multiple isolated LANs to separate departmental or sensitive traffic within your enterprise
network.
VLANs segment your physical LAN into independent logical LANs that can be used to isolate critical
segments of your network or network traffic from one another. Using VLANs, you can create
autonomous logical segments on your network for different business needs, such as creating a
Marketing VLAN, a Finance VLAN, and a Human Resources VLAN. All the hosts for marketing
personnel reside on the Marketing VLAN, will all the hosts for finance personnel reside on the Finance
VLAN. This isolates marketing and finance traffic and resources, preventing any unauthorized access to
financial information from any other group.
VLANs work by assigning a unique VLAN ID to each VLAN, and then assigning hosts to the
appropriate VLAN. All traffic from that host is tagged with the VLAN ID, and directed through the
network based on that VLAN ID. In the marketing and finance example, each department can be on the
same physical LAN, but each is tagged with a different VLAN ID. Marketing traffic going through the
same physical LAN switches will not reach Finance hosts because they exist on a separate VLAN.
Extreme Networks switches can support a maximum of 4095 VLANs. VLANs on Extreme Networks
switches can be created according to the following criteria:
Physical port
●
802.1Q tag
●
Protocol sensitivity using Ethernet, LLC SAP, or LLC/SNAP Ethernet protocol filters
●
A combination of these criteria
●
For a more detailed explanation of VLANs, see the ExtremeXOS Concepts Guide.
You can create VLANs in Ridgeline usingRidgeline's network resource provisioning feature or through
scripts. You can monitor the VLANs in your network from Ridgeline Network View windows. See
198
Explanation
A login attempt failed for an administrative user attempting to connect
to a device using telnet.
A card has been removed from the device. This is a possible breach
of physical security if this is an unauthorized removal.
A duplicate MAC address appeared on the network. This is a possible
client spoofing attempt.
Ridgeline Concepts and Solutions Guide