Basic secure switching functions that must be enabled in Enterprise Local area Network 04/05 Update SLTechnology News&Howtos

Basic secure switching functions that must be enabled in Enterprise Local area Network

2025-04-05 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

In my spare time, I thought about what kind of technology would be used frequently in the local area network, or what technology the local area network should use to ensure its stability, so I had the following list.

VLAN

data VLAN

voice VLAN

GVRP (VLAN Dynamic Registration Protocol) ensures the uniformity of VLAN information across all switches

STP

Prevent loop redundancy

STP is configured to work in MSTP mode, and different vlans map different or identical spanning tree instances (single core is generally one instance, multiple cores are recommended)

Configure the root bridge for the spanning tree instance or modify the priority to specify the root bridge

Configure BPDU protection (prevent *** for stp, causing network oscillation, configured on access switches)

Configure loop protection (prevent network congestion from causing loops, configure interconnect interfaces between devices)

DHCP

Dynamically assign IP addresses

DHCP Snooping (Preventing Illegal DHCP Servers)

ARP detection

DHCP based Snooping (additional effect---prohibits configuration of fixed IP addresses)

Free ARP sent regularly (gateway device configuration, increase ARP robustness)

Configure ARP aging time (default 20 minutes)

Rule-based IP-mac checking needs to be configured for fixed IP

Mac address configuration

Limit the number of MAC addresses each port can learn (to prevent MAC flooding, it is recommended to limit the number of common ports to 5)

Limit MAC address aging time

QoS configuration

SP queue +wrr for critical streams

QOS is generally configured on interfaces with large data traffic

SYN Cookie

SYN Cookie function is used to prevent SYN Flood ×××. When the server receives a TCP connection request, it does not establish a TCP semi-connection,

and directly replies SYN ACK message to the initiator. After the server receives the ACK message from the initiator, it establishes the connection and goes forward.

Enter ESTABLISHED state. In this way, you can avoid establishing a large number of TCP semi-connections on the server, preventing the service from

The flood was caused by SYN Flood ××××.

SSH2.0

safety management

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.