Table of Contents
Advertisement
Traffic policing
Traffic policing enables provisioning of different levels of service by limiting traffic through-
put at the ingress (incoming) port of the BayStack 5520 Switch. For example, if a port is set
to a certain speed, such as 10 Mbps, all traffic under 10 Mbps on that port will pass, and
traffic that exceeds 10 Mbps on that same port is dropped. Service providers will find this
especially useful to control bandwidth to their customers. Up to 64 traffic meters per port
are provided and yield higher resolution for control.
Port shaping
Port shaping offers the ability to limit traffic on each port. While traffic policing is needed to
provide different levels of service to data streams on the ingress ports, traffic shaping is needed
to smooth the traffic from the egress ports. BayStack 5520 supports port-based traffic shaping.
Enterprises working with service providers or carriers utilize this feature when they are deploy-
ing Ethernet in place of the traditional Frame Relay, ISDN, or ATM WAN access solutions.
Enhanced security
The BayStack 5520 Switches offer the highest level of security with features including Secure
Shell (SSH), Secure Sockets Layer (SSL), IEEE 802.1x based security (also known as
Extensible Authentication Protocol (EAP), assignment of proper VLAN and priority, user-
based policies
, Simple Network Management Protocol (SNMPv3), IP Manager List, MAC-
†
address-based security, and Remote Authentication Dial-In User Service (RADIUS)
authentication.
SSHv2 supports strong authentication and encrypted communications. It allows network
administrators to log into the switch from an SSH client and perform a secure Telnet session
using CLI commands. This feature is ideal for security conscious customers, such as federal
governments. SSL provides a secure Web management interface and makes it easy for the
network administrator to configure and manage a switch using a common Web browser.
For added security, BayStack 5520 Switches support the 802.1x-based security feature. The
IEEE 802.1x-based security feature limits access to the network based on user credentials. A
user is required to "login" to the network using a username/password; the user database is
maintained on the authentication server (not the switch). Network connectivity without
password authorization is prevented. This feature is useful where the network is not 100
percent physically secure or where physical security needs enhancement; for example, banks,
trading rooms, or classroom training facilities. This feature supports client access to the
network and interoperates with Microsoft Windows XP and other compliant 802.1x clients.
802.1x is also known as Extensible Authentication Protocol (EAP).
Now part of BoSS version 4.1 or higher, with the multiple hosts/multiple authentication
feature, more than one user with unique MAC addresses is allowed access to a port upon
successful authentication. For example, in a conference room, if multiple users connect to a
hub which is connected to a BayStack 5520 switch port, all of the users can be authenticated
and allowed access to the network. Another example would be with an IP phone with an inte-
grated three-port switch. Since there is a MAC address for the IP phone and a MAC address
for the PC, without the multiple hosts/multiple authentication feature, neither would be able
to access the network using today's single host/single authentication mechanism.
With the Guest VLAN feature (also part of BoSS version 4.1 or higher), if a user connects to
a BayStack 5520 switch port and is not recognized to be authenticated on that port, that user
will be placed into a Guest VLAN with the settings as defined by the administrator. An example
would be allowing a user to have extranet access, but not intranet access. If a contractor or
vendor connects to a port in your network, that person will be placed into a Guest VLAN
and have extranet access.
SNMPv3 provides user authentication and data encryption for higher security. It also offers
secure configuration and monitoring.
IP Manager List limits access to the management features of the BayStack 5520 Switches by a
defined list of IP addresses or IP address ranges/subnets, providing greater network security
and manageability.
10
Hide quick links:
Advertisement
Table of Contents
