the switch will drop ICMP ping packets that have a size greater then this configured Max
ICMP Packet Size minus the ICMP header size of 8 bytes. The factory default is 512.
Use Denial of Service SIP=DIP to enable SIP=DIP DoS prevention causing the switch to
6.
drop packets that have a source IP address equal to the destination IP address. The factory
default is disabled.
Use Denial of Service TCP FLAG to enable TCP Flag DoS prevention causing the switch
7.
to drop these packets:
TCP SYN flag=1 & source port < 1024
•
TCP control flag =0 & sequence number = 0
•
TCP FIN,URG,PSH bits set & sequence number = 0
•
TCP SYN & FIN bits set
•
The factory default is disabled.
Use Denial of Service TCP Fragment to enable TCP Fragment DoS prevention causing
8.
the switch to drop packets:
First TCP fragments that has a TCP payload - IP_Payload_Length - IP_Header_Size
•
< Min_TCP_Header_Size.
The factory default is disabled.
Port Authentication
In port-based authentication mode, when 802.1X is enabled globally and on the port,
successful authentication of any one supplicant attached to the port results in all users being
able to use the port without restrictions. At any given time, only one supplicant is allowed to
attempt authentication on a port in this mode. Ports in this mode are under bidirectional
control. This is the default authentication mode.
The 802.1X network has three components:
Authenticators - Specifies the port that is authenticated before permitting system
•
access.
Supplicants - Specifies the host connected to the authenticated port requesting access
•
to the system services.
Authentication Server - Specifies the external server, for example, the RADIUS server
•
that performs the authentication on behalf of the authenticator, and indicates whether the
user is authorized to access system services.
From the Port Authentication link, you can access the following pages:
on page 254
•
Basic
on page 255
•
Advanced
Web Management User Guide
253