Mac Address Security; User Authentication - Extreme Networks ExtremeWare Command Reference Manual

Security Commands
Route maps are used to modify or filter routes redistributed between two routing domains. They are also
used to modify or filter the routing information exchanged between the domains.
NOTE
Route maps are supported only on the "i" series switches.

MAC Address Security

The switch maintains a database of all media access control (MAC) addresses received on all of its ports.
It uses the information in this database to decide whether a frame should be forwarded or filtered. You
can control the way the forwarding database (FDB) is learned and populated. By managing entries in
the FDB, you can block, assign priority (queues), and control packet flows on a per-address basis.
You can limit the number of dynamically learned MAC addresses allowed per virtual port or "lock" the
FDB entries for a virtual port, so that the current entries will not change, and no additional addresses
can be learned on the port. Commands for these functions are described in Chapter 4. In addition, you
can set a timer on the learned addresses that limits the length of time the learned addresses will be
maintained if devices are disconnected or become inactive. Commands for this function are described in
this chapter.
SSH
Secure Shell 2 (SSH2) is a feature of ExtremeWare that allows you to encrypt session data between a
network administrator using SSH2 client software and the switch, or to send encrypted data from the
switch to an SSH2 client on a remote system. Image and configuration files may also be transferred to
the switch using the Secure Copy Program 2 (SCP2).

User Authentication

Remote Authentication Dial In User Service (RADIUS, RFC 2138) is a mechanism for authenticating and
centrally administrating access to network nodes. The ExtremeWare RADIUS client implementation
allows authentication for telnet, Vista, or console access to the switch.
Extreme switches can send RADIUS accounting information. You can configure RADIUS accounting
servers to be the same as the authentication servers, but this is not required.
Terminal Access Controller Access Control System Plus (TACACS+) is a mechanism for providing
authentication, authorization, and accounting on a centralized server, similar in function to the RADIUS
client. The ExtremeWare version of TACACS+ is used to authenticate prospective users who are
attempting to administer the switch. TACACS+ is used to communicate between the switch and an
authentication database.
828 ExtremeWare 7.5 Command Reference Guide