Security Features; Quality Of Service Features - Fujitsu Siemens Computers PRIMERGY BX Description

Features of the Switch Introduction

2.1.5 Security Features

SSL
Secure Socket Layer (SSL) is an application-level protocol that enables secure transactions of
data through privacy, authentication, and data integrity. It relies upon certificates and public
and private keys. SSL version 3 and TLS version 1 are currently supported.
Port Based Authentication (802.1x)
Port based authentication enables authenticating system users on a per-port basis via an
external server. Only authenticated and approved system users can transmit and receive data.
Ports are authenticated via the Remote Authentication Dial In User Service (RADIUS) server
using the Extensible Authentication Protocol (EAP).
Locked Port Support
Locked Port increases network security by limiting access on a specific port only to users with
specific MAC addresses. These addresses are either manually defined or learned on that port.
When a frame is seen on a locked port, and the frame source MAC address is not tied to that
port, the protection mechanism is invoked.
RADIUS Client
RADIUS is a client/server-based protocol. A RADIUS server maintains a user database, which
contains per-user authentication information, such as user name, password and accounting
information. For more information, see "Configuring RADIUS Global Parameters".
SSH
Secure Shell (SSH) is a protocol that provides a secure, remote connection to an Ethernet
Switch Module. SSH version 1 and version 2 are currently supported. The SSH server feature
enables an SSH client to establish a secure, encrypted connection with a Ethernet Switch
Module. This connection provides functionality that is similar to an inbound telnet connection.
SSH uses RSA Public Key cryptography for Ethernet Switch Module connections and
authentication.
TACACS+
TACACS+ provides centralized security for validation of users accessing the Ethernet Switch
Module. TACACS+ provides a centralized user management system, while still retaining
consistency with RADIUS and other authentication processes.

2.1.6 Quality of Service Features

The PRIMERGY BX600 support the mapping of DSCP (Differentiated Service Code Point) to
CoS queues. Therefore, packet with different DSCP value can be scheduled to separated CoS
queues for different services. DSCP definition is backward compatible with TOS definition.
Hence PRIMERGY BX600 also support the mapping of TOS to CoS queues. And packet with
difference precedence can be scheduled to different prioritized CoS queues.
Access Control List (ACLs)
Packet filtering can help limit network traffic and restrict network use by certain users or
devices. ACLs filter traffic as it passes through a switch and permit or deny packets crossing
specified interfaces or VLANs. An ACL is a sequential collection of permit and deny conditions
21
Lan Switch and Router Blade