Port Security Concepts; Static Mac Address-Based Authentication; Ieee 802.1X Authentication - Siemens RUGGEDCOM ROS User Manual

Hide thumbs Also See for RUGGEDCOM ROS:

User manual (188 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

Table of Contents

Chapter 5

Setup and Configuration

that received the frame can be shutdown permanently or for a specified period of time. An alarm will be raised

indicating the detected unauthorized MAC address.

Frames to unknown destination addresses are flooded through secure ports.

The following sections describe how to configure and manage port security:

•

Section 5.10.1, "Port Security Concepts"

•

Section 5.10.2, "Viewing a List of Authorized MAC Addresses"

•

Section 5.10.3, "Configuring Port Security"

•

Section 5.10.4, "Configuring IEEE 802.1X"

Section 5.10.1

Port Security Concepts

The following sections describe some of the concepts important to the implementation of port security in ROS:

•

Section 5.10.1.1, "Static MAC Address-Based Authentication"

•

Section 5.10.1.2, "IEEE 802.1x Authentication"

•

Section 5.10.1.3, "IEEE 802.1X Authentication with MAC Address-Based Authentication"

•

Section 5.10.1.4, "Assigning VLANS with Tunnel Attributes"

Section 5.10.1.1

Static MAC Address-Based Authentication

With this method, the switch validates the source MAC addresses of received frames against the contents in the

Static MAC Address Table.

ROS also supports a highly flexible Port Security configuration which provides a convenient means for network

administrators to use the feature in various network scenarios.

A Static MAC address can be configured without a port number being explicitly specified. In this case, the

configured MAC address will be automatically authorized on the port where it is detected. This allows devices to

be connected to any secure port on the switch without requiring any reconfiguration.

The switch can also be programmed to learn (and, thus, authorize) a pre-configured number of the first source

MAC addresses encountered on a secure port. This enables the capture of the appropriate secure addresses

when first configuring MAC address-based authorization on a port. Those MAC addresses are automatically

inserted into the Static MAC Address Table and remain there until explicitly removed by the user.

Section 5.10.1.2

IEEE 802.1x Authentication

The IEEE 802.1x standard defines a mechanism for port-based network access control and provides a means of

authenticating and authorizing devices attached to LAN ports.

Although IEEE 802.1x is mostly used in wireless networks, this method is also implemented in wired switches.

The IEEE 802.1x standard defines three major components of the authentication method: Supplicant,

Authenticator and Authentication server. ROS supports the Authenticator component.

216

RUGGEDCOM ROS

User Guide

Port Security Concepts

Table of Contents

Show Quick Links

Quick Links:
Cli Command Syntax

Hide quick links:

Table of Contents

Port Security Concepts; Static Mac Address-Based Authentication; Ieee 802.1X Authentication - Siemens RUGGEDCOM ROS User Manual

Port Security Concepts

Static MAC Address-Based Authentication

IEEE 802.1x Authentication

Hide quick links:

Related Manuals for Siemens RUGGEDCOM ROS

Related Content for Siemens RUGGEDCOM ROS

Table of Contents