General Security Measures - Edge-Core ECS4620-28T Quick Start Manual
28/52-port l3 stackable gigabit ethernet switch
Hide thumbs
Also See for ECS4620-28T:
- Installation manual (59 pages) ,
- Quick start manual (9 pages) ,
- Cli reference manual (1260 pages)
Table of Contents
Advertisement
9
General Security Measures
This switch supports many methods of segregating traffic for clients attached to
each of the data ports, and for ensuring that only authorized clients gain access to
the network. Port-based authentication using IEEE 802.1X is commonly used for
these purposes. In addition to these method, several other options of providing
client security are described in this chapter. These include port-based
authentication, which can be configured to allow network client access
by specifying a fixed set of MAC addresses. The addresses assigned to DHCP clients
can also be carefully controlled with IP Source Guard and DHCP Snooping
commands.
Table 52: General Security Commands
Command Group
*
Port Security
802.1X Port
Authentication*
Network
Access*
Web
Authentication*
Access Control
Lists*
DHCPv4
Snooping*
DHCPv6
Snooping*
IPv4 Source
Guard*
IPv6 Source
Guard*
ND Snooping
ARP Inspection
DoS Protection
Port-based Traffic
Segmentation
* The priority of execution for these filtering commands is Port Security, Port Authentication,
Network Access, Web Authentication, Access Control Lists, DHCP Snooping, and then IP Source
Guard.
Function
Configures secure addresses for a port
Configures host authentication on specific ports using 802.1X
Configures MAC authentication and dynamic VLAN assignment
Configures Web authentication
Provides filtering for IP frames (based on address, protocol, TCP/UDP
port number or TCP control code) or non-IP frames (based on MAC
address or Ethernet type)
Filters untrusted DHCPv4 messages on unsecure ports by building and
maintaining a DHCPv4 snooping binding table
Filters untrusted DHCPv6 messages on unsecure ports by building and
maintaining a DHCPv6 snooping binding table
Filters IP traffic on insecure ports for which the source address cannot
be identified via DHCP snooping nor static source bindings
Filters IPv6 traffic on insecure ports for which the source address cannot
be identified via DHCPv6 snooping nor static source bindings
Maintains IPv6 prefix table and user address binding table which can be
used for stateless address auto-configuration or for address filtering by
IPv6 Source Guard
Validates the MAC-to-IP address bindings in ARP packets
Protects against Denial-of-Service attacks
Configures traffic segmentation for different client sessions based on
specified downlink and uplink ports
– 303 –
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
