Table of Contents
Advertisement
Huawei CX916 Switch Module
White Paper
Function
Security and
management
Issue 01 (2017-10-12)
Version upgrade
System security
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Description
Software upgrade through the BootLoader menu
NOTE
To ensure service security, upgrade the switch module
software version regularly.
l Command line-based hierarchical protection
to prevent unauthorized access
l Secure Shell (SSH)
l Remote Authentication Dial In User Service
(RADIUS) IPv4 and IPv6 user authentication
l Huawei Terminal Access Controller Access
Control System (HWTACACS) IPv4 and
IPv6 user authentication
l Access control list (ACL) filtering
l Dynamic ARP Inspection (DAI)
l DHCP packet filtering (with the Option 82
field)
l Prevention of control packet attacks
l Attack defense
– Defense against flood attacks without IP
payloads, attacks from IGMP null payload
packets, LAND attacks, Smurf attacks, and
attacks from packets with invalid TCP flag
bits
– Defense against attacks from many
fragments, attacks from many packets with
offsets, attacks from repeated packet
fragments, Tear Drop attacks, Syndrop
attacks, NewTear attacks, Bonk attacks,
Nesta attacks, Rose attacks, Fawx attacks,
Ping of Death attacks, and Jolt attacks
– Defense against TCP SYN flood attacks,
UDP flood attacks (including Fraggle
attacks and UDP diagnosis port attacks),
and ICMP flood attacks
l Logs about attacking MAC addresses
l Unicast Reverse Path Forwarding (URPF)
l 802.1x authentication
1 Overview
8
- Quick Links:
- Ports
- Software and Hardware Compatibility
Hide quick links:
Advertisement
Table of Contents
