Alcatel OS-LS-6224 User Manual page 29

1
Description of Software Features
Control Protocol (LACP). The additional ports dramatically increase the throughput
across any connection, and provide redundancy by taking over the load if a port in
the trunk should fail. The switch supports up to 6 trunks.
Broadcast Storm Control – Broadcast suppression prevents broadcast traffic from
overwhelming the network. When enabled on a port, the level of broadcast traffic
passing through the port is restricted. If broadcast traffic rises above a pre-defined
threshold, it will be throttled until the level falls back beneath the threshold.
Static Addresses – A static MAC address can be assigned to a specific interface on
this switch. Static addresses are bound to the assigned interface and will not be
moved. When a static address is seen on another interface, the address will be
ignored and will not be written to the address table. Static addresses can be used to
provide network security by restricting access for a known host to a specific port.
STP BPDU Guard – Bridge Protocol Data Units (BPDU) Guard expands a network
adminstrator's ablility to enforce STP borders and maintain STP topologies
reliability. BPDU is utilized when Fast Link ports is enabled and/or if the Spanning
Tree Protocol is disabled on ports. If a BPDU message is sent to a port on which
STP is disabled, BPDU Guard shuts down the port, and generates a SNMP
message.
STP Root Guard – Spanning Tree Root Guard is used to prevent an unauthorized
device from becoming the root of a spanning tree. Root guard functionality enables
detection and resolution of misconfigurations, while preventing loops or loss of
connectivity.
802.1x - MAC Authentication – MAC authentication like the 802.1X allows network
access to a device, for example, printers and IP phones that do not have the 802.1X
supplicant capability. MAC authentication uses the MAC address of the connecting
device to grant or deny network access.
To support MAC authentication, the RADIUS authentication server maintains a
database of MAC addresses for devices that require access to the network. In order
for the feature to be active, 802.1x must be in auto-mode.
User then can enable the MAC authentication feature in one of following modes:
• MAC Only – Where only MAC authentication is enabled
• MAC + 802.1x (In that case 802.1x takes precedence)
The feature can be enabled per port. The port must be a member of a guest VLAN
prior of activating the feature.
DHCP Snooping – DHCP Snooping expands network security by providing a
firewall security between untrusted interfaces and DHCP servers. By enabling
DHCP Snooping network administrators can identify between trusted interfaces
connected to end-users or DHCP Servers, and untrusted interface located beyond
the network firewall. DHCP Snooping creates and maintains a DHCP Snooping
Table which contains information received from untrusted packets. Interfaces are
untrusted if the packet is received from an interface from outside the network or from
a interface beyond the network firewall.
5