Process Overview: Security Configuration
•
Port Web Authentication (PWA) – locks down a port a user is attached to until after the user logs
in using a web browser to access the switch. The switch will pass all login information from the
end station to a RADIUS server for authentication before turning the port on. PWA is an
alternative to 802.1X and MAC authentication. For details, refer to
•
Secure Shell (SSH) – permits or denies remote access based on IP address, ciphers and MAC
algorithms. For details, refer to
•
Access Lists (ACLs) – permits or denies access to routing interfaces based on protocol and
source IP address restrictions configured in access lists. For details, refer to
•
Denial of Service (DoS) Prevention - prevents Denial of Service attacks, including land,
fragmented and large ICMP packets, spoofed address attacks, and UDP/TCP port scanning. For
details, refer to
Section
•
Flow Setup Throttling (FST) - prevents the effects of DoS attacks by limiting the number of new
or established flows that can be programmed on any individual switch port. For details, refer to
Section
14.3.9.
14.2 PROCESS OVERVIEW: SECURITY CONFIGURATION
Use the following steps as a guide to configuring security methods on the device:
1. Configuring RADIUS
2. Configuring EAPOL
3. Configuring MAC Authentication
4. Configuring MAC Locking
5. Configuring Port Web Authentication
6. Configuring Secure Shell (SSH)
7. Configuring Access Lists (ACLs)
8. Configuring Denial of Service (DoS) Prevention
9. Configuring Flow Setup Throttling (FST)
14-2
Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide
Section
14.3.6.
14.3.8.
(Section
14.3.1)
(Section
14.3.2)
(Section
(Section
14.3.4)
(Section
(Section
(Section
14.3.3)
14.3.5)
14.3.6)
14.3.7)
(Section
14.3.8)
(Section
14.3.9)
Section
14.3.5.
Section
14.3.7.