13
Security
This chapter describes the following topics:
Security Overview on page 225
●
Network Access Security on page 225
●
MAC Address Security on page 225
●
MAC Address Security on page 225
●
Network Login on page 228
●
Denial of Service Protection on page 239
●
Management Access Security on page 241
●
Authenticating Users Using RADIUS or TACACS+ on page 241
●
Secure Shell 2 on page 249
●
Security Overview
Extreme Networks products incorporate a number of features designed to enhance the security of your
network. No one feature can insure security, but by using a number of features in concert, you can
substantially improve the security of your network. The features described in this chapter are part of an
overall approach to network security
Network Access Security
Network access security features control devices accessing your network. In this category is the
following feature:
MAC Address Security
●
Network Login
●
MAC Address Security
The switch maintains a database of all media access control (MAC) addresses received on all of its ports.
It uses the information in this database to decide whether a frame should be forwarded or filtered.
MAC address security allows you to control the way the Forwarding Database (FDB) is learned and
populated.
MAC address security allows you to limit the number of dynamically-learned MAC addresses allowed
per virtual port. You can also "lock" the FDB entries for a virtual port, so that the current entries will
not change, and no additional addresses can be learned on the port.
ExtremeWare XOS 11.1 Concepts Guide
225