Network Login; Denial Of Service - Extreme Networks ExtremeWare Command Reference Manual

• Class
• Service-Type
• Login-Service
• Tunnel-Type
• Tunnel-Medium-Type
• Tunnel-Private-Group-ID
Terminal Access Controller Access Control System Plus (TACACS+) is a mechanism for providing
authentication, authorization, and accounting on a centralized server, similar in function to the RADIUS
client. The ExtremeWare version of TACACS+ is used to authenticate prospective users who are
attempting to administer the switch. TACACS+ is used to communicate between the switch and an
authentication database.

Network Login

Network login is a feature designed to control the admission of user packets into a network by giving
network access only to users that have been properly authenticated. Network login is controlled by an
administrator on a per port, per VLAN basis and uses an integration of DHCP, user authentication over
the web interface or 802.1x client software, and, a RADIUS server to provide a user database or specific
configuration details.
Network login has two modes of operation:
• Campus mode, used when a port in a VLAN will move to another VLAN after authentication has
been completed successfully. This mode is for the roaming user who will not always be using the
same port for authentication. Campus mode requires a DHCP server and a RADIUS server
configured for Extreme network login.
• ISP mode, used when the port and VLAN used will remain constant. All network settings are
configured for that VLAN.
A DHCP server is included to support network login functionality.

Denial of Service

You can configure ExtremeWare to protect Extreme switches in the event of a denial of service (DoS)
attack. During a typical denial of service attack, the CPU on the switch is flooded with packets from
multiple attackers, potentially causing the switch to fail. To protect against this type of attack, you can
configure the software so that when the number of packets received is more than the configured
threshold limit of packets per second, a hardware ACL is enabled. (In the "e" series switches, a specific
type of traffic on the port is blocked.)
Unified Access Security
The Extreme Unified Access™ Security architecture provides secure access for all wired and wireless
stations within the unified network. You can maintain the network with a single, unified security
policy, provide service to all stations without requiring upgrades, and take advantage of integrated
ExtremeWare 7.7 Command Reference Guide
Network Login
847