16
Security
This chapter describes the following topics:
Security Overview on page 313
●
Safe Defaults Mode on page 314
●
MAC Address Security on page 315
●
Denial of Service Protection on page 320
●
Authenticating Users Using RADIUS or TACACS+ on page 322
●
Secure Shell 2 on page 335
●
Secure Socket Layer on page 339
●
Security Overview
Security is a term that covers several different aspects of network use and operation. One general type
of security is control of the devices or users that can access the network. Ways of doing this include
authenticating the user at the point of logging in. You can also control access by defining limits on
certain types of traffic. Another general type of security operates to protect the operation of the switch
itself. Security measures in this category include routing policies that can limit the visibility of parts of
the network or denial of service protection that prevents the CPU from being overloaded. Finally,
management functions for the switch can be protected from unauthorized use. This type of protection
uses various types of user authentication.
ExtremeWare XOS 11.3 introduces enhanced security features designed to protect, rapidly detect, and
correct anomalies in your network. Extreme Networks products incorporate a number of features
designed to enhance the security of your network while resolving issues with minimal network
disruption. No one feature can ensure security, but by using a number of features in concert, you can
substantially improve the security of your network.
The following list provides a brief overview of some of the available security features:
Access Control Lists—Access Control Lists (ACLs) are policy files used by the ACL application to
●
perform packet filtering and forwarding decisions on incoming traffic and packets. Each packet
arriving on an ingress port is compared to the ACL applied to that port and is either permitted or
denied.
For more information about using ACLs to control and limit network access, see
Lists
(ACLs)."
CLEAR-Flow—CLEAR-Flow is a security rules engine available only on the BlackDiamond 10K
●
switch. CLEAR-Flow inspects Layer 2 and Layer 3 packets, isolates suspicious traffic, and enforces
policy-based mitigation actions. Policy-based mitigation actions include the switch taking an
immediate, pre-determined action or sending a copy of the traffic off-switch for analysis. Working
together, CLEAR-Flow and Sentriant
analysis, CLEAR-Flow sends the suspicious traffic to Sentriant and Sentriant stops the threats.
For more information about CLEAR-Flow, see
about Sentriant, contact your Extreme Networks representative.
ExtremeWare XOS 11.3 Concepts Guide
™
provide a rapid response to network threats. For off-switch
Chapter
18, "CLEAR-Flow." For more information
Chapter
13,
"Access
313