AMX NXA-ENET8-2POE Operation/Reference Manual page 44

Using the Web Console
NXA-ENET8-2POE Key Features (Cont.)
General Security
Measures
Access Control Lists
(ACLs)
DHCP
DNS
Port Configuration
Rate Limiting
Port Mirroring
Port Trunking
Congestion Control
Static Addresses
34
• Private VLANs
• Port Authentication
• Port Security
• DHCP Snooping (with Option 82 relay information)
• IP Source Guard
Access Control Lists (ACLs) provide packet filtering for IP frames (based on protocol,
TCP/UDP port number or frame type) or layer 2 frames (based on any destination
MAC address for unicast, broadcast or multicast, or based on VLAN ID or VLAN tag
priority).
ACLs can by used to improve performance by blocking unnecessary network traffic
or to implement security controls by restricting access to specific network resources
or protocols.
Policies can be used to differentiate service for client ports, server ports, network
ports or guest ports. They can also be used to strictly control network traffic by only
allowing incoming frames that match the source MAC and source IP on specific port.
The NXA-ENET8-2POE supports up to 256 rules.
Client
Client and Proxy service
You can manually configure the speed and duplex mode, and flow control used on
specific ports, or use auto-negotiation to detect the connection settings used by the
attached device.
Use the full-duplex mode on ports whenever possible to double the throughput of
switch connections. Flow control should also be enabled to control network traffic
during periods of congestion and prevent the loss of packets when port buffer thresh-
olds are exceeded.
The switch supports flow control based on the IEEE 802.3x standard (now incorpo-
rated in IEEE 802.3-2002).
Port Configuration parameters include Speed, duplex mode, flow control, MTU,
response to excessive collisions, power saving mode.
Input rate limiting per port (manual setting or ACL).
This feature controls the maximum rate for traffic transmitted or received on an
interface. Rate limiting is configured on interfaces at the edge of a network to limit
traffic into or out of the network.
Traffic that falls within the rate limit is transmitted, while packets that exceed the
acceptable amount of traffic are dropped.
The NXA-ENET8-2POE can unobtrusively mirror traffic from any port to a monitor
port. You can then attach a protocol analyzer or RMON probe to this port to perform
traffic analysis and verify connection integrity.
Supports 1 session, with up to 10 source ports to one analysis port per session.
Supports up to 5 trunks – static or dynamic trunking (LACP)
Throttling for broadcast, multicast, unknown unicast storms.
Ports can be combined into an aggregate connection. Trunks can be manually set up
or dynamically configured using Link Aggregation Control Protocol (LACP – IEEE
802.3-2005).
The additional ports dramatically increase the throughput across any connection,
and provide redundancy by taking over the load if a port in the trunk should fail.
Broadcast, multicast and unknown unicast storm suppression prevents traffic from
overwhelming the network.When enabled on a port, the level of broadcast traffic
passing through the port is restricted. If broadcast traffic rises above a pre-defined
threshold, it will be throttled until the level falls back beneath the threshold.
A static address can be assigned to a specific interface on this switch. Static
addresses are bound to the assigned interface and will not be moved.
When a static address is seen on another interface, the address will be ignored and
will not be written to the address table.
Static addresses can be used to provide network security by restricting access for a
known host to a specific port.
NXA-ENET8-2POE Gigabit Ethernet Layer 2 PoE Switch