Table of Contents
Advertisement
26
G
S
ENERAL
This switch supports many methods of segregating traffic for clients
attached to each of the data ports, and for ensuring that only authorized
clients gain access to the network. Port-based authentication using IEEE
802.1X is commonly used for these purposes. In addition to these method,
several other options of providing client security are described in this
chapter. These include port-based authentication, which can be configured
to allow network client access by specifying a fixed set of MAC addresses.
The addresses assigned to DHCP clients can also be carefully controlled
with IP Source Guard and DHCP Snooping commands.
Table 81: General Security Commands
Command Group
Function
Configures secure addresses for a port
Port Security
*
802.1X Port
Configures host authentication on specific ports using 802.1X
Authentication*
Network
Access*
Configures MAC authentication and dynamic VLAN assignment
Web
Authentication*
Configures Web authentication
Access Control
Lists*
Provides filtering for IP frames (based on address, protocol, TCP/
UDP port number or TCP control code) or non-IP frames (based on
MAC address or Ethernet type)
DHCP
Snooping*
Filters untrusted DHCP messages on unsecure ports by building
and maintaining a DHCP snooping binding table
IP Source
Guard*
Filters IP traffic on insecure ports for which the source address
cannot be identified via DHCP snooping nor static source bindings
ARP Inspection
Validates the MAC-to-IP address bindings in ARP packets
* The priority of execution for these filtering commands is Port Security, Port
Authentication, Network Access, Web Authentication, Access Control Lists, DHCP
Snooping, and then IP Source Guard.
– 745 –
M
ECURITY
EASURES
Advertisement
Table of Contents
Troubleshooting
