Edge-Core ECS3510-28T Management Manual page 71

A C
CCESS ONTROL
L
ISTS
P C
ORT ONFIGURATION
R L
ATE IMITING
P M
ORT IRRORING
P T
ORT RUNKING
TACACS+). Port-based authentication is also supported via the IEEE
802.1X protocol. This protocol uses Extensible Authentication Protocol over
LANs (EAPOL) to request user credentials from the 802.1X client, and then
uses the EAP between the switch and the authentication server to verify
the client's right to access the network via an authentication server (i.e.,
RADIUS or TACACS+ server).
Other authentication options include HTTPS for secure management access
via the web, SSH for secure management access over a Telnet-equivalent
connection, SNMP Version 3, IP address filtering for SNMP/Telnet/web
management access. MAC address filtering and IP source guard also
provide authenticated port access. While DHCP snooping is provided to
prevent malicious attacks from insecure ports. While PPPoE Intermediate
Agent supports authentication of a client for a service provider.
ACLs provide packet filtering for IP frames (based on address, protocol,
TCP/UDP port number or TCP control code) or any frames (based on MAC
address or Ethernet type). ACLs can by used to improve performance by
blocking unnecessary network traffic or to implement security controls by
restricting access to specific network resources or protocols.
You can manually configure the speed, duplex mode, and flow control used
on specific ports, or use auto-negotiation to detect the connection settings
used by the attached device. Use full-duplex mode on ports whenever
possible to double the throughput of switch connections. Flow control
should also be enabled to control network traffic during periods of
congestion and prevent the loss of packets when port buffer thresholds are
exceeded. The switch supports flow control based on the IEEE 802.3x
standard (now incorporated in IEEE 802.3-2002).
This feature controls the maximum rate for traffic transmitted or received
on an interface. Rate limiting is configured on interfaces at the edge of a
network to limit traffic into or out of the network. Packets that exceed the
acceptable amount of traffic are dropped.
The switch can unobtrusively mirror traffic from any port to a monitor port.
You can then attach a protocol analyzer or RMON probe to this port to
perform traffic analysis and verify connection integrity.
Ports can be combined into an aggregate connection. Trunks can be
manually set up or dynamically configured using Link Aggregation Control
Protocol (LACP – IEEE 802.3-2005). The additional ports dramatically
increase the throughput across any connection, and provide redundancy by
taking over the load if a port in the trunk should fail. The switch supports
up to 16 trunks.
– 71 –
| Introduction
C 1
HAPTER
Description of Software Features