Table of Contents
Advertisement
| Introduction
C
1
HAPTER
Description of Software Features
This switch authenticates management access via the console port, Telnet,
A
UTHENTICATION
or a web browser. User names and passwords can be configured locally or
can be verified via a remote authentication server (i.e., RADIUS or
TACACS+). Port-based authentication is also supported via the IEEE
802.1X protocol. This protocol uses Extensible Authentication Protocol over
LANs (EAPOL) to request user credentials from the 802.1X client, and then
uses the EAP between the switch and the authentication server to verify
the client's right to access the network via an authentication server (i.e.,
RADIUS or TACACS+ server).
Other authentication options include HTTPS for secure management access
via the web, SSH for secure management access over a Telnet-equivalent
connection, SNMP Version 3, IP address filtering for SNMP/Telnet/web
management access. MAC address filtering and IP source guard also
provide authenticated port access. While DHCP snooping is provided to
prevent malicious attacks from insecure ports. While PPPoE Intermediate
Agent supports authentication of a client for a service provider.
ACLs provide packet filtering for IP frames (based on address, protocol,
A
C
CCESS
ONTROL
TCP/UDP port number or TCP control code) or any frames (based on MAC
L
ISTS
address or Ethernet type). ACLs can by used to improve performance by
blocking unnecessary network traffic or to implement security controls by
restricting access to specific network resources or protocols.
DHCP Relay is supported to allow dynamic configuration of local clients
DHCP
from a DHCP server located in a different network. And DHCP Relay Option
82 controls the processing of Option 82 information in DHCP request
packets relayed by this device.
You can manually configure the speed, duplex mode, and flow control used
P
C
ORT
ONFIGURATION
on specific ports, or use auto-negotiation to detect the connection settings
used by the attached device. Use full-duplex mode on ports whenever
possible to double the throughput of switch connections. Flow control
should also be enabled to control network traffic during periods of
congestion and prevent the loss of packets when port buffer thresholds are
exceeded. The switch supports flow control based on the IEEE 802.3x
standard (now incorporated in IEEE 802.3-2002).
This feature controls the maximum rate for traffic transmitted or received
R
L
ATE
IMITING
on an interface. Rate limiting is configured on interfaces at the edge of a
network to limit traffic into or out of the network. Packets that exceed the
acceptable amount of traffic are dropped.
The switch can unobtrusively mirror traffic from any port to a monitor port.
P
M
ORT
IRRORING
You can then attach a protocol analyzer or RMON probe to this port to
perform traffic analysis and verify connection integrity.
– 71 –
- Quick Links:
- Connecting to the Switch
- Console Connection
Hide quick links:
Advertisement
Chapters
Table of Contents
