Table of Contents
Advertisement
• MAC Extended ACLs
• Wireless LAN ACLs
For information on creating an ACL, see
1.2.5.9 Local Radius Server
Radius is a common authentication protocol utilized by the 802.1x wireless security standard. Radius improves the WEP
encryption key standard, in conjunction with other security methods such as EAP-PEAP. The switch has one onboard Radius
server. For information on configuring the switch's resident Radius Server, see
1.2.5.10 IPSec VPN
IP Sec is a security protocol providing authentication and encryption over the Internet. Unlike SSL (which provides services
at layer 4 and secures two applications), IPsec works at Layer 3 and secures the network. Also unlike SSL (which is typically
built into the Web browser), IPsec requires a client installation. IPsec can access both Web and non-Web applications,
whereas SSL requires workarounds for non-Web access such as file sharing and backup.
A VPN is used to provide secure access between two subnets separated by an unsecured network. There are two types of
VPNs:
• Site-Site VPN — For example, a company branching office traffic to another branch office traffic with an unsecured
link between the two locations.
• Remote VPN — Provides remote user ability to access company resources from outside the company premises.
The switch supports:
• IPSec termination for site to site
• IPSec termination for remote access
• IPSec traversal of firewall filtering
• IPSec traversal of NAT
• IPSec/L2TP (client to switch)
1.2.5.11 NAT
Network Address Translation (NAT) is supported for packets routed by the switch. The following types of NAT are
supported:
• Port NAT– Port NAT (also known as NAPT) entails multiple local addresses are mapped to single global address and a
dynamic port number. The user is not required to configure any NAT IP address. Instead IP address of the public
interface of the switch is used to NAT packets going out from private network and vice versa for packets entering
private network.
• Static NAT– Static NAT is similar to Port NAT with the only difference being that it allows the user to configure a source
NAT IP address and/or destination NAT IP address to which all the packets will be NATted to. The source NAT IP
address is used when hosts on a private network are trying to access a host on a public network. A destination NAT IP
address can be used for public hosts to talk to a host on a private network.
1.2.5.12 Certificate Management
Certificate Management is used to provide a standardized procedure to:
• Generate a Server certificate request and upload the server certificate signed by certificate authority (CA).
• Uploading of CA's root certificate
• Creating a self-signed certificate
Configuring Firewalls and Access Control Lists on page
Overview 1 - 23
6-15.
Configuring the Radius Server on page
6-90.
Advertisement
Table of Contents
Troubleshooting
