1. Manuals
  2. Brands
  3. H3C Manuals
  4. Switch
  5. S3600-28PSI
  6. System description

Port Isolation; Packet Filter; Ieee 802.1X Authentication; Centralized Mac Address Authentication - H3C S3600-28PSI System Description

S3600 series ethernet switches
Hide thumbs Also See for S3600-28PSI:
Table of Contents

Advertisement

System Description
H3C S3600 Series Ethernet Switches
same time. The SSH client allows users to connect to the Ethernet switches and UNIX
mainframes that support SSH servers.

3.9.3 Port Isolation

Port isolation means layer 2 isolation of the ports in the same VLAN so that layer 2 relay
cannot be done between a port and another ( or another group of ) port, but it can
communicate with the port in the upper layer. It prevents visiting between the ports,
effectively controls unnecessary broadcasting and increases the network throughput.

3.9.4 Packet Filter

Packet filter filters invalid or non-interesting data packets. The switch filters each packet
based on the defined rules, by comparing the source or destination address for
example. With packet filter, session state is ignored and data is not analyzed. You can
define which packets are permitted and which are denied.

3.9.5 IEEE 802.1X Authentication

IEEE 802.1x is virtually a port based network access control protocol. As the name
implies, the NAS on a LAN authenticates and controls the connected customer
premises equipment (CPE) at the port level. If the CPE connected to a port passes
authentication, it is allowed to access the LAN resources. Otherwise, it is rejected just
like its physical link is disconnected.
In implementing 802.1x, the Ethernet switches not only support the port-based access
authentication, but also extend and optimize it by:
Allowing a physical port to be connected to several terminals.
Supporting access control (that is user authentication) based on MAC address in
addition to port.
The system thus becomes securer and more operational and manageable.
Note that, although 802.1x provides an implementation scheme for user authentication,
the protocol itself is not enough to implement the scheme. The NAS administrators,
however, can use RADIUS or local authentication to complete the user authentication
with 802.1x.

3.9.6 Centralized MAC Address Authentication

Centralized MAC address authentication: the server or the Ethernet switch stores the
information on user MAC addresses. Once a new user is detected, the switch
authenticates the user by taking its MAC address as its user name and password. It
searches the MAC addresses table in the server or the switch for the user's MAC
3-15
Chapter 3 Software Features

Advertisement

Table of Contents
loading

Related Manuals for H3C S3600-28PSI

Related Content for H3C S3600-28PSI

This manual is also suitable for:

S3600-28ppwr-eiS3600-28tp-sS3600-52psiS3600-28peiS3600-28ppwr-siS3600-52pei ... Show all

Table of Contents