– 249 –
12 Security Measures
You can configure this switch to authenticate users logging into the system for
management access using local or remote authentication methods. Port-based
authentication using IEEE 802.1X can also be configured to control either
management access to the uplink ports or client access to the data ports. This
switch provides secure network management access using the following options:
◆ AAA – Use local or remote authentication to configure access rights, specify
authentication servers, configure remote authentication and accounting.
◆ User Accounts – Manually configure access rights on the switch for specified
users.
◆ Web Authentication – Allows stations to authenticate and access the network
in situations where 802.1X or Network Access authentication methods are
infeasible or impractical.
◆ Network Access - Configure MAC authentication, intrusion response, dynamic
VLAN assignment, and dynamic QoS assignment.
◆ HTTPS – Provide a secure web connection.
◆ SSH – Provide a secure shell (for secure Telnet access).
◆ ACL – Access Control Lists provide packet filtering for IP frames (based on
address, protocol, Layer 4 protocol port number or TCP control code).
◆ ARP Inspection – Security feature that validates the MAC Address bindings for
Address Resolution Protocol packets. Provides protection against ARP traffic
with invalid MAC to IP Address bindings, which forms the basis for certain
“man-in-the-middle” attacks.
◆ IP Filter – Filters management access to the web, SNMP or Telnet interface.
◆ Port Security – Configure secure addresses for individual ports.
◆ Port Authentication – Use IEEE 802.1X port authentication to control access to
specific ports.
◆ DoS Protection – Protects against Denial-of-Service attacks.
◆ IP Source Guard – Filters untrusted DHCP messages on insecure ports by
building and maintaining a DHCP snooping binding table.
◆ DHCP Snooping – Filter IP traffic on insecure ports for which the source address
cannot be identified via DHCP snooping.
To Next Page
Loading...
Need help?
General
