– 245 –
8 General Security Measures
This switch supports many methods of segregating traffic for clients attached to
each of the data ports, and for ensuring that only authorized clients gain access to
the network. Port-based authentication using IEEE 802.1X is commonly used for
these purposes. In addition to these method, several other options of providing
client security are described in this chapter. These include port-based
authentication, which can be configured to allow network client access
by specifying a fixed set of MAC addresses. The addresses assigned to DHCP clients
can also be carefully controlled with IP Source Guard and DHCP Snooping
commands.
Table 47: General Security Commands
Command Group Function
Port Security
*
* The priority of execution for these filtering commands is Port Security, Port Authentication,
Network Access, Web Authentication, Access Control Lists, DHCP Snooping, and then IP Source
Guard.
Configures secure addresses for a port
802.1X Port
Authentication*
Configures host authentication on specific ports using 802.1X
Network Access* Configures MAC authentication and dynamic VLAN assignment
Web Authentication* Configures Web authentication
Access Control Lists* Provides filtering for IP frames (based on address, protocol, TCP/UDP
port number or TCP control code) or non-IP frames (based on MAC
address or Ethernet type)
DHCP Snooping* Filters untrusted DHCP messages on unsecure ports by building and
maintaining a DHCP snooping binding table
IP Source Guard* Filters IP traffic on insecure ports for which the source address cannot
be identified via DHCP snooping nor static source bindings
ARP Inspection Validates the MAC-to-IP address bindings in ARP packets
DoS Protection Protects against Denial-of-Service attacks
Port Isolation Restricts transmission types or protocol types allowed to pass between
specified ports
Port-based Traffic
Segmentation
Configures traffic segmentation for different client sessions based on
specified downlink and uplink ports
To Next Page
Loading...
Need help?
General
