IndexIndex
8 Security Functions
Basic switching is focused on the task of distributing packets to whoever wants
them. In a Public Ethernet Environment there are strong requirements that
packets are not delivered to unauthorized receivers. Packets could be
delivered to unauthorized receivers due to verbose switching mechanisms like
broadcast, by faulty configurations, by manipulations by hostile users, and so
on.
This section describes the security mechanisms offered by the EFN324.
Note: Some of the security measures are dependent on others. That is, they
cannot be activated unless other security measures are activated.
8.1 Forced Forwarding
Forced Forwarding is a security measure that may be added on top of basic
switching mechanisms in order to enhance security. In an access network, one
such measure is to force uplink packets up to an edge node, instead of
switching the packets directly to another End-user, using the shortest path.
This way, there is a Layer 2 separation from End-user to End-user and End-
user to Access nodes.
Forced forwarding offers additional restrictions on switching compared to the
‘normal’ switching in the EFN324. Forced forwarding may be defined with a
gateway to which all packets are forwarded.
The connect command is used to configure forced forwarding in the EFN324.
Attributes in the ‘vlan’ (switching domain) and ‘connection’ resources will show
how forced forwarding has been configured.
Forced forwarding is enabled by specifying an uplink for a switching domain.
Additional security mechanisms may be configured as needed.
8.1.1 Define Uplink
The first step is to define an ‘uplink’ in the switching domain. Packets arriving
on links other than uplinks are forced to the uplink.
To Next Page
Loading...