ExtremeWare Software 7.3.0 Command Reference Guide 761
11 Security Commands
This chapter describes:
• Commands for creating and configuring routing access policies
• Commands for creating and configuring IP access lists
• Commands for creating and configuring route maps
• Commands for managing the switch using SSH2
• Commands related to switch user authentication through a RADIUS client
• Commands related to switch user authentication through TACACS+
• Commands for protecting the switch from Denial of Service (DoS) attacks
• Commands for Network Login configuration
• Commands for Trusted MAC or OUI configuration
• Commands for configuring secure access for all wired and wireless stations through Unified
Accessâ„¢ Security
Access policies are a generalized category of features that impact forwarding and route forwarding
decisions. Access policies are used primarily for security and quality of service (QoS) purposes.
IP access lists (also referred to as Access Lists or ACLs) consist of IP access rules and are used to perform
packet filtering and forwarding decisions on incoming traffic. Each packet arriving on an ingress port is
compared to the access list in sequential order and is either forwarded to a specified QoS profile or
dropped. Using access lists has no impact on switch performance.
Access lists are typically applied to traffic that crosses layer 3 router boundaries, but it is possible to use
access lists within a layer 2 VLAN. Extreme products are capable of performing this function with no
additional configuration.
Routing access policies are used to control the advertisement or recognition of routing protocols, such as
R I P, O SP F, I S - I S , o r B G P. R o u t in g a ccess policies can be used to ‘hide’ entire networks or to trust only
specific sources for routes or ranges of routes. The capabilities of routing access policies are specific to
the type of routing protocol involved, but are sometimes more efficient and easier to implement than
access lists.
To use routing access policies, follow these steps:
1 Create an access profile.
2 Configure the access profile mode to be of type permit, deny, or none (which allows per-entry
configuration of the permit/deny attribute).
To Next Page
Loading...
Need help?
General
