1-7
Security Overview
Network Security Features
Access Control
Lists (ACLs)
none ACLs can filter traffic to or from a host, a group of hosts,
or entire subnets. Layer 3 IP filtering with Access Control
Lists (ACLs) enables you to improve network
performance and restrict network use by creating
policies for:
• Switch Management Access: Permits or denies in-
band management access. This includes preventing
the use of certain TCP or UDP applications (such as
Telnet, SSH, WebAgent, and SNMP) for transactions
between specific source and destination IP
addresses.)
• Application Access Security: Eliminating unwanted
IP, TCP, or UDP traffic by filtering packets where they
enter or leave the switch on specific interfaces.
Note on ACL Security Use:
ACLs can enhance network security by blocking
selected IP traffic, and can serve as one aspect of
maintaining network security. However, because ACLs
do not provide user or device authentication, or
protection from malicious manipulation of data carried
in IP packet transmissions, they should not be relied
upon for a complete security solution.
Chapter 10, “IPv4 Access
Control Lists (ACLs)”
Port Security,
MAC Lockdown,
and MAC
Lockout
none The features listed below provide device-based access
security in the following ways:
• Port security: Enables configuration of each switch
port with a unique list of the MAC addresses of
devices that are authorized to access the network
through that port. This enables individual ports to
detect, prevent, and log attempts by unauthorized
devices to communicate through the switch. Some
switch models also include eavesdrop prevention in
the port security feature.
• MAC lockdown: This “static addressing” feature is
used as an alternative to port security to prevent
station movement and MAC address “hijacking” by
allowing a given MAC address to use only one
assigned port on the switch. MAC lockdown also
restricts the client device to a specific VLAN.
• MAC lockout: This feature enables blocking of a
specific MAC address so that the switch drops all
traffic to or from the specified address.
Chapter 14, “Configuring and
Monitoring Port Security”
See also “Precedence of
Port-Based Security
Options” on page 1-15
Feature Default
Setting
Security Guidelines More Information and
Configuration Details
To Next Page
Loading...
