Getting Started
Overview of Access Security Features
Overview of Access Security Features
■ Virus Throttling (page 3-1): Enables notification of worm-like behavior
detected in inbound routed traffic and, depending on how you configure
the feature, also throttles or blocks such traffic. This feature also provides
a method for allowing legitimate, high connection-rate traffic from a given
host while still protecting your network from possibly malicious traffic
from other hosts.
■ Local Manager and Operator Passwords (page 2-1): Control access
and privileges for the CLI, menu, and web browser interfaces. Includes
front-panel security information that allows you to disable or re-enable
some of the functions of the Clear and the Reset buttons located on the
switch’s front panel.
■ Web and MAC Authentication (page 4-1): Provides user or device
authentication through a RADIUS server without requiring the client to
use 802.1X supplicant software.
■ TACACS+ Authentication (page 5-1): Uses an authentication applica-
tion on a server to allow or deny access to the switch.
■ RADIUS Authentication and Accounting (page 6-1): Uses RADIUS
authentication on a central server to allow or deny access to the switch.
RADIUS also provides accounting services for sending data about user
activity and system events to a RADIUS server.
■ Secure Shell (SSH) Authentication (page 7-1): Provides encrypted
paths for remote access to switch management functions.
■ Secure Socket Layer (SSL) (page 8-1): Provides remote web access to
the switch via encrypted authentication paths between the switch and
management station clients capable of SSL/TLS operation.
■ Traffic/Security Filters (page 9-1): Enhance in-band security and
improve control over access to network resources by configuring static
filters to forward (the default action) or drop unwanted traffic. Configure
a traffic filter to either forward or drop all network traffic moving to
outbound (destination) ports and trunks (if any) on the switch.
■ Port-Based Access Control (802.1X) (page 10-1): On point-to-point
connections, enables the switch to allow or deny traffic between a port
and an 802.1X-aware device (supplicant) attempting to access the switch.
Also enables the switch to operate as a supplicant for connections to other
802.1X-aware switches. Includes the option of allowing only the device
having the first MAC address detected by a port.
1-10
To Next Page
Loading...
Need help?
General
