9
3.14. AR Guard........................................................................................................... 113
3.15. FIP Snooping ..................................................................................................... 113
3.16. ECN ................................................................................................................... 117
3.16.1. Enabling ECN in Microsoft Windows .............................................................................................................. 118
3.16.2. Example 1: SLA Example ................................................................................................................................. 118
3.16.3. Example 2: Data Cetner TCP (DCTCP) Configuration ...................................................................................... 121
4. Configuring Security Features ...................................................................... 123
4.1. Controlling Management Access ......................................................................................... 123
4.1.1. Using RADIUS Servers for Management Security ........................................................................................... 123
4.1.1.1. RADIUS Dynamic Authorization .................................................................................................................. 124
4.1.2. Using TACACS+ to Control Management Access ............................................................................................ 126
4.1.3. Configuring and Applying Authentication Profiles.......................................................................................... 126
4.1.3.1. Configuring Authentication Profiles for Post-based Authentication ........................................................... 128
4.1.4. Configuring the Primary and Secondary RADIUS Servers ............................................................................... 128
4.1.5. Configuring an Authentication Profile ............................................................................................................ 129
4.2. Configuring DHCP Snooping, DAI, and IPSG ......................................................................... 130
4.2.1. DHCP Snooping Overview ............................................................................................................................... 130
4.2.1.1. Populating the DHCP Snooping Bindings Database .................................................................................... 131
4.2.1.2. DHCP Snooping and VLANs ......................................................................................................................... 131
4.2.1.3. DHCP Snooping Logging and Rate Limits.................................................................................................... 132
4.2.2. IP Source Guard Overview .............................................................................................................................. 132
4.2.2.1. IPSG and Port Security ................................................................................................................................ 132
4.2.3. Dynamic ARP Inspection Overview ................................................................................................................. 133
4.2.3.1. Optional DAI Features ................................................................................................................................ 133
4.2.4. Increasing Security with DHCP Snooping, DAI, and IPSG ................................................................................ 133
4.2.5. Configuring DHCP Snooping ........................................................................................................................... 134
4.2.6. Configuring IPSG ............................................................................................................................................. 135
4.3. ACLs 136
4.3.1. MAC ACLs ........................................................................................................................................................ 136
4.3.2. IP ACLs ............................................................................................................................................................ 137
4.3.3. ACL Redirect Function ..................................................................................................................................... 137
4.3.4. ACL Mirror Function ........................................................................................................................................ 138
4.3.5. ACL Logging .................................................................................................................................................... 138
4.3.6. Time-based ACLs ............................................................................................................................................. 138
4.3.7. ACL Rule Remarks ........................................................................................................................................... 139
4.3.8. ACL Rule Priority ............................................................................................................................................. 139
To Next Page
Loading...