Configuration Guide Ruijie Switches Security Compatible Mode Configuration
Global IP-MAC binding: The packets are allowed only when they match the
global IP-MAC binding or otherwise they will be dropped.
Port security: The packets are allowed only when they match the port security
address or the bound port security address if port security-IP binding is enabled.
802.1x authentication: Only the packets passing 802.1x authentication are
forwarded.
GSN binding: Only the packets matching GSN binding are forwarded.
IP Source Guard: Only the packets matching IP Source Guard binding are
forwarded.
ARP Check:When the global IP-MAC binding, port security binding, 802.1x
binding, GSN binding, or IPv4 IP Source Guard binding is enabled, only the
ARP packets matching IP-MAC binding are forwarded if you enable ARP
Check.
For details, refer to corresponding sections of configuration guide.
Network Security Components
Network security components include:
Anti gateway ARP spoofing: The packets matching the anti gateway ARP
spoofing setting are directly dropped.
NFPP (Network Foundation Protection Policy): The packets matching the NFPP
setting are directly dropped.
GSN isolation and blocking: The packets matching the GSN blocking setting are
dropped and the ones matching the GSN isolation setting are isolated into a
specific segment.
Anti source IP spoofing: This mainly refers to source IP check. Only the packets
matching the source IP address are forwarded.
CPP: The packets matching CPP are copied to CPU
ACL: The packets matching the ACL Permit rule are forwarded and the ones
matching the ACL deny rule are dropped.
Multicast source IP /source port check: The packets matching the multicast
source IP/source port check are forwarded.
For details, refer to corresponding sections of configuration guide.
Security-compabible Mode
The respective functions in the access cotnrol components and the network
security components as well as both two kinds of components can coexist in
To Next Page
Loading...
