General security measures, 29 g, Eneral – LevelOne GTL-2691 User Manual
Page 921: Ecurity, Easures, Table 83: general security commands, General security measures" on
– 921 –
29
G
ENERAL
S
ECURITY
M
EASURES
This switch supports many methods of segregating traffic for clients
attached to each of the data ports, and for ensuring that only authorized
clients gain access to the network. Private VLANs and Port-based
authentication using IEEE 802.1X are commonly used for these purposes.
In addition to these method, several other options of providing client
security are described in this chapter. These include port-based
authentication, which can be configured to allow network client access
by specifying a fixed set of MAC addresses. The addresses assigned to
DHCP clients can also be carefully controlled with IP Source Guard and
DHCP Snooping commands.
Table 83: General Security Commands
Command Group
Function
*
* The priority of execution for these filtering commands is Port Security, Port
Authentication, Network Access, Web Authentication, Access Control Lists, DHCP
Snooping, and then IP Source Guard.
Configures secure addresses for a port
*
Configures host authentication on specific ports using 802.1X
Configures MAC authentication and dynamic VLAN assignment
*
Configures Web authentication
Provides filtering for IP frames (based on address, protocol, TCP/
UDP port number or TCP control code) or non-IP frames (based on
MAC address or Ethernet type)
Filters untrusted DHCP messages on unsecure ports by building
and maintaining a DHCP snooping binding table
*
Filters IP traffic on insecure ports for which the source address
cannot be identified via DHCP snooping nor static source bindings
Validates the MAC-to-IP address bindings in ARP packets
Protects against Denial-of-Service attacks