Datasheet

ManualsBrandsExtreme Networks ManualsPower Supply Units10906

Extreme Networks Data Sheet: Summit X150 Series

Comprehensive Security Management

Implementing a secure network means providing protection at the network perimeter as well as the core. Summit X150

series switches use advanced security functions to help protect your network from known or potential threats. Security

oerings from Extreme Networks encompass three key areas: user and host integrity, threat detection and response,

and hardened network infrastructure.

IP Security

ExtremeXOSIPSecurityFrameworkhelpsprotectthenetwork

infrastructure,networkservicessuchasDHCPandDNSand

hostcomputersfromspoongandman-in-themiddleattacks.

Italsohelpsprotectthenetworkfromstaticallycongured

and/orspoofedIPaddressesandbuildsanexternaltrusted

databaseofMAC/IP/portbindingsprovidingthetrac’ssource

fromaspecicaddressforimmediatedefense.

Identity Manager

IdentityManagerallowsnetworkmanagerstotrackuserswho

accesstheirnetwork.Useridentityiscapturedbasedon

NetLoginauthentication,LLDPdiscoveryandKerberos

snooping.ExtremeXOSusestheinformationtothenreporton

theMAC,VLAN,computerhostname,andportlocationofthe

user.Further,IdentityManagercancreatebothrolesand

policies,andthenbindthemtogethertocreaterole-based

prolesbasedonorganizationalstructureorotherlogical

groupings,andapplythemacrossmultipleuserstoallow

appropriateaccesstonetworkresources.

Network Intrusion Detection and

Response

Hardware-Based sFlow Sampling

sFlow®isasamplingtechnologythatprovidestheabilityto

continuouslymonitorapplication-leveltracowsonall

interfacessimultaneously.ThesFlowagentisasoftware

processthatrunsonSummitX150switchesandpackagesdata

intosFlowdatagramsthataresentoverthenetworktoan

sFlowcollector.Thecollectorgivesanup-to-theminuteview

oftracacrosstheentirenetwork,providingtheabilityto

troubleshootnetworkproblems,controlcongestionanddetect

networksecuritythreats.

Port Mirroring

Toallowthreatdetectionandprevention,SummitX150

switchessupportmany-to-oneandone-to-manyport

mirroring.Thisallowsthemirroringoftractoanexternal

networkappliancesuchasanintrusiondetectiondevicefor

trendanalysisorforutilizationbyanetworkadministratorfor

diagnosticpurposes.

User Authentication and Host

Integrity Checking

Network Login

NetworkLogincapabilityenforcesuseradmissionandusage

policies.SummitX150seriesswitchessupportacomprehensive

rangeofNetworkLoginoptionsbyprovidingan802.1x

agent-basedapproach,aWeb-based(agent-less)login

capabilityforguests,andaMAC-basedauthenticationmodel

fordevices.WiththesemodesofNetworkLogin,only

authorizedusersanddevicesarepermittedtoconnecttothe

networkandbeassignedtotheappropriateVLAN.

Multiple Supplicant Support

Sharedportsrepresentapotentialvulnerabilityinanetwork.

Multiplesupplicantcapabilityonaswitchallowsittouniquely

authenticateandapplytheappropriatepoliciesandVLANsfor

eachuserordeviceonasharedport.

MultiplesupplicantsupporthelpssecureIPTelephonyand

wirelessaccess.Convergednetworkdesignsofteninvolvethe

useofsharedports(seeFigure2).

Host Integrity Checking

Hostintegritycheckinghelpskeepinfectedornon-compliant

machinesothenetwork.SummitX150seriesswitches

supportahostintegrityorendpointintegritysolutionthatis

basedonthemodelfromtheTrustedComputingGroup.

Extensive MAC and IP Security

Functionality

Media Access Control (MAC) Lockdown

MACsecurityallowsthelockdownofaporttoagivenMAC

addressandlimitingthenumberofMACaddressesonaport.

MACsecuritycanbeusedtodedicateportstospecichostsor

devicessuchasVoIPphonesorprintersandavoidabuseofthe

port—acapabilitythatisparticularlyusefulinenvironments

suchashotels.Inaddition,anagingtimercanbeconguredfor

theMAClockdown,protectingthenetworkfromtheeectsof

attacksusing(oftenrapidly)changingMACaddresses.