Installation manual
4-146
SIGNAMAX LLC • www.signamax.eu
General Security Measures
This switch supports many methods of segregating traffic for clients attached to each of
the data ports, and for ensuring that only authorized clients gain access to the network.
Private VLANs and port-based authentication using IEEE 802.1X are commonly used for
these purposes. In addition to these methods, several other options of providing client
security are described in this section. These include port-based authentication, which can
be configured to allow network client access by specifying a fixed set of MAC addresses.
The addresses assigned to DHCP clients can also be carefully controlled using static or
dynamic bindings with the IP Source Guard and DHCP Snooping commands.
Table 4-40 Client Security Commands
Command Group Function Page
Private VLANs Configures private VLANs, including uplink and downlink ports 4-258
Port Security
*
* The priority of execution for these filtering commands is Port Security, Port Authentication, Network Access,
Web Authentication, Access Control Lists, DHCP Snooping, and then IP Source Guard.
Configures secure addresses for a port 4-147
Port Authentication
*
Configures host authentication on specific ports using 802.1X 4-135
Network Access
*
Configures MAC authentication and dynamic VLAN assignment 4-149
Web Authentication
*
Configures Web authentication 4-156
Access Control Lists
*
Provides filtering for IP frames (based on address, protocol, TCP/
UDP port number or TCP control code) or non-IP frames (based on
MAC address or Ethernet type)
4-174
DHCP Snooping
*
Filters untrusted DHCP messages on unsecure ports by building
and maintaining a DHCP snooping binding table
4-162
IP Source Guard
*
Filters IP traffic on unsecure ports for which the source address
cannot be identified via DHCP snooping nor static source bindings
4-170