Chapter 7 client security, Client security -1, Client security – SMC Networks TigerAccess SMC7816M User Manual

7-1

C

HAPTER

7

C

LIENT

S

ECURITY

This switch supports many methods of segregating traffic for clients
attached to each of the data ports, and for ensuring that only authorized
clients gain access to the network. Private VLANs and port-based
authentication using IEEE 802.1X are commonly used for these purposes.

In addition to these methods, several other options of providing client
security are supported by this switch. These include port-based
authentication, which can be configured to allow network client access
by specifying a fixed set of MAC addresses (either by freezing a set of
dynamically learned entries or through static configuration), or to deny
client access by statically configuring MAC/IP address pairs (using packet
filtering rules).

DHCP service requests can be blocked to ensure that only static addresses
assigned by the service provider are used, or DHCP replies can be blocked
on specific ports to ensure that DHCP service requests are only answered
through authorized uplink ports. The addresses assigned to DHCP clients
can also be carefully controlled using dynamic bindings registered with
DHCP Snooping or static bindings configured with IP Source Guard.

NetBIOS

6

traffic commonly used for resource sharing in a peer-to-peer

environment can also be completely blocked to ensure that no privileged
client data is passed to other data ports.

6. NetBIOS - Network Basic Input Output System