Chapter 23 client security commands, 23 client security commands -1, Client security commands – SMC Networks TigerAccess SMC7816M User Manual

23-1

C

HAPTER

23

C

LIENT

S

ECURITY

C

OMMANDS

This switch supports many methods of segregating traffic for clients
attached to each of the data ports, and for ensuring that only authorized
clients gain access to the network. Private VLANs and port-based
authentication using IEEE 802.1X are commonly used for these purposes.
In addition to these methods, several other options of providing client
security are described in this chapter. These include port-based
authentication, which can be configured to allow network client access
by specifying a fixed set of MAC addresses (either by freezing a set of
dynamically learned entries or through static configuration), or to deny
client access by statically configuring MAC/IP address pairs (using packet
filtering rules). NetBIOS traffic commonly used for resource sharing in a
peer-to-peer environment can be completely blocked to ensure that no
privileged client data is passed to other data ports. DHCP service requests
can also be blocked to ensure that only static addresses assigned by the
service provider are used, or DHCP replies can be blocked on specific
ports to ensure that DHCP service requests are only answered through
authorized uplink ports. The addresses assigned to DHCP clients can also
be carefully controlled using static or dynamic bindings with the IP Source
Guard and DHCP Snooping commands.