Chapter 7 client security, Client security -1, Client security – SMC Networks SMC TigerAccess SMC7824M/FSW User Manual

7-1

C

HAPTER

7

C

LIENT

S

ECURITY

This switch supports many methods of segregating traffic for clients
attached to each of the data ports, and for ensuring that only authorized
clients gain access to the network. Private VLANs and port-based
authentication using IEEE 802.1X are commonly used for these purposes.
In addition to these methods, several other options of providing client
security are supported by this switch. These include port-based
authentication, which can be configured for network client access
by specifying a fixed set of MAC addresses (either by freezing a set of
dynamically learned entries or through static configuration), or by statically
configured MAC/IP address pairs. The addresses assigned to DHCP
clients can also be carefully controlled using static or dynamic bindings
with the IP Source Guard and DHCP Snooping commands.

This switch provides client security using the following options:

• Private VLANs – Provide port-based security and isolation between

ports within the assigned VLAN. (See “Configuring Private VLANs” on
page 12-25.)

• 802.1X – Use IEEE 802.1X port authentication to control access to

specific ports. (See “Configuring 802.1X Port Authentication” on page
6-19.)

• Port Security – Configure secure addresses for individual ports.
• IP Source Guard

5

– Filters untrusted DHCP messages on unsecure ports

by building and maintaining a DHCP snooping binding table. (See “IP
Source Guard Commands” on page 22-4.)

5. These functions can only be configured through the Command Line Interface.