General security measures, Table 4-41, General security commands – LevelOne FGL-2870 User Manual
Page 523
General Security Measures
4-157
4
General Security Measures
This switch supports many methods of segregating traffic for clients attached to
each of the data ports, and for ensuring that only authorized clients gain access to
the network. Private VLANs and port-based authentication using IEEE 802.1X are
commonly used for these purposes. In addition to these methods, several other
options of providing client security are described in this section. These include
port-based authentication, which can be configured to allow network client access
by specifying a fixed set of MAC addresses. The addresses assigned to DHCP
clients can also be carefully controlled using static or dynamic bindings with the IP
Source Guard and DHCP Snooping commands.
Table 4-41 General Security Commands
Command Group
Function
Page
Private VLANs
Configures private VLANs, including uplink and downlink ports
Port Security
*
* The priority of execution for these filtering commands is Port Security, Port Authentication, Network Access, Web
Authentication, Access Control Lists, DHCP Snooping, and then IP Source Guard.
Configures secure addresses for a port
Port Authentication
Configures host authentication on specific ports using 802.1X
Network Access
Configures MAC authentication and dynamic VLAN assignment
Web Authentication
Configures Web authentication
Access Control Lists
Provides filtering for IPv4 frames (based on address, protocol,
Layer 4 protocol port number or TCP control code), IPv6 frames
(based on address, next header type, or flow label), or non-IP
frames (based on MAC address or Ethernet type)
DHCP Snooping
Filters untrusted DHCP messages on insecure ports by building and
maintaining a DHCP snooping binding table
IP Source Guard
Filters IP traffic on insecure ports for which the source address
cannot be identified via DHCP snooping nor static source bindings
ARP Inspection
Validates the MAC-to-IP address bindings in ARP packets