Security features – Dell POWEREDGE M1000E User Manual

1-9

Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide

OL-13270-03

Chapter 1 Overview

Features

•

Port security on a PVLAN host to limit the number of MAC addresses learned on a port, or define
which MAC addresses may be learned on a port

•

VLAN Flex Link Load Balancing to provide Layer 2 redundancy without requiring Spanning Tree
Protocol (STP). A pair of interfaces configured as primary and backup links can load balance traffic
based on VLAN.

Security Features

The switch ships with these security features:

•

Web authentication to allow a supplicant (client) that does not support IEEE 802.1x functionality to
be authenticated using a web browser.

•

Password-protected access (read-only and read-write access) to management interfaces (device
manager, Network Assistant, and the CLI) for protection against unauthorized configuration
changes

•

Multilevel security for a choice of security level, notification, and resulting actions

•

Static MAC addressing for ensuring security

•

Protected port option for restricting the forwarding of traffic to designated ports on the same switch

•

Port security option for limiting and identifying MAC addresses of the stations allowed to access
the port

•

VLAN aware port security option to shut down the VLAN on the port when a violation occurs,
instead of shutting down the entire port

•

Port security aging to set the aging time for secure addresses on a port

•

BPDU guard for shutting down a Port Fast-configured port when an invalid configuration occurs

•

Standard and extended IP access control lists (ACLs) for defining security policies in both directions
on routed interfaces (router ACLs) and VLANs and inbound on Layer 2 interfaces (port ACLs)

•

Extended MAC access control lists for defining security policies in the inbound direction on Layer 2
interfaces

•

VLAN ACLs (VLAN maps) for providing intra-VLAN security by filtering traffic based on
information in the MAC, IP, and TCP/UDP headers

•

Source and destination MAC-based ACLs for filtering non-IP traffic

•

IPv6 ACLs to be applied to interfaces to filter IPv6 traffic

•

DHCP snooping to filter untrusted DHCP messages between untrusted hosts and DHCP servers

•

IP source guard to restrict traffic on nonrouted interfaces by filtering traffic based on the DHCP
snooping database and IP source bindings

•

Dynamic ARP inspection to prevent malicious attacks on the switch by not relaying invalid ARP
requests and responses to other ports in the same VLAN

•

IEEE 802.1Q tunneling so that customers with users at remote sites across a service-provider
network can keep VLANs segregated from other customers and Layer 2 protocol tunneling to ensure
that the customer’s network has complete STP, CDP, and VTP information about all users

•

Layer 2 point-to-point tunneling to facilitate the automatic creation of EtherChannels

•

Layer 2 protocol tunneling bypass feature to provide interoperability with third-party vendors

•

Flexible-authentication sequencing to configure the order of the authentication methods that a port
tries when authenticating a new host