Ipv6 multicast features, Security features – Dell POWEREDGE M1000E User Manual

Introduction

31

IPv6 Multicast Features

Protocol Independent Multicast IPv6 Support

PIM-DM and PIM-SM support IPv6 routes.

MLD/MLDv2 (RFC2710/RFC3810)

MLD is used by IPv6 systems (listeners and routers) to report their IP multicast addresses memberships

to any neighboring multicast routers. The implementation of MLD v2 is backward compatible with

MLD v1.
MLD protocol enables the IPv6 router to discover the presence of multicast listeners, the nodes that

want to receive the multicast data packets, on its directly attached interfaces. The protocol specifically

discovers which multicast addresses are of interest to its neighboring nodes and provides this information

to the multicast routing protocol that make the decision on the flow of the multicast data packets.

Security Features

Access Control Lists (ACL)

Access Control Lists (ACLs) ensure that only authorized users have access to specific resources while

blocking off any unwarranted attempts to reach network resources. ACLs are used to provide traffic flow

control, restrict contents of routing updates, decide which types of traffic are forwarded or blocked, and

above all provide security for the network.
For information about defining ACLs, see "IP ACL Configuration" and "MAC ACL Configuration."

Dot1x Authentication (802.1x)

Dot1x authentication enables the authentication of system users through an external server. Only

authenticated and approved system users can transmit and receive data. Supplicants are authenticated

through the Remote Authentication Dial In User Service (RADIUS) server using the Extensible

Authentication Protocol (EAP). Also supported are PEAP, EAP-TTL, EAP-TTLS, and EAP-TLS. MAC-

based authentication allows multiple supplicants connected to the same port to each authenticate

individually. For example, a system attached to the port might be required to authenticate in order to

gain access to the network, while a VoIP phone might not need to authenticate in order to send voice

traffic through the port.
For information about enabling and configuring 802.1X port authentication, see

"Dot1x

Authentication."

Locked Port Support

The locked port feature limits access on a port to users with specific MAC addresses. These addresses are

manually defined or learned on that port. When a frame is seen on a locked port, and the frame source

MAC address is not tied to that port, the protection mechanism is invoked.
For information about enabling locked port security, see

"Port Security."