9 client security – PLANET SGSD-1022 User Manual
Page 297
User’s Manual of SGSD-1022 / SGSD-1022P
SGSW-2840 / SGSW-2840P
4.11.9 Client Security
This Managed Switch supports many methods of segregating traffic for clients attached to each of the data ports, and for
ensuring that only authorized clients gain access to the network. Private VLANs and port-based authentication using IEEE
802.1X are commonly used for these purposes. In addition to these methods, several other options of providing client security
are supported by this switch. These include port-based authentication, which can be configured for network client access by
specifying a fixed set of MAC addresses. The addresses assigned to DHCP clients can also be carefully controlled using static
or dynamic bindings with the IP Source Guard and DHCP Snooping commands.
This Managed Switch provides client security using the following options:
• Private VLANs – Provide port-based security and isolation between ports within the assigned VLAN. (See “
Private VLANs
”)
• Port Security – Configure secure addresses for individual ports.
• 802.1X – Use IEEE 802.1X port authentication to control access to specific ports. (See “
Configuring 802.1X Port
Authentication
”.)
• Web Authentication - Allows stations to authenticate and access the network in situations where 802.1X or Network Access
authentication methods are infeasible or impractical.
• Network Access - Configures MAC authentication and dynamic VLAN assignment.
• ACL -Access Control Lists provide packet filtering for IP frames (based on address, protocol, Layer 4 protocol port number or
TCP control code) or any frames (based on MAC address or Ethernet type).
• DHCP Snooping – Filters IP traffic on unsecure ports for which the source address cannot be identified via DHCP snooping
nor static source bindings. (See “
DHCP Snooping
”.)
• IP Source Guard – Filters untrusted DHCP messages on unsecure ports by building and maintaining a DHCP snooping
binding table. (See “IP Source Guard”.)
The priority of execution for the filtering commands is Port Security, Port Authentication,
Network Access, Web Authentication, Access Control Lists, IP Source Guard, and then
DHCP Snooping.
297