13 client security commands – PLANET SGSD-1022 User Manual

User’s Manual of SGSD-1022 / SGSD-1022P

SGSW-2840 / SGSW-2840P

Example

Console# show management all-client
Management IP Filter
HTTP-Client:
Start IP address End IP address
192.168.1.19 192.168.1.19
192.168.1.25 192.168.1.30

SNMP-Client:
Start IP address End IP address
192.168.1.19 192.168.1.19
192.168.1.25 192.168.1.30

TELNET-Client:
Start IP address End IP address
192.168.1.19 192.168.1.19
192.168.1.25 192.168.1.30

Console#

5.13 Client Security Commands

This switch supports many methods of segregating traffic for clients attached to each of the data ports, and for ensuring that only

authorized clients gain access to the network. Private VLANs and port-based authentication using IEEE 802.1X are commonly

used for these purposes. In addition to these methods, several other options of providing client security are described in this

section. These include port-based authentication, which can be configured to allow network client access by specifying a fixed

set of MAC addresses. The addresses assigned to DHCP clients can also be carefully controlled using static or dynamic

bindings with the IP Source Guard and DHCP Snooping commands.

Table 4-40 Client Security Commands

Command Group

Function

Private VLANs

Configures private VLANs, including uplink and downlink ports

Port Security*

Configures secure addresses for a port

Port Authentication*

Configures host authentication on specific ports using 802.1X

Network Access*

Configures MAC authentication and dynamic VLAN assignment

Web Authentication*

Configures Web authentication

Access Control Lists*

Provides filtering for IP frames (based on address, protocol, TCP/UDP port

number or TCP control code) or non-IP frames (based on MAC address or

Ethernet type)

475