3Com 3C17300A Implementation Guide - Page 85

What is Disconnect Unauthorized Device (DUD)? 85 What is Disconnect Unauthorized Device (DUD)? The port security feature Disconnect Unauthorized Device (DUD), disables a port if an unauthorized client device transmits data on it. DUD may be automatically enabled when a port is set to one of the following port security modes: ■ Automatic Learning ■ Network Login (Secure) ■ Learning off How DUD Works Disconnect Unauthorized Device (DUD) protects the network by checking the source MAC address of each packet received on a port against the authorized addresses for that port. You can configure DUD to perform one of the following actions if an unauthorized client device transmits data on the port: ■ Permanently disable the port - The port is disabled and data from the unauthorized client device is not transmitted. ■ Temporarily disable the port - The port is disabled for 20 seconds. When the time period has expired the port is re-enabled; if the port is set to one of the Network Login security modes, the client device is authenticated again. ■ Do not disable the port - The port is not disabled and data from authorized client devices will continue to be transmitted, whilst data from unauthorized client devices will be filtered. What is RADIUS? Remote Authentication Dial-In User Service (RADIUS) is an industry standard protocol for carrying authentication, authorization and configuration information between a network device and a shared authentication server. Transactions between each network device and the server are authenticated by the use of a shared secret. Additional security is provided by encryption of passwords to prevent interception by a network snooper. RADIUS is defined in the RFCs 2865 and 2866, "Remote Authentication Dial-in User Service (RADIUS)" and "RADIUS Accounting". Network Login and Rada both utilize the RADIUS protocol.