Linksys SFE2000P Release Notes for SFE2000 and SFE2000P - Page 15

Locked Port Support, RADIUS Client, TACACS, Password Management, 1x - Enhanced Features, DoS Attack - sfe2000 manual

Get Linksys SFE2000P - Managed Ethernet Switch PDF manuals and user guides
UPC - 745883577989
View all Linksys SFE2000P manuals
Add to My Manuals
Save this manual to your list of manuals

Page 15 highlights

1 February 2007 RELEASE NOTES Linksys One Ready Communications Solution Locked Port Support Locked Port increases network security by limiting access on a specific port only to users with specific MAC addresses. These addresses are either manually defined or learned on that port. When a frame is seen on a locked port, and the frame source MAC address is not tied to that port, the protection mechanism is invoked. RADIUS Client RADIUS is a client/server-based protocol. A RADIUS server maintains a user database, which contains per-user authentication information, such as user name, password and accounting information. SSH Secure Shell (SSH) is a protocol that provides a secure, remote connection to a device. SSH version 2 is currently supported. The SSH server feature enables an SSH client to establish a secure, encrypted connection with a device. This connection provides functionality that is similar to an inbound telnet connection. SSH uses RSA and DSA Public Key cryptography for device connections and authentication. TACACS+ TACACS+ provides centralized security for validation of users accessing the device. TACACS+ provides a centralized user management system, while still retaining consistency with RADIUS and other authentication processes. Password Management Password management provides increased network security and improved password control. Passwords for SSH, Telnet, HTTP, HTTPS, and SNMP access are assigned security features. 802.1x - Enhanced Features • Single-host/Multiple-hosts- Single-host mode enables only the host that has been authorized to get access to the port. Filtering is based on the source MAC address. Multiple-hosts mode enables multiple hosts to be attached to a single 802.1X-enabled port. In this mode, only one of the attached hosts must be authorized for all hosts to be granted network access. If the port becomes unauthorized (re-authentication fails or an EAPOL-logoff message is received), all attached clients are denied access to the network. • Guest VLAN - limited access to the network when the port is unauthorized. • Unauthenticated VLANs - some VLANs in the switch would always be available, even if the port were unauthorized. DoS Attack Prevention Engine The device supports the ability to enable canned DoS protection to port, including: • Illegal TCP/ICMP packet check • Martian address check Linksys One Ready Communications Solution SFE2000/ 15 SFE2000P and SGE2000/SGE2000P

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
15
Linksys One Ready Communications Solution SFE2000/
SFE2000P and SGE2000/SGE2000P
Linksys One Ready Communications Solution
RELEASE NOTES
1 February 2007
Locked Port Support
Locked Port increases network security by limiting access on a specific port only to users with specific
MAC addresses. These addresses are either manually defined or learned on that port. When a frame is
seen on a locked port, and the frame source MAC address is not tied to that port, the protection
mechanism is invoked.
RADIUS Client
RADIUS is a client/server-based protocol. A RADIUS server maintains a user database, which contains
per-user authentication information, such as user name, password and accounting information.
SSH
Secure Shell (SSH) is a protocol that provides a secure, remote connection to a device. SSH version 2 is
currently supported. The SSH server feature enables an SSH client to establish a secure, encrypted
connection with a device. This connection provides functionality that is similar to an inbound telnet
connection. SSH uses RSA and DSA Public Key cryptography for device connections and
authentication.
TACACS+
TACACS+ provides centralized security for validation of users accessing the device. TACACS+
provides a centralized user management system, while still retaining consistency with RADIUS and
other authentication processes.
Password Management
Password management provides increased network security and improved password control. Passwords
for SSH, Telnet, HTTP, HTTPS, and SNMP access are assigned security features.
802.1x – Enhanced Features
Single-host/Multiple-hosts-
Single-host mode enables only the host that has been authorized to
get access to the port. Filtering is based on the source MAC address. Multiple-hosts mode enables
multiple hosts to be attached to a single 802.1X-enabled port. In this mode, only one of the
attached hosts must be authorized for all hosts to be granted network access. If the port becomes
unauthorized (re-authentication fails or an EAPOL-logoff message is received), all attached
clients are denied access to the network.
Guest VLAN - limited access to the network when the port is unauthorized.
Unauthenticated VLANs - some VLANs in the switch would always be available, even if the port
were unauthorized.
DoS Attack Prevention Engine
The device supports the ability to enable canned DoS protection to port, including:
Illegal TCP/ICMP packet check
Martian address check