Linksys SFE2000P Release Notes for SFE2000 and SFE2000P - Page 15
Locked Port Support, RADIUS Client, TACACS, Password Management, 1x - Enhanced Features, DoS Attack - sfe2000 manual
UPC - 745883577989
View all Linksys SFE2000P manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 15 highlights
1 February 2007 RELEASE NOTES Linksys One Ready Communications Solution Locked Port Support Locked Port increases network security by limiting access on a specific port only to users with specific MAC addresses. These addresses are either manually defined or learned on that port. When a frame is seen on a locked port, and the frame source MAC address is not tied to that port, the protection mechanism is invoked. RADIUS Client RADIUS is a client/server-based protocol. A RADIUS server maintains a user database, which contains per-user authentication information, such as user name, password and accounting information. SSH Secure Shell (SSH) is a protocol that provides a secure, remote connection to a device. SSH version 2 is currently supported. The SSH server feature enables an SSH client to establish a secure, encrypted connection with a device. This connection provides functionality that is similar to an inbound telnet connection. SSH uses RSA and DSA Public Key cryptography for device connections and authentication. TACACS+ TACACS+ provides centralized security for validation of users accessing the device. TACACS+ provides a centralized user management system, while still retaining consistency with RADIUS and other authentication processes. Password Management Password management provides increased network security and improved password control. Passwords for SSH, Telnet, HTTP, HTTPS, and SNMP access are assigned security features. 802.1x - Enhanced Features • Single-host/Multiple-hosts- Single-host mode enables only the host that has been authorized to get access to the port. Filtering is based on the source MAC address. Multiple-hosts mode enables multiple hosts to be attached to a single 802.1X-enabled port. In this mode, only one of the attached hosts must be authorized for all hosts to be granted network access. If the port becomes unauthorized (re-authentication fails or an EAPOL-logoff message is received), all attached clients are denied access to the network. • Guest VLAN - limited access to the network when the port is unauthorized. • Unauthenticated VLANs - some VLANs in the switch would always be available, even if the port were unauthorized. DoS Attack Prevention Engine The device supports the ability to enable canned DoS protection to port, including: • Illegal TCP/ICMP packet check • Martian address check Linksys One Ready Communications Solution SFE2000/ 15 SFE2000P and SGE2000/SGE2000P