6
Extreme Networks Data Sheet: Summit X450e Series
Comprehensive Security Management
Implementing a secure network means providing protection at the network perimeter as well as the core. Summit X450e
uses advanced security functions in protecting your network from known or potential threats. Extreme Networks
security oerings encompass three key areas: user and host integrity, threat detection and response, and hardened
network infrastructure. Furthermore, with policy-based routing, measures can be taken to provide confidentiality of
selective data in transit between internal network nodes.
User Authentication and Host
Integrity Checking
Network Login and Dynamic Security Profile
NetworkLogincapabilityimplementedinExtremeXOSenforces
useradmissionandusagepolicies.SummitX450eseries
switchessupportacomprehensiverangeofNetworkLogin
optionsbyprovidingan802.1xagent-basedapproach,a
Web-based(agent-less)logincapabilityforguests,anda
MAC-basedauthenticationmodelfordevices.Withthesemodes
ofNetworkLogin,onlyauthorizedusersanddevicescan
connecttothenetworkandbeassignedtotheappropriate
VLAN.TheUniversalPortscriptingframeworkavailablein
SummitX450eletsyouimplementDynamicSecurityProles,
whichinsyncwithNetworkLoginallowsyoutoimplement
ne-grainedandrobustsecuritypolicies.Uponauthentication,
theswitchcanloaddynamicACLs/QoSprolesforauseror
groupofusers,todeny/allowtheaccesstotheapplication
serversorsegmentswithinthenetwork.
Multiple Supplicant Support
Sharedportsrepresentapotentialvulnerabilityinanetwork.
Multiplesupplicantcapabilityonaswitchallowsittouniquely
authenticateandapplytheappropriatepoliciesandVLANsfor
eachuserordeviceonasharedport.
MultiplesupplicantsupportsecuresIPTelephonyandwireless
access.Convergednetworkdesignsofteninvolvetheuseof
sharedports.
Media Access Control (MAC) Lockdown
MAClockdownsecuresprinters,wirelessAPsandservers.The
MACaddresssecurity/lockdownfeatureallowsSummitX450e
toblockaccesstoanyEthernetportwhentheMACaddressof
astationattemptingtoaccesstheportisdierentfromthe
conguredMACaddress.Thisfeatureisusedto“lockdown”any
devicetoaspecicport.
Host Integrity Checking
Hostintegritycheckinghelpskeepinfectedornon-compliant
machinesothenetwork.SummitX450eseriesswitches
supportahostintegrityorendpointintegritysolutionthatis
basedonthemodelfromtheTrustedComputingGroup.
Identity Manager
IdentityManagerallowsnetworkmanagerstotrackuserswho
accesstheirnetwork.Useridentityiscapturedbasedon
NetLoginauthentication,LLDPdiscoveryandKerberos
snooping.ExtremeXOSusestheinformationtothenreporton
theMAC,VLAN,computerhostname,andportlocationofthe
user.Further,IdentityManagercancreatebothrolesandpolicies,
andthenbindthemtogethertocreaterole-basedprolesbased
onorganizationalstructureorotherlogicalgroupings,andapply
themacrossmultipleuserstoallowappropriateaccessto
networkresources.Inaddition,supportforWideKeyACLs
furtherimprovessecuritybygoingbeyondthetypicalsource/
destinationandMACaddressasidenticationcriteriaaccess
mechanismtoprovidelteringcapabilities.
Network Intrusion Detection and
Response
CLEAR-Flow Security Rules Engine
CLEAR-FlowSecurityRulesEngineprovidesrstorderthreat
detectionandmitigation,andmirrorstractoappliancesfor
furtheranalysisofsuspicioustracinthenetwork.
Hardware-based sFlow Sampling
sFlowisasamplingtechnologythatprovidestheabilityto
continuouslymonitorapplication-leveltracowsonall
interfacessimultaneously.ThesFlowagentisasoftwareprocess
thatrunsonSummitX450eandpackagesdataintosFlow
datagramsthataresentoverthenetworktoansFlowcollector.
Thecollectorgivesanup-to-the-minuteviewoftracacross
theentirenetwork,providingtheabilitytotroubleshoot
networkproblems,controlcongestionanddetectnetwork
securitythreats.
Port Mirroring
Toallowthreatdetectionandprevention,SummitX450e
switchessupportmany-to-oneandone-to-manyportmirroring.
Thisallowsthemirroringoftractoanexternalnetwork
appliancesuchasanintrusiondetectiondevicefortrendanalysis
orforutilizationbyanetworkadministratorfordiagnostic
purposes.Portmirroringcanalsobeenabledacrossswitchesin
astack.
Comments to this Manuals