Extreme Networks Summit X450-24x User Manual download pdf (Page 6)

Extreme Networks Data Sheet: Summit X450e Series

Comprehensive Security Management

Implementing a secure network means providing protection at the network perimeter as well as the core. Summit X450e

uses advanced security functions in protecting your network from known or potential threats. Extreme Networks

security oerings encompass three key areas: user and host integrity, threat detection and response, and hardened

network infrastructure. Furthermore, with policy-based routing, measures can be taken to provide conﬁdentiality of

selective data in transit between internal network nodes.

User Authentication and Host

Integrity Checking

Network Login and Dynamic Security Proﬁle

NetworkLogincapabilityimplementedinExtremeXOSenforces

useradmissionandusagepolicies.SummitX450eseries

switchessupportacomprehensiverangeofNetworkLogin

optionsbyprovidingan802.1xagent-basedapproach,a

Web-based(agent-less)logincapabilityforguests,anda

MAC-basedauthenticationmodelfordevices.Withthesemodes

ofNetworkLogin,onlyauthorizedusersanddevicescan

connecttothenetworkandbeassignedtotheappropriate

VLAN.TheUniversalPortscriptingframeworkavailablein

SummitX450eletsyouimplementDynamicSecurityProles,

whichinsyncwithNetworkLoginallowsyoutoimplement

ne-grainedandrobustsecuritypolicies.Uponauthentication,

theswitchcanloaddynamicACLs/QoSprolesforauseror

groupofusers,todeny/allowtheaccesstotheapplication

serversorsegmentswithinthenetwork.

Multiple Supplicant Support

Sharedportsrepresentapotentialvulnerabilityinanetwork.

Multiplesupplicantcapabilityonaswitchallowsittouniquely

authenticateandapplytheappropriatepoliciesandVLANsfor

eachuserordeviceonasharedport.

MultiplesupplicantsupportsecuresIPTelephonyandwireless

access.Convergednetworkdesignsofteninvolvetheuseof

sharedports.

Media Access Control (MAC) Lockdown

MAClockdownsecuresprinters,wirelessAPsandservers.The

MACaddresssecurity/lockdownfeatureallowsSummitX450e

toblockaccesstoanyEthernetportwhentheMACaddressof

astationattemptingtoaccesstheportisdierentfromthe

conguredMACaddress.Thisfeatureisusedto“lockdown”any

devicetoaspecicport.

Host Integrity Checking

Hostintegritycheckinghelpskeepinfectedornon-compliant

machinesothenetwork.SummitX450eseriesswitches

supportahostintegrityorendpointintegritysolutionthatis

basedonthemodelfromtheTrustedComputingGroup.

Identity Manager

IdentityManagerallowsnetworkmanagerstotrackuserswho

accesstheirnetwork.Useridentityiscapturedbasedon

NetLoginauthentication,LLDPdiscoveryandKerberos

snooping.ExtremeXOSusestheinformationtothenreporton

theMAC,VLAN,computerhostname,andportlocationofthe

user.Further,IdentityManagercancreatebothrolesandpolicies,

andthenbindthemtogethertocreaterole-basedprolesbased

onorganizationalstructureorotherlogicalgroupings,andapply

themacrossmultipleuserstoallowappropriateaccessto

networkresources.Inaddition,supportforWideKeyACLs

furtherimprovessecuritybygoingbeyondthetypicalsource/

destinationandMACaddressasidenticationcriteriaaccess

mechanismtoprovidelteringcapabilities.

Network Intrusion Detection and

Response

CLEAR-Flow Security Rules Engine

CLEAR-FlowSecurityRulesEngineprovidesrstorderthreat

detectionandmitigation,andmirrorstractoappliancesfor

furtheranalysisofsuspicioustracinthenetwork.

Hardware-based sFlow Sampling

sFlowisasamplingtechnologythatprovidestheabilityto

continuouslymonitorapplication-leveltracowsonall

interfacessimultaneously.ThesFlowagentisasoftwareprocess

thatrunsonSummitX450eandpackagesdataintosFlow

datagramsthataresentoverthenetworktoansFlowcollector.

Thecollectorgivesanup-to-the-minuteviewoftracacross

theentirenetwork,providingtheabilitytotroubleshoot

networkproblems,controlcongestionanddetectnetwork

securitythreats.

Port Mirroring

Toallowthreatdetectionandprevention,SummitX450e

switchessupportmany-to-oneandone-to-manyportmirroring.

Thisallowsthemirroringoftractoanexternalnetwork

appliancesuchasanintrusiondetectiondevicefortrendanalysis

orforutilizationbyanetworkadministratorfordiagnostic

purposes.Portmirroringcanalsobeenabledacrossswitchesin

astack.

1 2 3 4 5 6 7 8 9 10 11 ... 14 15

Comments to this Manuals

No comments

Extreme Networks Summit X450-24x User Manual Page 6

Comments to this Manuals

Related products and manuals for Network switches Extreme Networks Summit X450-24x