Extreme Networks IP and Ethernet services User Manual download pdf (Page 6)

Extreme Networks Data Sheet: Summit X450a Series

Comprehensive Security Management

Implementing a secure network means providing protection at the network perimeter as well as the core.

Summit X450a switches use advanced security functions in protecting your network from known or potential threats.

User Authentication and Host

Integrity Checking

Network Login and Dynamic Security Proﬁle

SummitX450aseriesswitchessupportacomprehensiverange

ofNetworkLoginoptionsbyprovidingan802.1xagent-based

approach,aWeb-based(agent-less)logincapability,anda

MAC-basedauthenticationmodel.WiththesemodesofNetwork

networkandbeassignedtotheappropriateVLAN.TheUniversal

PortfeatureavailableinSummitX450aletsyouimplement

DynamicSecurityProleswithNetworkLoginandallowsyouto

implementne-grainedandrobustsecuritypolicies.Upon

authentication,theswitchcanloaddynamicACL/QoSproles

forauserorgroupofuserstodeny/allowaccesstotheapplica-

tionserversorsegmentswithinthenetwork.

Multiple Supplicant Support

Convergednetworkdesignsofteninvolvetheuseofshared

portsthatrepresentapotentialvulnerabilityinanetwork.

Multiplesupplicantcapabilitiesonaswitchallowittouniquely

recognizeandapplytheappropriatepoliciesforeachuseror

deviceonasharedport.

Media Access Control (MAC) Lockdown

MACsecurityallowsthelockdownofaporttoagivenMAC

addressandlimitingthenumberofMACaddressesonaport.

Thiscanbeusedtodedicateportstospecichostsordevices

suchasVoIPphonesorprinters,andavoidabuseoftheport—a

capabilitythatcanbeespeciallyusefulinenvironmentssuchas

hotels.Inaddition,anagingtimercanbeconguredforthe

MAClockdown,protectingthenetworkfromtheeectsof

attacksusing(oftenrapidly)changingMACaddresses.

IP Security

ExtremeXOSIPsecurityframeworkprotectsthenetwork

infrastructure,networkservicessuchasDHCPandDNS,and

hostcomputersfromspoongandman-in-the-middleattacks.

Italsoprotectsthenetworkfromstaticallyconguredand/or

spoofedIPaddresses.Itbuildsanexternaltrusteddatabaseof

MAC/IP/portbindingssoyouknowwheretracfromaspecic

addresscomesfromforimmediatedefense.

Identity Manager

IdentityManagerallowsnetworkmanagerstotrackuserswho

accesstheirnetwork.Useridentityiscapturedbasedon

NetLoginauthentication,LLDPdiscoveryandKerberos

snooping.ExtremeXOSusestheinformationtothenreporton

theMAC,VLAN,computerhostname,andportlocationofthe

user.Further,IdentityManagercancreatebothrolesand

policies,andthenbindthemtogethertocreaterole-based

prolesbasedonorganizationalstructureorotherlogical

groupings,andapplythemacrossmultipleuserstoallow

appropriateaccesstonetworkresources.Inaddition,support

forWideKeyACLsfurtherimprovessecuritybygoingbeyond

thetypicalsource/destinationandMACaddressasidentica-

tioncriteriaaccessmechanismtoprovidelteringcapabilities.

Host Integrity

Hostintegritycheckingkeepsinfectedornon-compliant

machinesothenetwork.SummitX450aseriessupportahost

andendpointintegritysolutionthatisbasedonamodel

promotedbytheTrustedComputingGroup.

Threat Detection and Response

CLEAR-Flow Security Rules Engine

CLEAR-FlowSecurityRulesEngineprovidesrstorderthreat

detectionandmitigation,andmirrorstractoappliancesfor

furtheranalysisofsuspicioustracinthenetwork.

sFlow

sFlow®isasamplingtechnologythatprovidestheabilityto

sampleapplicationleveltracowsonallinterfaces

simultaneously.

Port Mirroring

Toallowthreatdetectionandprevention,SummitX450a

switchessupportmany-to-oneandone-to-manyportmirror-

ing.Thisallowsthemirroringoftractoanexternalnetwork

appliancesuchasanintrusiondetectiondevicefortrend

analysisorforutilizationbyanetworkadministratorfor

diagnosticpurposes.Portmirroringcanalsobeenabledacross

switchesinastack.

1 2 3 4 5 6 7 8 9 10 11 ... 16 17

Comments to this Manuals

No comments

Extreme Networks IP and Ethernet services User Manual Page 6

Comments to this Manuals

Related products and manuals for Networking Extreme Networks IP and Ethernet services