14 MES1000, MES2000 Ethernet Switches
Switch function is to restrict IP traffic and filter it according to the match table
from DHCP snooping binding database and static configured IP addresses. This
function allows to prevent IP address spoofing.
Dynamic ARP Inspection
(Protection)
Switch function designed for protection from ARP protocol attacks. The switch
checks the message received from the untrusted port—if the IP address in the
body of received ARP packet matches the IP address of the sender.
If these addresses do not match, the switch drops this packet.
L2 – L3 – L4 ACL (Access
Control List)
Using information, contained in headers of level 2, 3 ,4, the administrator can
configure rules for processing or dropping packets.
Allows to configure the time frame for ACL operation.
Main blocking function—improve the network security; access to the switch port
will be granted only to those devices, whose MAC addresses have been assigned
for this port.
Port-based
authentication (802.1x)
IEEE 802.1x authentication mechanism manages access to resources through the
external server. Authorized users will gain access to the selected network
resources.
This function allows to complement PPPoE Discovery packets with the access
interface characterizing information. It is essential for the user interface
identification at the access server (BRAS, Broadband Remote Access Server).
2.2.7 Switch control functions
Table 2.7 — Switch control functions
Configuration file
download and upload
Device parameters are saved into the configuration file, that contains
configuration data for the specific device ports as well as for the whole system.
Trivial File Transfer
Protocol
TFTP protocol is used for file read and write operations. Protocol is based on UDP
transport protocol.
Devices are able to download and transfer configuration files and firmware images
via this protocol.
SCP (Secure Copy
protocol)
SCP is used for file read and write operations. Protocol is based on SSH network
protocol.
Devices are able to download and transfer configuration files and firmware images
via this protocol.
Remote monitoring (RMON)—means, that perform the monitoring of computer
networks, extension of SNMP. Compatible devices gather diagnostics data using
the network management station. RMON is the standard MIB database, that
contains actual and historic MAC level statistics and control objects, providing
real-time data.
SNMP protocol is used for monitoring and management of network devices. For
system access control purposes, the community record list is defined, where each
record contains access privileges.
Devices CLI management is performed locally via serial port RS-232, or remotely
via telnet, ssh. Console command line interface (CLI) is the industrial standard. CLI
interpreter contains the list of commands and keywords, that will help the user
and reduce the amount of input data.
Syslog is a protocol, designed for transmission of system event messages and error
notifications to remote servers.
To Next Page
Loading...
Need help?
General
