Security Volume Organization

AAA

Authentication, Authorization and Accounting (AAA) provide a uniform framework used for configuring these three security functions to implement the network security management. This document describes:

l      Introduction to AAA, RADIUS and HWTACACS

l      AAA configuration

l      RADIUS configuration

l      HWTACACS configuration

802.1X

IEEE 802.1X (hereinafter simplified as 802.1X) is a port-based network access control protocol that is used as the standard for LAN user access authentication. This document describes:

l      802.1X overview

l      802.1X configuration

l      802.1X Guest-VLAN configuration

MAC Authentication

MAC authentication provides a way for authenticating users based on ports and MAC addresses; it requires no client software to be installed on the hosts. This document describes:

l      RADIUS-Based MAC Authentication

l      Local MAC Authentication

Portal

Portal authentication, as its name implies, helps control access to the Internet. This document describes:

l      Portal overview

l      Portal configuration

Port Security

Port security is a MAC address-based security mechanism for network access controlling. It is an extension to the existing 802.1X authentication and MAC authentication. This document describes:

l      Enabling Port Security

l      Setting the Maximum Number of Secure MAC Addresses

l      Setting the Port Security Mode

l      Configuring Port Security Features

l      Configuring Secure MAC Addresses

l      Ignoring Authorization Information from the Server

IP Source Guard

By filtering packets on a per-port basis, IP source guard prevents illegal packets from traveling through, thus improving the network security. This document describes:

l      Configuring a Static Binding Entry

l      Configuring Dynamic Binding Function

SSH2.0

SSH ensures secure login to a remote device in a non-secure network environment. By encryption and strong authentication, it protects the device against attacks. This document describes:

l      Configuring Asymmetric Keys

l      Configuring the Device as an SSH Server

l      Configuring the Device as an SSH Client

l      Configuring an SFTP Server

l      Configuring an SFTP Client

ACL

An ACL is used for identifying traffic based on a series of preset matching criteria. This document describes:

l      ACL overview and ACL types

l      ACL configuration