Extreme Networks Summit X350-24t Datasheet Download Page 4

© 2009 Extreme Networks, Inc. All rights reserved. 

Summit X350 Series—Page 4

Extreme Networks Data Sheet

Comprehensive Security Using Defense-in-Depth 

User Authentication and  

Host Integrity Checking

Network Login 

Network Login capability enforces user 
admission and usage policies. Summit X350 
series switches support a comprehensive 
range of Network Login options by providing 
an 802.1x agent-based approach, a Web-based 
(agent-less) login capability for guests, and a 
MAC-based authentication model for 
devices. With these modes of Network Login, 
only authorized users and devices are 
permitted to connect to the network and be 
assigned to the appropriate VLAN. 

Multiple Supplicant Support

Shared ports represent a potential vulner-
ability in a network. Multiple supplicant 
capability on a switch allows it to uniquely 
authenticate and apply the appropriate 
policies and VLANs for each user or device 
on a shared port.

Multiple supplicant support helps secure 
IP Telephony and wireless access. 
Converged network designs often involve 
the use of shared ports (see Figure 2).

Host Integrity Checking

Host integrity checking helps keep infected 
or non-compliant machines off the network. 
Summit X350 series switches support a 
host integrity or endpoint integrity solution 
that is based on the model from the Trusted 
Computing Group. Summit X350 interfaces 
with Sentriant AG200 endpoint security 
appliance from Extreme Networks to verify 

that each endpoint meets the security 
policies that have been set, and quarantines 
those that are not in compliance.

Extensive MAC and  

IP Security Functionality

MAC Security

MAC security allows the lockdown of a port to 
a given MAC address and to limit the number 
of MAC addresses on a port. MAC security can 
be used to dedicate ports to specific hosts or 
devices such as VoIP phones or printers and 
avoid abuse of the port—an interesting 
capability specifically in environments such as 
hotels. In addition, an aging timer can be 
configured for the MAC lockdown, protecting 
the network from the effects of attacks using 
(often rapidly) changing MAC addresses. 

IP Security

ExtremeXOS IP Security Framework helps 
protect the network infrastructure, network 
services such as DHCP and DNS and host 
computers from spoofing and man-in-the 
middle attacks. It also helps protect the 
network from statically configured and/or 
spoofed IP addresses and builds an external 
trusted database of MAC/IP/port bindings 
providing the traffic’s source from a specific 
address for immediate defense. 

Network Intrusion Detection  

and Response 

Hardware-Based sFlow

 

Sampling

sFlow

® 

is a sampling technology that provides 

the ability to continuously monitor application- 

level traffic flows on all interfaces simultane-
ously. The sFlow agent is a software process 
that runs on Summit X350 switches and 
packages data into sFlow datagrams that are 
sent over the network to an sFlow collector. 
The collector gives an up-to-the minute view 
of traffic across the entire network, providing 
the ability to troubleshoot network problems, 
control congestion and detect network 
security threats.  

Port Mirroring

To allow threat detection and prevention, 
Summit X350 switches support many-to-one 
and one-to-many port mirroring. This allows 
the mirroring of traffic to an external 
network appliance such as an intrusion 
detection device for trend analysis or for 
utilization by a network administrator for 
diagnostic purposes. 

Line-Rate ACLs

ACLs are one of the most powerful compo-
nents used in controlling network resource 
utilization as well as protecting the network. 
Summit X350 switches support 1,024 
centralized ACLs per 24-port block based on 
Layer 2, 3, or 4 header information such as 
the MAC, IPv4 and IPv6 address or TCP/
UDP port. 

Denial of Service Protection

Summit X350 can effectively handle DoS 
attacks. If the switch detects an unusually 
large number of packets in the CPU input 
queue, it will assemble ACLs that automati-
cally stop these packets from reaching the 
CPU. After a period of time, these ACLs are 
removed, and reinstalled if the attack 
continues. 

Secure Management

To prevent management data from being 
intercepted or altered by unauthorized 
access, Summit X350 supports SSH2, SCP 
and SNMPv3 protocols. 

Implementing a secure network means providing protection at the network perimeter as well as the core. Working together with 

the Sentriant

®

 family of products from Extreme Networks, Summit X350 series switches use a defense-in-depth strategy to help 

protect your network from known or potential threats. Security offerings from Extreme Networks encompass three key areas: 

user and host integrity, threat detection and response, and hardened network infrastructure. 

Summit X350 offers multiple supplicant support which helps provide  

per-MAC based authentication with dynamic VLAN allocation

`

`

`

VLAN Green

VLAN Orange

VLAN Purple

Rogue Clients

`

`

`

`

`

Figure 2: Multiple Supplicant Support

Summary of Contents for Summit X350-24t

Page 1: ...rating system from edge to core Summit X350 series 24 or 48 port 10 100 1000 Gigabit Ethernet stand alone switches deliver outstanding performance in a simple enterprise edge solution with the revolut...

Page 2: ...02 1ab standards based discovery protocol and provides vendor independent device discovery LLDP not only simplifies deployment and location of access devices but can also be used as a troubleshooting...

Page 3: ...ls Summit X350 switches support Spanning Tree 802 1D Per VLAN Spanning Tree PVST Rapid Spanning Tree 802 1w and Multiple Instances of Spanning Tree 802 1s protocols for Layer 2 resiliency Link Aggrega...

Page 4: ...spoofed IP addresses and builds an external trusted database of MAC IP port bindings providing the traffic s source from a specific address for immediate defense Network Intrusion Detection and Respo...

Page 5: ...connectivity to the desktop in a network running ExtremeXOS from the core to the edge Summit X350 is deployed as an intelligent Gigabit Ethernet edge switch extending the benefits of the ExtremeXOS op...

Page 6: ...ng Protocols Access Policies for Telnet SSH 2 SCP 2 Network Login 802 1x Web and MAC based mechanisms IEEE 802 1x 2001 Port Based Network Access Control for Network Login Multiple supplicants with mul...

Page 7: ...nd Power 49 9 dBA Declared Sound Power 6 4 belsA per ISO 7779 ISO 9296 Bystander Sound Pressure in accordance with NEBS GR 63 Issue 2 Bystander Sound Pressure 39 7 dBA Summit X350 24t General Specific...

Page 8: ...PR 24 A2 2003 Class A International Immunity IEC EN 61000 4 2 2001 Electrostatic Discharge 8kV Contact 15 kV Air Criteria A EC EN 61000 4 3 2002 Radiated Immunity 10V m Criteria A EC EN 61000 4 4 2004...

Page 9: ...t Modules XGM2 Dual 10 Gigabit Ethernet Module XGM2 2bt XGM2 2sf XGM2 2xf XGM2 2xn Interface Type 10GBASE T SFP XFP XENPAK Supported Media UTP SFP Passive Copper SFP Optics XFP Optics XENPAK Optics Di...

Page 10: ...on Single mode Fiber SC Connector 10113 ZR XENPAK 10GBASE ZR XENPAK Transceiver 1550 nm up to 80 km on Single mode Fiber SC Connector 10114 LX4 XENPAK 10GBASE ER XENPAK Transceiver 1550 nm up to 40 k...

Reviews: