Description of Software Features
1-3
1
MAC address filtering and IP source guard also provide authenticated port access.
While DHCP snooping is provided to prevent malicious attacks from insecure ports.
Access Control Lists
– ACLs provide packet filtering for IPv4 frames (based on
address, protocol, Layer 4 protocol port number or TCP control code), IPv6 frames
(based on address, next header type, or flow label), or any frames (based on MAC
address or Ethernet type). ACLs can be used to improve performance by blocking
unnecessary network traffic or to implement security controls by restricting access to
specific network resources or protocols.
Port Configuration
– You can manually configure the speed, duplex mode, and
flow control used on specific ports, or use auto-negotiation to detect the connection
settings used by the attached device. Use full-duplex mode on ports whenever
possible to double the throughput of switch connections. Flow control should also be
enabled to control network traffic during periods of congestion and prevent the loss
of packets when port buffer thresholds are exceeded. The switch supports flow
control based on the IEEE 802.3x standard (now incorporated in IEEE 802.3-2002).
Rate Limiting
– This feature controls the maximum rate for traffic transmitted or
received on an interface. Rate limiting is configured on interfaces at the edge of a
network to limit traffic into or out of the network. Packets that exceed the acceptable
amount of traffic are dropped.
Port Mirroring
– The switch can unobtrusively mirror traffic from any port, VLAN or
packets with a specified MAC address to a monitor port. You can then attach a
protocol analyzer or RMON probe to this port to perform traffic analysis and verify
connection integrity.
Port Trunking
– Ports can be combined into an aggregate connection. Trunks can
be manually set up or dynamically configured using Link Aggregation Control
Protocol (LACP). The additional ports dramatically increase the throughput across
any connection, and provide redundancy by taking over the load if a port in the trunk
should fail. The switch supports up to 8 trunks.
Storm Control
– Broadcast, multicast and unknown unicast storm suppression
prevents traffic from overwhelming the network. When enabled on a port, the level of
traffic passing through the port is restricted. If traffic rises above a pre-defined
threshold, it will be throttled until the level falls back beneath the threshold.
Static Addresses
– A static address can be assigned to a specific interface on this
switch. Static addresses are bound to the assigned interface and will not be moved.
When a static address is seen on another interface, the address will be ignored and
will not be written to the address table. Static addresses can be used to provide
network security by restricting access for a known host to a specific port.
IP Address Filtering
– Access to insecure ports can be controlled using DHCP
Snooping which filters ingress traffic based on static IP addresses and addresses
stored in the DHCP Snooping table. Traffic can also be restricted to specific source
IP addresses or source IP/MAC address pairs based on static entries or entries
stored in the DHCP Snooping table.
Summary of Contents for 6152PL2 FICHE
Page 2: ......
Page 6: ...vi ...
Page 8: ...viii ...
Page 32: ...Tables xxxii ...
Page 38: ...Figures xxxviii ...
Page 56: ...Initial Configuration 2 10 2 ...
Page 378: ...Configuring the Switch 3 322 3 ...
Page 817: ......