background image

Network Security 

Ethernet LANs are often deployed in environments that 
permit unauthorized devices to be physically attached to 
the LAN infrastructure, e.g. in areas of a building that are 
accessible to the general public, or in a shared business park 
or serviced offi ce building. Most importantly, these are areas 
where wireless networks are attached to the wired LAN. In 
such environments, it is important to restrict access of the 
services offered by the LAN to those users and devices that 
are permitted.

IEEE 802.1x port-based network access control provides a 
means of authenticating and authorizing devices attached 
to a LAN port. It can also prevent access to that port in 
cases where the authentication and authorization process 
fails. These ports can be:  switches, servers, routers or even 
wireless connections made between end-stations and access 
points in IEEE 802.11 Wireless LANs.

Traffi c prioritization & fi ltering

A switch is often a single-point-of failure in a network since 
it provides the connections between all the end-users and 
server resources. If anything goes wrong with the switch, then 
everything stops: email, fi le transfer and database access. 

Luckily most modern networking hardware is built robustly 
with redundant components and is unlikely to fail. What is 
more likely to go wrong is for the device to be swamped with 
traffi c and unable to operate normally. 

Port Trunking 

When large numbers of end-users need to access shared 
resources such as fi le servers or database storage, the 
connection to the server or storage device can become a 
bottleneck. For instance, it only takes 10 PCs with 100 Mbps 
connections performing transfers to and from a shared fi le 
server to saturate a 1 Gbps connection to the server.

The solution is to use Port Trunking or Link Aggregation 
Control Protocol (LACP) to bundle multiple connections and 
use the combined bandwidth as if it was a single fat pipe.  In 
the example shown in Figure 3 below, up to 80 users can 
perform simultaneous 100 Mbps transfers to 4 servers which 
are dual linked with 2 x 1 Gbps connections.

Figure 3: Ethernet Trunking

The ease-of-use and plug-and-play qualities of Ethernet are 
a result of the way new devices broadcast their addresses. 
Bridges and switches can learn of their existence without 
manual intervention. This can result in large amounts of traffi c 
being broadcasted and proliferated around the network. 

This traffi c can be controlled by:

•  

Using IEEE 802.1p to defi ne up to eight traffi c classes. 
These classes can be labeled as urgent, business critical 
and best-effort and the intervening switches and routers 
set up to prioritize the traffi c accordingly.

•  

Using VLANs to keep broadcast traffi c within its own 
broadcast domain.

•  

Filtering using Access Control Lists (ACLs) to restrict 
traffi c based on broadcast type.

•  

Generating alerts and alarms using SNMP traps should 
traffi c exceed certain thresholds.

Modern switches must provide these features if MIS 
managers don’t want to hear those dreaded words: “The 
network is down”.

SNMP Management Tool

The Simple Network Management Protocol (SNMP) is the 
established industry standard for managing all types of network 
devices. SNMP provides management of different network 
devices using a comprehensive set of Management Information 
Bases or MIBs. Using these MIBs, SNMP management tools can 
be used to install, confi gure, monitor and manage all kinds of 
network devices. SNMP provides support for traps and events. 
Thresholds and conditions can be defi ned on which certain 
actions are taken. These actions can range from generating 
a message on an operator screen, turning a device icon a 
different color on a network map or sending a text message or 
phone call to the person responsible for managing the network.

EliteView Management Software

For SNMP management, SMC makes available its advanced 
EliteView as a free download. EliteView is a Windows-based 
workgroup network management software solution with a 
streamlined, event-driven, modular architecture that makes 
managing hundreds of network nodes simple. It provides 
state-of-the-art utilities which allow you to:

•  

Generate a detailed hierarchical map of your entire 
network confi guration. 

•  

Maintain centralized boot services that provide network 
addresses and information on system fi les to download. 

•  

Monitor and log signifi cant events and statistics. 

•  

Automatically respond to network problems with a variety 
of actions. 

•  

Quickly fetch or set MIB variables for network devices.

•  

Remotely manage or reconfi gure both SMC and third-
party network devices.

•  

Use the full MIB Compiler for including other network 
devices.

Reviews: