Huawei S3700-28TP-PWR-SI 02354133 User Manual
Product codes
02354133
AAA
The S3700 supports the Authentication, Authorization, and Accounting (AAA). Using AAA
and hierarchical command protection, the S3700 can authenticate and authorize login users. In
addition, it can authenticate the NMS administrator. AAA effectively prevents unauthorized
users from logging in to the S3700.
and hierarchical command protection, the S3700 can authenticate and authorize login users. In
addition, it can authenticate the NMS administrator. AAA effectively prevents unauthorized
users from logging in to the S3700.
The S3700 supports authentication methods such as local authentication, RADIUS
authentication, and HWTACAS+ authentication.
authentication, and HWTACAS+ authentication.
CPU Channel Protection
The S3700 can filter the protocol packets and management packets sent to the CPU based on
the protocol ID, interface, and combination of interface and VLAN. This protects the CPU
channels against Denial of Service (DoS) attacks.
the protocol ID, interface, and combination of interface and VLAN. This protects the CPU
channels against Denial of Service (DoS) attacks.
Limit of MAC Address Learning on Interfaces
You can set the maximum number of MAC addresses learned by an interface on the S3700 to
prevent hackers from initiating source MAC address attack from the interface. This ensures that
the MAC address entries of the S3700 will not be used up.
prevent hackers from initiating source MAC address attack from the interface. This ensures that
the MAC address entries of the S3700 will not be used up.
4.6.2 Service Security
VLAN
The S3700 supports the division of a LAN into multiple VLANs. Devices on different VLANs
cannot communicate with each other. This isolates broadcast domains and improves service
security.
cannot communicate with each other. This isolates broadcast domains and improves service
security.
Blackhole MAC Address Entry
The S3700 supports blackhole MAC address entries. When receiving a packet, the S3700
compares the source or destination MAC address of the packet with its MAC address entries. If
the source or destination MAC address of packet is the same as a blackhole MAC address, the
S3700 discards the packet.
compares the source or destination MAC address of the packet with its MAC address entries. If
the source or destination MAC address of packet is the same as a blackhole MAC address, the
S3700 discards the packet.
When detecting attacking packets from a MAC address, you can set a blackhole MAC address
entry on the S3700 to filter out the packets with the MAC address.
entry on the S3700 to filter out the packets with the MAC address.
MAC Table Searching Based on VLAN+MAC
The S3700 supports MAC table searching based on VLANs and MAC addresses to improve
interface security. You can add static MAC address entries in the MAC table to map specific
MAC addresses to interfaces. In this way, specific devices are bound to interfaces so that hackers
cannot attack the S3700 by using fake MAC addresses.
interface security. You can add static MAC address entries in the MAC table to map specific
MAC addresses to interfaces. In this way, specific devices are bound to interfaces so that hackers
cannot attack the S3700 by using fake MAC addresses.
Port Isolation
Port isolation prevents ports on the same S3700 from sending Layer 2 packets to each other. The
S3700 supports unidirectional and bidirectional port isolation. Port isolation ensures security of
user networks and helps to construct low-cost intelligent community networks. Port isolation
also limits unnecessary broadcast packets and thus increases network throughput.
S3700 supports unidirectional and bidirectional port isolation. Port isolation ensures security of
user networks and helps to construct low-cost intelligent community networks. Port isolation
also limits unnecessary broadcast packets and thus increases network throughput.
S3700HI Ethernet Switches
Product Description
Product Description
4 Service Features
Issue 05 (2012-10-20)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
27