Extreme networks EPS-500 External AC PSU 10911 Data Sheet
Product codes
10911
© 2010 Extreme Networks, Inc. All rights reserved.
Summit X350 Series—Page 4
Extreme Networks Data Sheet
Comprehensive Security
User Authentication and
Host Integrity Checking
Network Login
Network Login capability enforces user
admission and usage policies. Summit X350
series switches support a comprehensive
range of Network Login options by providing
an 802.1x agent-based approach, a Web-based
(agent-less) login capability for guests, and a
MAC-based authentication model for
devices. With these modes of Network Login,
only authorized users and devices are
permitted to connect to the network and be
assigned to the appropriate VLAN.
admission and usage policies. Summit X350
series switches support a comprehensive
range of Network Login options by providing
an 802.1x agent-based approach, a Web-based
(agent-less) login capability for guests, and a
MAC-based authentication model for
devices. With these modes of Network Login,
only authorized users and devices are
permitted to connect to the network and be
assigned to the appropriate VLAN.
Multiple Supplicant Support
Shared ports represent a potential vulner-
ability in a network. Multiple supplicant
capability on a switch allows it to uniquely
authenticate and apply the appropriate
policies and VLANs for each user or device
on a shared port.
ability in a network. Multiple supplicant
capability on a switch allows it to uniquely
authenticate and apply the appropriate
policies and VLANs for each user or device
on a shared port.
Multiple supplicant support helps secure
IP Telephony and wireless access.
Converged network designs often involve
the use of shared ports (see Figure 2).
IP Telephony and wireless access.
Converged network designs often involve
the use of shared ports (see Figure 2).
Host Integrity Checking
Host integrity checking helps keep infected
or non-compliant machines off the network.
Summit X350 series switches support a
host integrity or endpoint integrity solution
that is based on the model from the Trusted
Computing Group. Summit X350 interfaces
with Sentriant AG200 endpoint security
appliance from Extreme Networks to verify
or non-compliant machines off the network.
Summit X350 series switches support a
host integrity or endpoint integrity solution
that is based on the model from the Trusted
Computing Group. Summit X350 interfaces
with Sentriant AG200 endpoint security
appliance from Extreme Networks to verify
that each endpoint meets the security
policies that have been set, and quarantines
those that are not in compliance.
policies that have been set, and quarantines
those that are not in compliance.
Extensive MAC and
IP Security Functionality
MAC Security
MAC security allows the lockdown of a port to
a given MAC address and to limit the number
of MAC addresses on a port. MAC security can
be used to dedicate ports to specific hosts or
devices such as VoIP phones or printers and
avoid abuse of the port—an interesting
capability specifically in environments such as
hotels. In addition, an aging timer can be
configured for the MAC lockdown, protecting
the network from the effects of attacks using
(often rapidly) changing MAC addresses.
a given MAC address and to limit the number
of MAC addresses on a port. MAC security can
be used to dedicate ports to specific hosts or
devices such as VoIP phones or printers and
avoid abuse of the port—an interesting
capability specifically in environments such as
hotels. In addition, an aging timer can be
configured for the MAC lockdown, protecting
the network from the effects of attacks using
(often rapidly) changing MAC addresses.
IP Security
ExtremeXOS IP Security Framework helps
protect the network infrastructure, network
services such as DHCP and DNS and host
computers from spoofing and man-in-the
middle attacks. It also helps protect the
network from statically configured and/or
spoofed IP addresses and builds an external
trusted database of MAC/IP/port bindings
providing the traffic’s source from a specific
address for immediate defense.
protect the network infrastructure, network
services such as DHCP and DNS and host
computers from spoofing and man-in-the
middle attacks. It also helps protect the
network from statically configured and/or
spoofed IP addresses and builds an external
trusted database of MAC/IP/port bindings
providing the traffic’s source from a specific
address for immediate defense.
Identity Management
Identity Management allows customers to
track users who access their network. User
identity is captured based on NetLogin
authentication, LLDP discovery and
Kerberos snooping. ExtremeXOS uses the
track users who access their network. User
identity is captured based on NetLogin
authentication, LLDP discovery and
Kerberos snooping. ExtremeXOS uses the
information to then report on the MAC,
VLAN, computer hostname, and port
location of the user.
VLAN, computer hostname, and port
location of the user.
Network Intrusion Detection
and Response
Hardware-Based sFlow
Sampling
sFlow
®
is a sampling technology that provides
the ability to continuously monitor applica-
tion- level traffic flows on all interfaces
simultaneously. The sFlow agent is a
software process that runs on Summit X350
switches and packages data into sFlow
datagrams that are sent over the network
to an sFlow collector. The collector gives
an up-to-the minute view of traffic across
the entire network, providing the ability
to troubleshoot network problems,
control congestion and detect network
security threats.
tion- level traffic flows on all interfaces
simultaneously. The sFlow agent is a
software process that runs on Summit X350
switches and packages data into sFlow
datagrams that are sent over the network
to an sFlow collector. The collector gives
an up-to-the minute view of traffic across
the entire network, providing the ability
to troubleshoot network problems,
control congestion and detect network
security threats.
Port Mirroring
To allow threat detection and prevention,
Summit X350 switches support many-to-one
and one-to-many port mirroring. This allows
the mirroring of traffic to an external
network appliance such as an intrusion
detection device for trend analysis or for
utilization by a network administrator for
diagnostic purposes.
Summit X350 switches support many-to-one
and one-to-many port mirroring. This allows
the mirroring of traffic to an external
network appliance such as an intrusion
detection device for trend analysis or for
utilization by a network administrator for
diagnostic purposes.
Line-Rate ACLs
ACLs are one of the most powerful compo-
nents used in controlling network resource
utilization as well as protecting the network.
Summit X350 switches support 1,024
centralized ACLs per 24-port block based on
Layer 2, 3, or 4 header information such as
the MAC, IPv4 and IPv6 address or TCP/
UDP port.
nents used in controlling network resource
utilization as well as protecting the network.
Summit X350 switches support 1,024
centralized ACLs per 24-port block based on
Layer 2, 3, or 4 header information such as
the MAC, IPv4 and IPv6 address or TCP/
UDP port.
Denial of Service Protection
Summit X350 can effectively handle DoS
attacks. If the switch detects an unusually
large number of packets in the CPU input
queue, it will assemble ACLs that automat-
ically stop these packets from reaching
the CPU. After a period of time, these
ACLs are removed, and reinstalled if the
attack continues.
attacks. If the switch detects an unusually
large number of packets in the CPU input
queue, it will assemble ACLs that automat-
ically stop these packets from reaching
the CPU. After a period of time, these
ACLs are removed, and reinstalled if the
attack continues.
Secure Management
To prevent management data from being
intercepted or altered by unauthorized
access, Summit X350 supports SSH2, SCP
and SNMPv3 protocols.
intercepted or altered by unauthorized
access, Summit X350 supports SSH2, SCP
and SNMPv3 protocols.
Implementing a secure network means providing protection at the network perimeter as well as the core. Working together with
the Sentriant
®
family of products from Extreme Networks, Summit X350 series switches use advanced security functions to help
protect your network from known or potential threats. Security offerings from Extreme Networks encompass three key areas:
user and host integrity, threat detection and response, and hardened network infrastructure.
Summit X350 offers multiple supplicant support which helps provide
per-MAC based authentication with dynamic VLAN allocation
`
`
`
VLAN Green
VLAN Orange
VLAN Purple
Rogue Clients
`
`
`
`
`
Figure 2: Multiple Supplicant Support