Техническая Спецификация для Extreme networks Summit X450 Stacking Cable, 1.5 m 16107
Модели
16107
© 2010 Extreme Networks, Inc. All rights reserved.
Summit X450e Series—Page 4
Extreme Networks Data Sheet
Comprehensive Security
User Authentication and
Host Integrity Checking
Network Login and
Dynamic Security Profile
Network Login capability implemented
in ExtremeXOS enforces user admission
and usage policies. Summit X450e series
switches support a comprehensive range
of Network Login options by providing
an 802.1x agent-based approach, a Web-
based (agent-less) login capability for
guests, and a MAC-based authentication
model for devices. With these modes of
Network Login, only authorized users
and devices can connect to the network
and be assigned to the appropriate VLAN.
The Universal Port scripting framework
available in Summit X450e lets you
implement Dynamic Security Profiles,
which in sync with Network Login allows
you to implement fine-grained and robust
security policies. Upon authentication,
the switch can load dynamic ACL/QoS
for a user or group of users, to deny/allow
the access to the application servers or
segments within the network.
in ExtremeXOS enforces user admission
and usage policies. Summit X450e series
switches support a comprehensive range
of Network Login options by providing
an 802.1x agent-based approach, a Web-
based (agent-less) login capability for
guests, and a MAC-based authentication
model for devices. With these modes of
Network Login, only authorized users
and devices can connect to the network
and be assigned to the appropriate VLAN.
The Universal Port scripting framework
available in Summit X450e lets you
implement Dynamic Security Profiles,
which in sync with Network Login allows
you to implement fine-grained and robust
security policies. Upon authentication,
the switch can load dynamic ACL/QoS
for a user or group of users, to deny/allow
the access to the application servers or
segments within the network.
Multiple Supplicant Support
Shared ports represent a potential
vulnerability in a network. Multiple
supplicant capability on a switch allows
it to uniquely authenticate and apply the
appropriate policies and VLANs for each
user or device on a shared port.
vulnerability in a network. Multiple
supplicant capability on a switch allows
it to uniquely authenticate and apply the
appropriate policies and VLANs for each
user or device on a shared port.
Multiple supplicant support secures IP
Telephony and wireless access. Converged
network designs often involve the use of
shared ports.
Telephony and wireless access. Converged
network designs often involve the use of
shared ports.
Media Access Control (MAC)
MAC lockdown secures printers, wireless
APs and servers. The MAC address
security/lockdown feature allows
Summit X450e to block access to any
Ethernet port when the MAC address of
a station attempting to access the port is
different from the configured MAC
address. This feature is used to “lock
down” any device to a specific port.
APs and servers. The MAC address
security/lockdown feature allows
Summit X450e to block access to any
Ethernet port when the MAC address of
a station attempting to access the port is
different from the configured MAC
address. This feature is used to “lock
down” any device to a specific port.
Host Integrity Checking
Host integrity checking helps keep infected
or non-compliant machines off the network.
Summit X450e series switches support a
host integrity or endpoint integrity solution
that is based on the model from the Trusted
Computing Group. Summit X450e interfaces
with Sentriant AG200 endpoint security
appliance from Extreme Networks to verify
that each endpoint meets the security
policies that have been set and quarantines
those that are not in compliance.
or non-compliant machines off the network.
Summit X450e series switches support a
host integrity or endpoint integrity solution
that is based on the model from the Trusted
Computing Group. Summit X450e interfaces
with Sentriant AG200 endpoint security
appliance from Extreme Networks to verify
that each endpoint meets the security
policies that have been set and quarantines
those that are not in compliance.
Identity Management
Identity Management allows customers to
track users who access their network. User
identity is captured based on NetLogin
authentication, LLDP discovery and
Kerberos snooping. ExtremeXOS uses the
information to then report on the MAC,
VLAN, computer hostname, and port
location of the user.
track users who access their network. User
identity is captured based on NetLogin
authentication, LLDP discovery and
Kerberos snooping. ExtremeXOS uses the
information to then report on the MAC,
VLAN, computer hostname, and port
location of the user.
Network Intrusion Detection
and Response
Hardware-based sFlow Sampling
sFlow is a sampling technology that provides
the ability to continuously monitor
application-level traffic flows on all interfaces
simultaneously. The sFlow agent is a software
process that runs on Summit X450e and
packages data into sFlow datagrams that are
sent over the network to an sFlow collector.
The collector gives an up-to-the-minute view
of traffic across the entire network, providing
the ability to troubleshoot network prob-
lems, control congestion and detect network
security threats.
the ability to continuously monitor
application-level traffic flows on all interfaces
simultaneously. The sFlow agent is a software
process that runs on Summit X450e and
packages data into sFlow datagrams that are
sent over the network to an sFlow collector.
The collector gives an up-to-the-minute view
of traffic across the entire network, providing
the ability to troubleshoot network prob-
lems, control congestion and detect network
security threats.
Port Mirroring
To allow threat detection and prevention,
Summit X450e switches support many-to-one
and one-to-many port mirroring. This allows
the mirroring of traffic to an external
network appliance such as an intrusion
detection device for trend analysis or for
utilization by a network administrator for
diagnostic purposes. Port mirroring can
also be enabled across switches in a stack.
Summit X450e switches support many-to-one
and one-to-many port mirroring. This allows
the mirroring of traffic to an external
network appliance such as an intrusion
detection device for trend analysis or for
utilization by a network administrator for
diagnostic purposes. Port mirroring can
also be enabled across switches in a stack.
Line-Rate ACLs
ACLs are one of the most powerful
components used in controlling network
resource utilization as well as protecting
the network. Summit X450e switches
support 1,024 centralized ACLs per 24-port
block based on Layer 2, 3 or 4-header
information such as the MAC or IP source/
destination address.
components used in controlling network
resource utilization as well as protecting
the network. Summit X450e switches
support 1,024 centralized ACLs per 24-port
block based on Layer 2, 3 or 4-header
information such as the MAC or IP source/
destination address.
Denial of Service Protection
Summit X450e switches effectively handle
DoS attacks. If the switch detects an
unusually large number of packets in the
CPU input queue, it will assemble ACLs
that automatically stop these packets from
reaching the CPU. After a period of time,
these ACLs are removed, and reinstalled if
the attack continues. ASIC-based LPM
routing eliminates the need for control
plane software to learn new flows, allowing
more network resilience against DoS attacks.
DoS attacks. If the switch detects an
unusually large number of packets in the
CPU input queue, it will assemble ACLs
that automatically stop these packets from
reaching the CPU. After a period of time,
these ACLs are removed, and reinstalled if
the attack continues. ASIC-based LPM
routing eliminates the need for control
plane software to learn new flows, allowing
more network resilience against DoS attacks.
Secure Management
To prevent management data from being
intercepted or altered by unauthorized
access, Summit X450e switches support
SSH2, SCP and SNMPv3 protocols. The MD5
hash algorithm used in authentication
prevents attackers from tampering with
valid data during routing sessions.
intercepted or altered by unauthorized
access, Summit X450e switches support
SSH2, SCP and SNMPv3 protocols. The MD5
hash algorithm used in authentication
prevents attackers from tampering with
valid data during routing sessions.
Implementing a secure network means providing protection at the network perimeter as well as the core. Working together with
the Sentriant
®
family of products from Extreme Networks, Summit X450e uses advanced security functions in protecting your
network from known or potential threats. Extreme Networks security offerings encompass three key areas: user and host
integrity, threat detection and response, and hardened network infrastructure. Furthermore, with policy-based routing, measures
can be taken to provide confidentiality of selective data in transit between internal network nodes.