Техническая Спецификация для Extreme networks Summit X450a-24x 16155
Модели
16155
© 2010 Extreme Networks, Inc. All rights reserved.
Summit X450a Series—Page 4
Extreme Networks Data Sheet
Comprehensive Security
User Authentication and Host
Integrity Checking
Network Login and
Dynamic Security Profile
Summit X450a series switches support a
comprehensive range of Network Login
options by providing an 802.1x agent-
based approach, a Web-based (agent-less)
login capability, and a MAC-based
authentication model. With these modes
of Network Login, only authorized users
and devices can connect to the network
and be assigned to the appropriate
VLAN. The Universal Port feature
available in Summit X450a lets you
implement Dynamic Security Profiles
with Network Login and allows you to
implement fine-grained and robust
security policies. Upon authentication,
the switch can load dynamic ACL/QoS
for a user or group of users to deny/allow
access to the application servers or
segments within the network.
comprehensive range of Network Login
options by providing an 802.1x agent-
based approach, a Web-based (agent-less)
login capability, and a MAC-based
authentication model. With these modes
of Network Login, only authorized users
and devices can connect to the network
and be assigned to the appropriate
VLAN. The Universal Port feature
available in Summit X450a lets you
implement Dynamic Security Profiles
with Network Login and allows you to
implement fine-grained and robust
security policies. Upon authentication,
the switch can load dynamic ACL/QoS
for a user or group of users to deny/allow
access to the application servers or
segments within the network.
Multiple Supplicant Support
Converged network designs often
involve the use of shared ports that
represent a potential vulnerability in a
network. Multiple supplicant capabilities
on a switch allow it to uniquely recognize
and apply the appropriate policies for
each user or device on a shared port.
involve the use of shared ports that
represent a potential vulnerability in a
network. Multiple supplicant capabilities
on a switch allow it to uniquely recognize
and apply the appropriate policies for
each user or device on a shared port.
MAC Security
MAC security allows the lockdown of a
port to a given MAC address and limiting
the number of MAC addresses on a port.
This can be used to dedicate ports to
specific hosts or devices such as VoIP
phones or printers, and avoid abuse of
the port—an interesting capability
specifically in environments such as
hotels. In addition, an aging timer can be
configured for the MAC lockdown,
protecting the network from the effects
of attacks using (often rapidly) changing
MAC addresses.
port to a given MAC address and limiting
the number of MAC addresses on a port.
This can be used to dedicate ports to
specific hosts or devices such as VoIP
phones or printers, and avoid abuse of
the port—an interesting capability
specifically in environments such as
hotels. In addition, an aging timer can be
configured for the MAC lockdown,
protecting the network from the effects
of attacks using (often rapidly) changing
MAC addresses.
IP Security
ExtremeXOS IP security framework
protects the network infrastructure,
network services such as DHCP and
DNS, and host computers from spoofing
and man-in-the-middle attacks. It also
protects the network from statically
configured and/or spoofed IP addresses.
It builds an external trusted database of
MAC/IP/port bindings so you know
where traffic from a specific address
comes from for immediate defense.
protects the network infrastructure,
network services such as DHCP and
DNS, and host computers from spoofing
and man-in-the-middle attacks. It also
protects the network from statically
configured and/or spoofed IP addresses.
It builds an external trusted database of
MAC/IP/port bindings so you know
where traffic from a specific address
comes from for immediate defense.
Identity Management
Identity Management allows customers to
track users who access their network. User
identity is captured based on NetLogin
authentication, LLDP discovery and
Kerberos snooping. ExtremeXOS uses the
information to then report on the MAC,
VLAN, computer hostname, and port
location of the user.
track users who access their network. User
identity is captured based on NetLogin
authentication, LLDP discovery and
Kerberos snooping. ExtremeXOS uses the
information to then report on the MAC,
VLAN, computer hostname, and port
location of the user.
Host Integrity
Host integrity checking keeps infected or
non-compliant machines off the network.
Summit X450a series support a host and
endpoint integrity solution that is based
on a model promoted by the Trusted
Computing Group by interfacing with
Extreme Networks endpoint security
product, Sentriant AG.
non-compliant machines off the network.
Summit X450a series support a host and
endpoint integrity solution that is based
on a model promoted by the Trusted
Computing Group by interfacing with
Extreme Networks endpoint security
product, Sentriant AG.
Threat Detection and Response
CLEAR-Flow Security Rules Engine
CLEAR-Flow Security Rules Engine
provides first order threat detection and
mitigation, and mirrors traffic to appliances
for further analysis of suspicious traffic in
the network.
provides first order threat detection and
mitigation, and mirrors traffic to appliances
for further analysis of suspicious traffic in
the network.
sFlow
sFlow
®
is a sampling technology that provides
the ability to sample application level traffic
flows on all interfaces simultaneously.
flows on all interfaces simultaneously.
Port Mirroring
To allow threat detection and prevention,
Summit X450a switches support many-to-one
and one-to-many port mirroring. This
allows the mirroring of traffic to an external
network appliance such as an intrusion
detection device for trend analysis or for
utilization by a network administrator for
diagnostic purposes. Port mirroring can
also be enabled across switches in a stack.
Summit X450a switches support many-to-one
and one-to-many port mirroring. This
allows the mirroring of traffic to an external
network appliance such as an intrusion
detection device for trend analysis or for
utilization by a network administrator for
diagnostic purposes. Port mirroring can
also be enabled across switches in a stack.
Line-Rate ACLs
ACLs are one of the most powerful
components used in controlling network
resource utilization as well as protecting
the network. The Summit X450a series
supports up to 2,048 centralized ACLs per
24-port block based on Layer 2, 3 or 4
header information such as the MAC or IP
source/destination address.
components used in controlling network
resource utilization as well as protecting
the network. The Summit X450a series
supports up to 2,048 centralized ACLs per
24-port block based on Layer 2, 3 or 4
header information such as the MAC or IP
source/destination address.
Denial of Service Protection
Summit X450a effectively handles DoS
attacks. If the switch detects an unusually
large number of packets in the CPU input
queue, it will assemble ACLs that automati-
attacks. If the switch detects an unusually
large number of packets in the CPU input
queue, it will assemble ACLs that automati-
cally stop these packets from reaching the
CPU. After a period of time, these ACLs are
removed and reinstalled if the attack
continues. ASIC-based LPM routing
eliminates the need for control plane
software to learn new flows, allowing more
network resilience against DoS attacks.
CPU. After a period of time, these ACLs are
removed and reinstalled if the attack
continues. ASIC-based LPM routing
eliminates the need for control plane
software to learn new flows, allowing more
network resilience against DoS attacks.
Secure and Comprehensive
Network Management
As the network becomes a foundation of the
enterprise application, network management
becomes an important piece of solution.
Summit X450a supports comprehensive
network management through Command
Line Interface (CLI), SNMP v1, v2c, v3, and
the embedded XML-based web user
interface, ExtremeXOS ScreenPlay™. With
a variety of management options and
consistency across other Extreme Networks
modular and stackable switches, Summit X450a
series switches provide ease-of-management
for demanding converged applications.
enterprise application, network management
becomes an important piece of solution.
Summit X450a supports comprehensive
network management through Command
Line Interface (CLI), SNMP v1, v2c, v3, and
the embedded XML-based web user
interface, ExtremeXOS ScreenPlay™. With
a variety of management options and
consistency across other Extreme Networks
modular and stackable switches, Summit X450a
series switches provide ease-of-management
for demanding converged applications.
Extreme Networks has developed tools that
help save you time and resources in
managing your network. EPICenter
help save you time and resources in
managing your network. EPICenter
®
management suite provides fault, configura-
tion, accounting, performance and security
functions,allowing more effective manage-
ment of Extreme Networks multi-layer
switching equipment in a converged network.
tion, accounting, performance and security
functions,allowing more effective manage-
ment of Extreme Networks multi-layer
switching equipment in a converged network.
Implementing a secure network means providing protection at the network perimeter as well as the core. Working together with
Extreme Networks Sentriant
Extreme Networks Sentriant
®
family of products, Summit X450a switches use advanced security functions in protecting your
network from known or potential threats.
Figure 3: Automated Attack Mitigation