Extreme Networks 15101 manual User Authentication and Host Integrity Checking

Page 4

Extreme Networks Data Sheet

Comprehensive Security

Implementing a secure network means providing protection at the network perimeter as well as the core. Working together with the Sentriant® family of products from Extreme Networks, Summit X250e series uses advanced security functions to help protect your network from known or potential threats. Security offerings from Extreme Networks encompass three key areas: user and host integrity, threat detection and response, and hardened network infrastructure.

User Authentication and Host Integrity Checking

Network Login and

Dynamic Security Profile

Network Login capability enforces user admission and usage policies. Summit X250e series switches support a comprehensive range of Network Login options by providing an 802.1x agent-based approach, a Web- based (agent-less) login capability for guests, and a MAC-based authentication model for devices. With these modes of Network Login, only authorized users and devices are permitted to connect to the network and be assigned to the appropriate VLAN. The Universal Port scripting framework lets you implement Dynamic Security Profiles which in sync with Network Login allows you to implement fine-grained and robust security policies. Upon authentication, the switch can load dynamic ACL/QoS for a user or group of users, to deny/allow the access to the application servers or segments within

the network.

Multiple Supplicant Support

Shared ports represent a potential vulner- ability in a network. Multiple supplicant capability on a switch allows it to uniquely authenticate and apply the appropriate policies and VLANs for each user or device on a shared port.

Multiple supplicant support helps secure IP Telephony and wireless access. Converged network designs often involve the use of shared ports (see Figure 4).

MAC Security

MAC security allows the lockdown of a port to a given MAC address and limiting the number of MAC addresses on a port. This

can be used to dedicate ports to specific hosts or devices such as VoIP phones or printers and avoid abuse of the port—an interesting capability specifically in environ- ments such as hotels. In addition, an aging timer can be configured for the MAC lockdown, protecting the network from the effects of attacks using (often rapidly) changing MAC addresses.

IP Security

ExtremeXOS IP security framework helps protect the network infrastructure, network services such as DHCP and DNS, and host computers from spoofing and man-in-the- middle attacks. It also helps protect the network from statically configured and/or spoofed IP addresses and builds an external trusted database of MAC/IP/port bindings so you know where the traffic from a specific address comes from for immediate defense.

Identity Management

Identity Management allows customers to track users who access their network. User identity is captured based on NetLogin authentication, LLDP discovery and Kerberos snooping. ExtremeXOS uses the information to then report on the MAC, VLAN, computer hostname, and port location of the user.

Host Integrity Checking

Host integrity checking helps keep infected or non-compliant machines off the network. Summit X250e series switches support a host integrity or endpoint integrity solution that is based on the model from the Trusted Computing Group. Summit X250e interfaces with Sentriant AG200 endpoint security appliance from Extreme Networks to verify that each endpoint meets the security policies that have been set and quarantines those that are not in compliance.

Network Intrusion Detection and Response

Hardware-Based sFlow Sampling

sFlow is a sampling technology that provides the ability to continuously monitor applica- tion-level traffic flows on all interfaces simultaneously. The sFlow agent is a software process that runs on Summit X250e and packages data into sFlow datagrams that are sent over the network to an sFlow collector. The collector gives an up-to-the- minute view of traffic across the entire network, providing the ability to trouble- shoot network problems, control congestion and detect network security threats.

Port Mirroring

For threat detection and prevention, Summit X250e supports many-to-one and one-to-many port mirroring. This allows the mirroring of traffic to an external network appliance such as an intrusion detection device for trend analysis or for utilization by a network administrator for diagnostic purposes. Port Mirroring can also be enabled across switches in a stack.

Line-Rate ACLs

ACLs are one of the most powerful components used in controlling network resource utilization as well as protecting the network. Summit X250e supports

1,024 centralized ACLs per 24-port block based on Layer 2, 3 or 4-header information such as the MAC, IPv4 and IPv6 address or TCP/UDP port.

Denial of Service Protection

Summit X250e can effectively handle DoS attacks. If the switch detects an unusually large number of packets in the CPU input queue, it will assemble ACLs that automat- ically stop these packets from reaching the CPU. After a period of time, these ACLs

Summit X250e offers multiple supplicant which helps provide per-MAC based authentication with dynamic VLAN allocation

`

`

`

`

`

`

`

`

`

VLAN Green

VLAN Orange

VLAN Purple

Rogue Clients

Figure 4: Multiple Supplicant Support

are removed, and reinstalled if the attack continues. ASIC-based LPM routing eliminates the need for control plane software to learn new flows, allowing more network resilience against DoS attacks.

Secure Management

To prevent management data from being intercepted or altered by unauthorized access, Summit X250e supports SSH2, SCP and SNMPv3 protocols. The MD5 hash algorithm used in authentication prevents attackers from tampering with valid data during routing sessions.

© 2010 Extreme Networks, Inc. All rights reserved.

Summit X250e Series—Page 4

Page 3 Page 5
Image 4
Page 3 Page 5
Contents Voice-Class Availability Designed for Converged Network ApplicationsComprehensive Security Target ApplicationsHigh Availability Network Protocols Modular Operating System for High Availability OperationVoice-Grade Stacking with SummitStack Designed for High-Performance Network Applications User Authentication and Host Integrity Checking Network Intrusion Detection and ResponseEdge Connectivity for Advanced Carrier Ethernet Applications Accessories EPS-160 and EPS-TTechnical Specifications ExtremeXOS Supported ProtocolsSummit X250e-24t Summit X250e-48t Summit X250e-24xSummit X250e-24p Summit X250e-48pSummit X250e-24tDC Summit X250e-48tDCSummit X250e-24xDC All Summit X250e SeriesPower Supply Units Ordering Information Part Number Name DescriptionSX SFP

15101 specifications

Extreme Networks 15101 is a high-performance network switch designed to deliver reliable and efficient connectivity for modern enterprise environments. As organizations increasingly embrace digital transformation, the need for robust networking solutions has become paramount. The 15101 addresses these demands by providing advanced features tailored for businesses seeking to enhance their network infrastructure.

One of the standout characteristics of the Extreme Networks 15101 is its modularity. This switch offers a flexible design that allows for easy upgrades and expansions, making it suitable for various network sizes and configurations. With multiple ports available, including 10GbE and 25GbE options, the switch ensures high bandwidth availability and efficient data transmission across devices.

In terms of scalability, the 15101 excels with its stackable architecture. This capability allows multiple units to be interconnected, significantly increasing the total port density and minimizing management complexity. As businesses grow, the ability to scale seamlessly without overhauling the entire network infrastructure is a crucial advantage.

The 15101 also incorporates advanced technologies such as Virtual Extensible LAN (VXLAN) support, which provides enhanced network segmentation and efficient traffic management in a virtualized environment. This feature is especially beneficial for organizations leveraging cloud services and virtualization, as it allows for seamless workloads and simplified network operations.

Security is another critical aspect of the Extreme Networks 15101. The switch comes equipped with state-of-the-art security protocols, including IEEE 802.1X port-based authentication, dynamic VLAN assignment, and advanced ACLs (Access Control Lists), ensuring that the network remains secure from unauthorized access and potential threats.

In addition to security, the Extreme Networks 15101 offers robust management capabilities. The switch can be easily configured and monitored through the user-friendly ExtremeCloud management platform, which provides visibility into network performance and facilitates troubleshooting through advanced analytics and reporting.

Energy efficiency is a priority for the 15101, featuring technologies that promote low power consumption without compromising performance. This consideration not only reduces operating costs but also supports sustainability initiatives within organizations.

Overall, Extreme Networks 15101 is a versatile, high-performance switch that provides the essential features and technologies needed for modern enterprise networking. With its modular design, scalability, security features, and ease of management, it stands out as an ideal solution for businesses looking to future-proof their network infrastructure while enhancing performance and reliability.
Top Page Image Contents