Process Overview: Security Configuration
14-2 Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide
•Port Web Authentication (PWA) – locks down a port a user is attached to until after the user logs
in using a web browser to access the switch. The switch will pass all login information from the
end station to a RADIUS server for authentication before turning the port on. PWA is an
alternative to 802.1X and MAC authentication. For details, refer to Section 14.3.5.
•Secure Shell (SSH) – permits or denies remote access based on IP address, ciphers and MAC
algorithms. For details, refer to Section 14.3.6.
•Access Lists (ACLs) – permits or denies access to routing interfaces based on protocol and
source IP address restrictions configured in access lists. For details, refer to Section 14.3.7.
•Denial of Service (DoS) Prevention - prevents Denial of Service attacks, including land,
fragmented and large ICMP packets, spoofed address attacks, and UDP/TCP port scanning. For
details, refer to Section 14.3.8.
•Flow Setup Throttling (FST) - prevents the effects of DoS attacks by limiting the number of new
or established flows that can be programmed on any individual switch port. For details, refer to
Section 14.3.9.
14.2 PROCESS OVERVIEW: SECURITY CONFIGURATIONUse the following steps as a guide to configuring security methods on the device:
1. Configuring RADIUS (Section 14.3.1)
2. Configuring EAPOL (Section 14.3.2)
3. Configuring MAC Authentication (Section 14.3.3)
4. Configuring MAC Locking (Section 14.3.4)
5. Configuring Port Web Authentication (Section 14.3.5)
6. Configuring Secure Shell (SSH) (Section 14.3.6)
7. Configuring Access Lists (ACLs) (Section 14.3.7)
8. Configuring Denial of Service (DoS) Prevention (Section 14.3.8)
9. Configuring Flow Setup Throttling (FST) (Section 14.3.9)