Extreme Networks Data Sheet
Comprehensive Security
Implementing a secure network means providing protection at the network perimeter as well as the core. Working together with the Sentriant® family of products from Extreme Networks, Summit X250e series uses advanced security functions to help protect your network from known or potential threats. Security offerings from Extreme Networks encompass three key areas: user and host integrity, threat detection and response, and hardened network infrastructure.
User Authentication and Host Integrity Checking
Network Login and
Dynamic Security Profile
Network Login capability enforces user admission and usage policies. Summit X250e series switches support a comprehensive range of Network Login options by providing an 802.1x
the network.
Multiple Supplicant Support
Shared ports represent a potential vulner- ability in a network. Multiple supplicant capability on a switch allows it to uniquely authenticate and apply the appropriate policies and VLANs for each user or device on a shared port.
Multiple supplicant support helps secure IP Telephony and wireless access. Converged network designs often involve the use of shared ports (see Figure 4).
MAC Security
MAC security allows the lockdown of a port to a given MAC address and limiting the number of MAC addresses on a port. This
can be used to dedicate ports to specific hosts or devices such as VoIP phones or printers and avoid abuse of the
IP Security
ExtremeXOS IP security framework helps protect the network infrastructure, network services such as DHCP and DNS, and host computers from spoofing and
Identity Management
Identity Management allows customers to track users who access their network. User identity is captured based on NetLogin authentication, LLDP discovery and Kerberos snooping. ExtremeXOS uses the information to then report on the MAC, VLAN, computer hostname, and port location of the user.
Host Integrity Checking
Host integrity checking helps keep infected or
Network Intrusion Detection and Response
Hardware-Based sFlow Sampling
sFlow is a sampling technology that provides the ability to continuously monitor applica-
Port Mirroring
For threat detection and prevention, Summit X250e supports
Line-Rate ACLs
ACLs are one of the most powerful components used in controlling network resource utilization as well as protecting the network. Summit X250e supports
1,024 centralized ACLs per
Denial of Service Protection
Summit X250e can effectively handle DoS attacks. If the switch detects an unusually large number of packets in the CPU input queue, it will assemble ACLs that automat- ically stop these packets from reaching the CPU. After a period of time, these ACLs
Summit X250e offers multiple supplicant which helps provide
` | ` | ` | ` | ` | ` | ` | ` | ` |
VLAN Green | VLAN Orange | VLAN Purple | Rogue Clients |
Figure 4: Multiple Supplicant Support
are removed, and reinstalled if the attack continues.
Secure Management
To prevent management data from being intercepted or altered by unauthorized access, Summit X250e supports SSH2, SCP and SNMPv3 protocols. The MD5 hash algorithm used in authentication prevents attackers from tampering with valid data during routing sessions.
© 2010 Extreme Networks, Inc. All rights reserved. | Summit X250e |