Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security

Physical Topology

Logical Topology for Access to Switch A

Switch A

Port Security Configured

Switch B

MAC Address Authorized by Switch A

Switch C

MAC Address NOT Authorized by Switch A

PC 1

MAC Address Authorized by Switch A

PC 2

MAC Address NOT Authorized by Switch A

PC 3

MAC Address NOT Authorized by Switch A

Switch A

 

Port Security

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Configured

 

 

 

 

 

 

PC 1

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

MAC Address

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Authorized by Switch A

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Switch B

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

MAC Address

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Authorized by

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Switch A

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

• PC1 can access Switch A.

• PCs 2 and 3 can access Switch B and Switch C, but are blocked from accessing switch A by the port security settings in switch A.

• Switch C is not authorized to access Switch A.

Security,

Using

 

Figure 7-3. Example of How Port Security Controls Access

 

 

N o t e

Broadcast and Multicast traffic is not “unauthorized” traffic, and can be read

 

by intruders connected to a port on which you have configured port security.

 

 

Trunk Group Exclusion

Port security does not operate on either a static or dynamic trunk group. If you configure port security on one or more ports that are later added to a trunk group, the switch will reset the port security parameters for those ports to the factory-default configuration. (Ports configured for either Active or Passive LACP, and which are not members of a trunk, can be configured for port security.)

Planning Port Security

1.Plan your port security configuration and monitoring according to the following:

a. On which ports do you want to configure port security?

and Authorized

Passwords, Port

IP

 

7-9

Page 129
Image 129
SMC Networks SMC6624M manual Planning Port Security, Trunk Group Exclusion

SMC6624M specifications

SMC Networks SMC6624M is a robust and versatile managed switch designed to meet the needs of enterprises seeking reliable network solutions. This device features 24 Gigabit Ethernet ports that allow for high-speed data transfer, making it ideal for environments that demand high bandwidth. The SMC6624M is particularly suited for small to medium-sized businesses that require a powerful network backbone to support various applications, including voice, video, and data transmission.

One of the standout features of the SMC6624M is its Layer 2 and Layer 3 switching capabilities, enhancing the flexibility and efficiency of network management. The switch supports VLANs (Virtual Local Area Networks), which allow administrators to segment network traffic for improved security and performance. This capability is essential for organizations looking to optimize their network resources and apply policies that enhance security.

The SMC6624M also integrates advanced Quality of Service (QoS) features, enabling the prioritization of network traffic. This is particularly useful for applications such as VoIP and video conferencing, where maintaining low latency and jitter is crucial for ensuring a seamless user experience. Users can define traffic classes and manage bandwidth allocation, which helps in maintaining the quality of critical applications even during peak usage times.

In terms of connectivity and performance, the SMC6624M includes 4 Gigabit SFP ports, allowing for fiber optic connections to extend network reach and provide flexibility in deployment. The ability to take advantage of high-speed fiber connections means businesses can scale their networks as needed without significant infrastructure changes.

Management options for the SMC6624M are comprehensive. It supports SNMP (Simple Network Management Protocol) for monitoring and managing network performance effectively. Additionally, the switch can be configured using a web-based interface, command-line interface (CLI), or through SNMP, providing flexibility to network administrators with different preferences and expertise.

Furthermore, the SMC6624M is built with a fanless design, which ensures quiet operation and is energy efficient. Its compact form factor and sturdy build make it suitable for installation in various environments, including data centers and office settings.

Overall, the SMC Networks SMC6624M stands out for its combination of speed, flexibility, and management features, making it an excellent choice for businesses looking to enhance their network infrastructure. With a focus on reliability and performance, this managed switch promises to deliver the capabilities that today's modern networks demand.