Transition Networks Section Vl: FBRM/BFFG Software Features
Software security feature descriptions
Table 4: Device Software Configurable Security Features
Description
Security Feature
802.1x MAC filtering When enabled on a port, stops learning all MAC
addresses. To allow any frame with a MAC address not
in the Static MAC database access, the user needs to add
the new address or it will be discarded. This allows
filtering any unauthorized access to the network by
unknown MAC addresses.
CLI Timeout on Idle If the CLI session on USB/Telnet is idle for more than
two (2) minutes, the session will time out requiring
logging in to re-gain access to the CLI.
IP access (system
level/port level) Any management of the system via IP can be locked at
the system level, or only on certain ports. For example
management can occur via web/SNMP only on Port 1, so
that access via other ports can be blocked.
MAC addresses blocking The MAC address can be added to the static MAC
address database with the ‘connected port’ as zero. This
will cause any frames from that MAC address database
to cause an ATU-member violation on that port,
resulting in sending a trap. This could cause excessive
traps (overload the CPU with interrupts) depending on
the traffic generated by that MAC. The user can disable
all traps by setting the Ignore SA Violation on the port
that is receiving the MAC address under Advanced Port
Configuration on the web page.
Management VLAN In a VLAN enabled network, the administrator can
assign a VLAN as a management VLAN. This VLAN
ID will be used in all management frames. This separates
the management traffic from the data.
SNMP access The administrator can stop all SNMP access to the
Device, if not used. This will prevent unauthorized
access to the system configuration, but the SNMP traps
will still be sent.
Radius authentication The Device supports authentication using the RADIUS
protocol. When enabled, RADIUS authentication is used
for Web login, serial port, and Telnet authentication.
The Radius server and the shared secret needs to be
configured using CLI/Web/SNMP before enabling
RADIUS authentication.
Continued on next page
24-Hour Technical Support: 1-800-260-1312 International: 00-1-952-941-7600 69