Advanced Security

The LE-311v delivers an advanced set of security features that protect the access points of the network and are interoperable with security protocols in the core of the network. LE-311v switches implement both user authentication and dynamic, policy-based network access solutions. Advanced authentication protocols, such as IEEE 802.1x Port-based Network Access Control, are based on password encryption and can be authenticated through a RADIUS server for comprehensive network-wide security coordination. Policy-based network access implements advanced Service Access Control (SAC) that can be configured with dynamic or static access control lists. The LE-311v also supports both ingress and egress port filtering, Layer 2 + Layer 4 protocol filtering, SSH2 for an encrypted management channel when connecting systems over an insecure network (such as the Internet), and SSH File Transfer Protocol (SFTP).

Security features supported in the LE-311v include:

• Security features operate at full line-rate
• SSH File Transfer Protocol (SFTP) for secure file transfer
• VLAN ingress filtering prevents VLAN leakage
• Egress port restriction eliminates customer cross-talk over a shared distribution infrastructure
• Dynamic and static Service Access Control (Access Control Lists. ACLs)
• User authentication
  • Local or RADIUS authentication
  • MD5 encryption of passwords
  • 3 levels of privilege (Limited, Super, Diagnostic)
• Ingress Protocol Filtering
  • MAC address types
  • TCP/UDP ports
  • IP protocols
  • User defined filters
  • Per-port/per-VLAN
• Broadcast Containment and Unknown Multicast Filtering (UMF) prevents broadcast and multicast Denial of Service (DoS) attacks

Continue

• Introduction
• Provider Backbone Transport (PBT)
• MPLS Services
• Proven LE-OS Operating System
• Carrier Class QoS
• Reliability and Resiliency
• Advanced Security
• Carrier Class OAM

PDS-0003-001 Rev B