Introduction 35
Security Features
SSL
Secure Socket Layer (SSL) is an application-level protocol that enables secure transactions of data
through privacy, authentication, and data integrity. It relies upon certificates and public and private
keys.
Port Based Authentication (802.1x)
Port based authentication enables authenticating system users on a per-port basis via an external
server. Only authenticated and approved system users can transmit and receive data. Ports are
authenticated via the Remote Authentication Dial In User Service (RADIUS) server using the
Extensible Authentication Protocol (EAP).
For more information, see "Configuring Port Based Authentication."
Locked Port Support
Locked Port increases network security by limiting access on a specific port only to users with
specific MAC addresses. These addresses are either manually defined or learned on that port.
When a frame is seen on a locked port, and the frame source MAC address is not tied to that port,
the protection mechanism is invoked.
For more information, see "Configuring Port Security."
RADIUS Client
RADIUS is a client/server-based protocol. A RADIUS server maintains a user database, which
contains per-user authentication information, such as user name, password and accounting
information.
For more information, see "Configuring RADIUS Settings."
SSH
Secure Shell (SSH) is a protocol that provides a secure, remote connection to a device. SSH version
2 is currently supported. The SSH server feature enables an SSH client to establish a secure,
encrypted connection with a device. This connection provides functionality that is similar to an
inbound telnet connection. SSH uses RSA and DSA Public Key cryptography for device
connections and authentication.
TACACS+
TACACS+ provides centralized security for validation of users accessing the device. TACACS+
provides a centralized user management system, while still retaining consistency with RADIUS and
other authentication processes.
For more information, see "Defining TACACS+ Settings."