Filter
Top Products
© 2010 Extreme Networks, Inc. All rights reserved. Summit X250e Series—Page 4
Extreme Networks Data Sheet
Comprehensive Security
User Authentication and Host
Integrity Checking
Network Login and
Dynamic Security Profile
Network Login capability enforces user
admission and usage policies. Summit X250e
series switches support a comprehensive
range of Network Login options by providing
an 802.1x agent-based approach, a Web-
based (agent-less) login capability for guests,
and a MAC-based authentication model for
devices. With these modes of Network Login,
only authorized users and devices are
permitted to connect to the network and be
assigned to the appropriate VLAN. The
Universal Port scripting framework lets you
implement Dynamic Security Profiles which
in sync with Network Login allows you to
implement fine-grained and robust security
policies. Upon authentication, the switch can
load dynamic ACL/QoS for a user or group
of users, to deny/allow the access to the
application servers or segments within
the network.
Multiple Supplicant Support
Shared ports represent a potential vulner-
ability in a network. Multiple supplicant
capability on a switch allows it to uniquely
authenticate and apply the appropriate
policies and VLANs for each user or device
on a shared port.
Multiple supplicant support helps secure IP
Telephony and wireless access. Converged
network designs often involve the use of
shared ports (see Figure 4).
MAC Security
MAC security allows the lockdown of a port
to a given MAC address and limiting the
number of MAC addresses on a port. This
can be used to dedicate ports to specific
hosts or devices such as VoIP phones or
printers and avoid abuse of the port—an
interesting capability specifically in environ-
ments such as hotels. In addition, an aging
timer can be configured for the MAC
lockdown, protecting the network from the
effects of attacks using (often rapidly)
changing MAC addresses.
IP Security
ExtremeXOS IP security framework helps
protect the network infrastructure, network
services such as DHCP and DNS, and host
computers from spoofing and man-in-the-
middle attacks. It also helps protect the
network from statically configured and/or
spoofed IP addresses and builds an external
trusted database of MAC/IP/port bindings so
you know where the traffic from a specific
address comes from for immediate defense.
Identity Management
Identity Management allows customers to
track users who access their network. User
identity is captured based on NetLogin
authentication, LLDP discovery and Kerberos
snooping. ExtremeXOS uses the information
to then report on the MAC, VLAN, computer
hostname, and port location of the user.
Host Integrity Checking
Host integrity checking helps keep infected
or non-compliant machines off the network.
Summit X250e series switches support a host
integrity or endpoint integrity solution that is
based on the model from the Trusted
Computing Group. Summit X250e interfaces
with Sentriant AG200 endpoint security
appliance from Extreme Networks to verify
that each endpoint meets the security
policies that have been set and quarantines
those that are not in compliance.
Network Intrusion Detection
and Response
Hardware-Based sFlow Sampling
sFlow is a sampling technology that provides
the ability to continuously monitor applica-
tion-level traffic flows on all interfaces
simultaneously. The sFlow agent is a
software process that runs on Summit X250e
and packages data into sFlow datagrams that
are sent over the network to an sFlow
collector. The collector gives an up-to-the-
minute view of traffic across the entire
network, providing the ability to trouble-
shoot network problems, control congestion
and detect network security threats.
Port Mirroring
For threat detection and prevention,
Summit X250e supports many-to-one and
one-to-many port mirroring. This allows
the mirroring of traffic to an external
network appliance such as an intrusion
detection device for trend analysis or for
utilization by a network administrator for
diagnostic purposes. Port Mirroring can
also be enabled across switches in a stack.
Line-Rate ACLs
ACLs are one of the most powerful
components used in controlling network
resource utilization as well as protecting
the network. Summit X250e supports
1,024 centralized ACLs per 24-port block
based on Layer 2, 3 or 4-header information
such as the MAC, IPv4 and IPv6 address or
TCP/UDP port.
Denial of Service Protection
Summit X250e can effectively handle DoS
attacks. If the switch detects an unusually
large number of packets in the CPU input
queue, it will assemble ACLs that automat-
ically stop these packets from reaching the
CPU. After a period of time, these ACLs
are removed, and reinstalled if the attack
continues. ASIC-based LPM routing
eliminates the need for control plane
software to learn new flows, allowing more
network resilience against DoS attacks.
Secure Management
To prevent management data from being
intercepted or altered by unauthorized
access, Summit X250e supports SSH2, SCP
and SNMPv3 protocols. The MD5 hash
algorithm used in authentication prevents
attackers from tampering with valid data
during routing sessions.
Implementing a secure network means providing protection at the network perimeter as well as the core. Working together with
the Sentriant
®
family of products from Extreme Networks, Summit X250e series uses advanced security functions to help
protect your network from known or potential threats. Security offerings from Extreme Networks encompass three key areas:
user and host integrity, threat detection and response, and hardened network infrastructure.
Summit X250e offers multiple supplicant which helps provide per-MAC
based authentication with dynamic VLAN allocation
```
VLAN Green VLAN Orange VLAN Purple Rogue Clients
`` ` ```
Figure 4: Multiple Supplicant Support