The advent of the network era makes the security problem an urgent problem to be solved. The existence of viruses, hackers and various vulnerabilities makes security tasks difficult in the Internet age.
The switch occupies an important position in the enterprise network, which is usually the core of the whole network. In this era of hacker intrusion and virus-ridden network, as the core of the switch is also taken for granted a part of the responsibility of network security. Therefore, the switch must have the professional security product performance, the security has become the network construction must consider the heavy middle. As a result of this, security switches are integrated with security authentication, ACLs (Access control list, access controls lists), firewalls, intrusion detection and even antivirus functions, and the security of the network really needs to be "armed to the teeth."
Security switch three-layer meaning
The most important role of the switch is to forward the data, in the hacker attack and virus intrusion, the switch to be able to continue to maintain its efficient data forwarding rate, without attack interference, this is the most basic security features required by the switch. At the same time, as the core of the whole network, the switch should be able to distinguish and control the users accessing and accessing the network information. More importantly, the switch should also be coordinated with other network security devices to monitor and block unauthorized access and network attacks.
New features for secure switches
802.1X Enhanced Security Certification
In the traditional LAN environment, as long as there is a physical connection port, unauthorized network equipment can be connected to the local area network, or unauthorized users can connect to the LAN through the device access. This poses a potential security threat to some businesses. In addition, in the school and the network of intelligent community, because it involves the network billing, so verifying the legality of user access is also very important. IEEE 802.1x is the remedy for this problem, has been integrated into the two-layer intelligent switch, complete the user's access security audit.
The 802.1X protocol is a newly standardized LAN access control protocol that conforms to the IEEE 802 protocol set, which is called a port based access control protocol. Based on the advantages of IEEE 802 LAN, it can provide a means to authenticate and authorize the users connected to the local area network, and achieve the goal of receiving legitimate user's access and protecting network security.
The 802.1X protocol is seamlessly integrated with the LAN. 802.1X utilizes the physical characteristics of the switched LAN architecture to achieve device authentication on the LAN port. During the authentication process, LAN ports either act as authenticator or act as requesters. In the case of authentication, LAN port should be authenticated before it needs the user to access the corresponding service through the port, and if authentication fails, it is not allowed to access; The LAN port is responsible for submitting the Access service request to the authentication server as the requester. A port based Mac lock allows only trusted MAC addresses to send data to the network. Data streams from any "untrusted" device are automatically discarded to ensure maximum security.
In the 802.1X protocol, only the following three elements are available to complete the user authentication and authorization of port-based access control.
1. Client. Generally installed on the user's workstation, when users have access to the Internet needs, activate the client program, enter the necessary username and password, the client program will send a connection request.
2. Certification System. In the Ethernet system to authenticate the switch, its main role is to complete the user authentication information upload, release work, and according to the results of the certification to open or close the port.
3. Authentication server. Verify that the user has the right to use the network services provided by the network system by verifying the identity (username and password) sent by the client, and issuing a status of opening or maintaining the port shutdown according to the authentication results.