Six security tips for L2 switches (1)

With the popularization and deepening of network applications, users' requirements for L2 switches are not limited to data forwarding performance, service quality (QoS), and other aspects, the concept of network security is increasingly becoming an important reference for the selection of networking products.

How does one filter user communication to ensure secure and effective data forwarding? How can we block illegal users and protect network security applications? How can we conduct security network management to promptly discover illegal users, illegal behaviors, and the security of remote network management information? Here we have summarized six popular security settings in the vswitch market recently, hoping to help you.

One of the secrets of security: L2-L4 layer Filtering

Most of the new vswitches can implement various filtering requirements by establishing rules. Rule settings can be set in two modes: MAC mode, which can effectively isolate data based on the source MAC or destination MAC, and IP Mode, data packets can be filtered through the source IP address, destination IP address, protocol, source application port, and destination application port. The established rules must be appended to the corresponding receiving or transmission port, when the port of the vswitch receives or forwards data, it filters packets according to the filter rules to decide whether to forward or discard the data. In addition, the vswitch performs logical operations on the filtering rules through the hardware "logical and non-Gate" to determine the filtering rules, without affecting the data forwarding rate.

Security Tips 2: Port-Based Access Control for 802.1X

To prevent unauthorized users from accessing the LAN and ensure network security, Port-based access control protocol 802.1X is widely used in both wired LAN and WLAN. For example, Asus's latest GigaX2024/2048 and other new generation switch products not only support 802.1X Local and RADIUS verification methods, but also support 802.1X Dynamic VLAN access, that is, on the basis of VLAN and 802.1X, A user with a user account can access the specified VLAN group no matter where the user is connected in the network, this function not only provides flexible and convenient resources for mobile users in the network, but also ensures the security of network resource applications. In addition, the GigaX2024/2048 switch also supports the 802.1X Guest VLAN function, that is, in 802.1X applications, if the port specifies the Guest VLAN, if the access user under this port fails to authenticate or has no user account at all, it will become a member of the Guest VLAN group and can enjoy the corresponding network resources in this group, this function can also provide minimum resources for some groups of network applications and provide the outermost Access Security.

Security Tips 3: traffic control)

Vswitch traffic control can prevent abnormal bandwidth load caused by excessive traffic of broadcast data packets, multicast data packets, and unicast data packets with incorrect destination addresses, and improve the overall efficiency of the system, to ensure secure and stable network operation.