SSH/SSL
The switch supports Secure Shell (SSH) for secure, remote connections to
the CLI and Secure Sockets Layer (SSL) to increase security when accessing
the web-based management interface.
For information about configuring SSH and SSL settings, see "Configuring
Authentication, Authorization, and Accounting" on page 177.
Inbound Telnet Control
You can configure the switch to prevent new Telnet sessions from being
established with the switch. Additionally, the Telnet port number is
configurable.
For information about configuring inbound Telnet settings, see "Configuring
Authentication, Authorization, and Accounting" on page 177.
Denial of Service
The switch supports configurable Denial of Service (DoS) attack protection
for eight different types of attacks.
For information about configuring DoS settings, see "Configuring Port and
System Security" on page 457.
Port Protection
A port may be put into the disabled state for any of the following reasons:
•
BPDU Storm Protection: By default, if Spanning Tree Protocol (STP)
bridge protocol data units (BPDUs) are received at a rate of 15pps or
greater for three consecutive seconds on a port, the port will be
diagnostically disabled. The threshold is not configurable.
•
DHCP Snooping: If DHCP packets are received on a port at a rate that
exceeds 15 pps, the port will be diagnostically disabled. The threshold is
configurable up to 300 pps for up to 15s long using the ip dhcp
snooping limit command. DHCP snooping is disabled by default.
The default protection limit is 15 pps.
Switch Features
61