Implementing Security
Take the following steps to implement supported S- K- and 7100-Series security features in your network:
- To implement MAC locking:
- Enable MAC locking both globally and on the ports to be configured for MAC locking
- For ports that you are going to restrict access based upon a device‘s MAC address, set the port to MAC lock static and specify the maximum number of configure MAC addresses for that port
- For ports you are going to restrict on a first come first serve for a set number of MAC addresses, enable dynamic MAC locking specifying the maximum number of MAC addresses allowed for that port
- Optionally move all current dynamically enabled MAC locking MAC addresses to a static MAC locking configuration
- Optionally allow dynamic MAC addresses to age based upon the configured MAC agetime
- Optionally enable MAC lock trap messaging
- To implement Secure Shell:
- Enable the SSH server
- Set or reinitalize the host key
- Verify the SSH state
- To implement TACACS+:
- Enable TACACS+ on the client
- Configure the TACACS+ server to be used by the client
- Optionally enable TACACS+ session accounting
- Optionally configure the TACACS+ session authorization service or privilege level
- Optionally enable per command authorization
- Optionally enable the TCP single connection feature for this device
- To implement Host DoS:
- Enable one or more DoS attack mitigation types
- Optionally set a logging event rate per a specified amount of time
- Optionally enable logging
- Verify the Host DoS configuration