Implementing Security

Take the following steps to implement supported S- K- and 7100-Series security features in your network:

• To implement MAC locking:
  • Enable MAC locking both globally and on the ports to be configured for MAC locking
  • For ports that you are going to restrict access based upon a device‘s MAC address, set the port to MAC lock static and specify the maximum number of configure MAC addresses for that port
  • For ports you are going to restrict on a first come first serve for a set number of MAC addresses, enable dynamic MAC locking specifying the maximum number of MAC addresses allowed for that port
  • Optionally move all current dynamically enabled MAC locking MAC addresses to a static MAC locking configuration
  • Optionally allow dynamic MAC addresses to age based upon the configured MAC agetime
  • Optionally enable MAC lock trap messaging
• To implement Secure Shell:
  • Enable the SSH server
  • Set or reinitalize the host key
  • Verify the SSH state
• To implement TACACS+:
  • Enable TACACS+ on the client
  • Configure the TACACS+ server to be used by the client
  • Optionally enable TACACS+ session accounting
  • Optionally configure the TACACS+ session authorization service or privilege level
  • Optionally enable per command authorization
  • Optionally enable the TCP single connection feature for this device
• To implement Host DoS:
  • Enable one or more DoS attack mitigation types
  • Optionally set a logging event rate per a specified amount of time
  • Optionally enable logging
  • Verify the Host DoS configuration