Ethernet Port Security Configuration

About this task

Edit or override the security configuration of a port.

Procedure

  1. Select Profiles.
    The profile name list opens.
  2. Select a profile from the existing list.
  3. Select Interface > Ethernet > Ethernet name > Security.
  4. Configure the following Access Control settings:
    Inbound IPv4 Firewall Rules Use the IPv4 Inbound Firewall Rules drop-down list box to select the IPv4 specific firewall rules to apply to this profile‘s Ethernet port configuration.

    IPv4 is a connectionless protocol for packet switched networking. IPv4 operates as a best effort delivery method, as it does not guarantee delivery, and does not ensure proper sequencing or duplicate delivery, unlike TCP. IPv4 hosts can use link local addressing to provide local connectivity

    Inbound MAC Firewall Rules Use the MAC Inbound Firewall Rules drop-down lis box to select the firewall rules to apply to this profile‘s Ethernet port configuration.

    The firewall inspects MAC traffic flows and detects attacks typically not visible to traditional wired firewall appliances

    Inbound IPv6 Firewall Rules Use the IPv6 Inbound Firewall Rules drop-down list box to select the IPv6 specific firewall rules to apply to this profile‘s Ethernet port configuration.

    IPv6 is the latest revision of the Internet Protocol designed to replace IPv4. IPv6 provides enhanced identification and location information for computers on networks routing traffic across the Internet. IPv6 addresses are composed of eight groups of four hexadecimal digits separated by colons

  5. Refer to the following options to configure Trust settings:
    ARP Responses Select ARP Responses to activate trust on this port. ARP packets received on this port are considered trusted, and the information from these packets is used to identify rogue devices within the network
    DHCP Responses Select DHCP Responses to only allow DHCP responses that are trusted and forwarded on this port. This option allows a DHCP server to connect only to a DHCP trusted port
    802.1P COS Select to activate 802.1P COS on this port
    IP DSCP Select to activate IP DSCP values on this port
    ARP Header Mismatch Validation Select ARP Header Mismatch Validation to activate mismatch check for the source MAC in both the ARP and Ethernet header
  6. Set the following IPv6 Trust settings:
    ND Requests Select ND Requests to activate the trust of neighbor discovery requests required on an IPv6 network on this Ethernet port
    DHCPv6 Responses Select DHCPv6 Responses to trust all DHCPv6 responses on this Ethernet port.

    DHCPv6 is a networking protocol for configuring IPv6 hosts with IP addresses, IP prefixes, or other configuration attributes required on an IPv6 network

    RA Guard Select RA Guard to activate router advertisements or ICMPv6 redirects from this Ethernet port
    ND Header Mismatch Validation Select ND Header Mismatch Validation to activate a mismatch check for the source MAC within the ND header and Link Layer Option
  7. Use the 802.1X Supplicant slider to activate 802.1X settings. When selected, configure the following settings:
    Method Select username or trustpoint.
    • username - Authenticates supplicants using credentials they provide. Selecting this option activates the Username and Password fields
    • trustpoint - Authenticates supplicants using EAP-TLS mode of authentication. Selecting this option activates the Trustpoint field
    Username Specify the supplicant's username.
    Note: Username is required only if the Method of authentication is set to username
    Password Set the password associated with the sipplicant username
    Trustpoint Assign a trustpoint name when the selected Method of authentication is trustpoint. A trustpoint represents a CA or identity pair containing the identity of the CA, CA specific configuration parameters, and an association with an enrolled identity certificate
    Note: : Ensure that the trustpoint certificate is installed on the supplicant and the RADIUS server
  8. Select Save to update security settings.