Switch Management Guide
7-1
C
HAPTER
 7
C
LIENT
 S
ECURITY
This switch supports many methods of segregating traffic for clients 
attached to each of the data ports, and for ensuring that only authorized 
clients gain access to the network. Private VLANs and port-based 
authentication using IEEE 802.1X are commonly used for these purposes.
In addition to these methods, several other options of providing client 
security are supported by this switch. These include port-based 
authentication, which can be configured to allow network client access 
by specifying a fixed set of MAC addresses (either by freezing a set of 
dynamically learned entries or through static configuration), or to deny 
client access by statically configuring MAC/IP address pairs (using packet 
filtering rules). 
DHCP service requests can be blocked to ensure that only static addresses 
assigned by the service provider are used, or DHCP replies can be blocked 
on specific ports to ensure that DHCP service requests are only answered 
through authorized uplink ports. The addresses assigned to DHCP clients 
can also be carefully controlled using dynamic bindings registered with 
DHCP Snooping or static bindings configured with IP Source Guard. 
NetBIOS
6
 traffic commonly used for resource sharing in a peer-to-peer 
environment can also be completely blocked to ensure that no privileged 
client data is passed to other data ports. 
6. NetBIOS - Network Basic Input Output System










