Configuring VLAN security attributes ensures reliable transmission of user data. Currently, the NetEngine 8000 F supports two security attributes. You can configure security attributes as required.
Table 1 lists VLAN security attribute schemes.
Security Scheme |
Description |
Advantage |
Disadvantage |
Usage Scenario |
|---|---|---|---|---|
Disabling a port from broadcasting packets to other ports in the same VLAN |
If a port in a VLAN receives a broadcast or unknown unicast packet, it will broadcast the packet to other ports in the VLAN. If the broadcast or unknown unicast packet is malicious, system resources waste and device performance deteriorates or even the device malfunctions. Disabling the port from broadcasting packets to other ports in the VLAN prevents malicious attacks. |
- |
- |
This security scheme is applicable to topology-stable networks or networks on which MAC addresses are configured and forwarding paths are specified. |
Disabling MAC address learning in a VLAN |
If a device has only one inbound port and one outbound port, MAC address learning in a VLAN can be disabled. |
|
This security scheme requires that the network has fixed users and forwarding paths have been established by using dynamic MAC address learning or by manually configuring MAC addresses. If there are a large number of users connected to a switch, each user needs to be configured with a static forwarding path. This imposes a configuration burden on network administrators. This security scheme prohibits new users from visiting the network. |
This security scheme is applicable to topology-stable networks or networks on which MAC addresses are configured and forwarding paths are specified. |
Creating VLANs