- Secure Shell Protocol (SSH): SSH to secure incoming/outgoing Telnet connections; support of SSHv1 and v2
- Secure Sockets Layer (SSL): SSL to encrypt HTTP connections; advanced security for browser-based configuration via web interface
- IEEE 802.1X: IEEE 802.1X access control on all ports; RADIUS for
authentication, authorization and accounting with MD5 hashing; guest
VLAN; dynamic VLAN assignment - Private VLAN edge: Layer 2 isolation between clients in the same VLAN (‘protected ports”); support multiple uplinks
- Port security: Locking of MAC addresses to ports; limiting of the number of learned MAC addresses
- IP source guard: Blocking access for illegal IP addresses on specific ports
- Access control lists (ACLs): Drop or rate limitation of connections
based on source and destination MAC addresses, VLAN ID, IP address,
protocol, port, DSCP/IP precedence,TCP/UDP source and destination ports,
IEEE 802.1p priority, ICMP packets, IGMP packets, TCP flag - RADIUS/TACACS+: Authentication, authorization and accounting of configuration changes by RADIUS or TACACS+
- Storm Control: Multicast/Broadcast/Unicast storm suppression
- Isolated Group: Allows certain ports to be designated as protected.
All other ports are non-isolated. Traffic between isolated group members
ist blocked. Trafficcan only be sent from isolated group to
non-isolalted group.