Foundry Networks this week launched several lines of security-focused switches aimed at locking down desktop LAN ports, enterprise edge and WAN connections, and data center server links.

Foundry says its SecureIronLS LAN switches use features such as Snort intrusion detection, Layer 2 port authentication and traffic monitoring to secure internal LAN connections. This could allow enterprises to deploy security technology closer to end users without adding additional gear to the network, the vendor says. On the network edge, SecureIron perimeter switches can add load balancing and traffic offload for network firewalls, the vendor says.

Foundry is also launching three ServerIron switches for Web server farms and data centers that can add traffic acceleration and protection against the misuse and hacking of Web-based applications, Foundry says.

The SecureIronLS switches include the SecureIronLS 100 and SecureIronLS 300 series. The SecureIron 100 series includes a version with 24 ports of 10/100Mbps Ethernet and one with 48 ports. Both switches are intended for wiring closets, and both have two-port Gigabit small form-factor pluggable (SFP) uplinks to connect to an aggregation or LAN core layer. The 300 series includes a 16-port 10/100/1000Mbps switch with dual Gigabit SFPs, and a 32-port 100/1000Mbps box with dual 10-Gigabit Ethernet uplinks. The SecureIronLS 300 series is targeted at LAN aggregation, providing security services for downstream Layer 2 LAN switches in wiring closets, Foundry says.

An LAN aggregation-layer deployment of the SecureIronLS 300 series is planned at Viejas Casino in Alpine, Calif. (near San Diego), with the goal of adding port-level security for more than 1,700 end users attached to the LAN.

"The SecureIron will give us the equivalent of a firewall on every LAN port," says Thomas Ting, senior systems engineer for the casino. Four SecureIronLS switches will aggregate traffic from dozens of Foundry Layer 2 switches in wiring closets, and provide 802.1x-based security and port authentication, as well as traffic anomaly-detection capabilities to every traffic flow coming from the LAN edge to the aggregation layer, Ting says.

With a large Foundry infrastructure already in place, Ting says Cisco's Network Admission Control (NAC) architecture would have been costly to implement, since most edge and aggregation layer switches would need to be replaced. Ting says he also considered NAC-based appliances that attach to a network. But upgrading his aggregation-layer switches to SecureIronLS, with this capability built in, ended up being easier to manage.