Other than the explanation below How can switches help reduce network security problems?
Switches can be used to disallow access to a network by requiring authentication to the server to all computers that plug in to a network LAN connection requiring each computer to authenticate itself. This workgroup switch is called an authenticator. This process occurs by the transmission of the password against the authentication database. If the password is verified, then the confirmation is sent back to the workgroup switch and access is granted. Additionally, when an employee is let go it is simple to quickly revoke the access of the individual on the switch. It is important that access rights to a network, allowing only authorized users access, is easily managed.
Additionally, switches are used to secure the network from other systems that could pose a threat to the network resources. They can detect and respond to threats such as virus’ and attacks on the network. Switches allow their administrators to set detection and response security policies.
Ethernet switches can be used to create virtual LANs (VLANs). VLANs create logically separate LANs on the same physical switch. Each port of the switch is assigned to a VLAN. They are used for security purposes, keeping personnel on one VLAN from being able to reach servers on another VLAN. Though SANS recommends that VLANs not be used for enforcing security policy.
Data networks and Telecommunication - wqUCNKtKisRuQvrQkA, Wednesday, June 13, 2012 at 5:22pm
you could still probably build a fitelr to restrict packets to the broadcast address. I haven't used the UDP forwarding within the Nortel ERS8600 but I'm sure it wouldn't be too complicated to setup.With WOL there are really two types of packets, unicast and multicast. If the ARP entry is still in the switch/router you can send a unicast packet. If the ARP entry has aged out you need to send a multicast packet addressed to the broadcast address of the network (VLAN).You could certainly enable it while you work to refine and lock-down the configuration through additional testing and configuration.Good Luck!