Data Sheet
© 2010 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 7 of 20
●
IEEE 802.1x with VLAN assignment allows a dynamic VLAN assignment for a specific user regardless of
where the user is connected.
●
IEEE 802.1x with voice VLAN permits an IP phone to access the voice VLAN irrespective of the authorized or
unauthorized state of the port.
●
IEEE 802.1x and port security are provided to authenticate the port and manage network access for all MAC
addresses, including that of the client.
●
IEEE 802.1x with an ACL assignment allows for specific identity-based security policies regardless of where
the user is connected.
●
IEEE 802.1x with guest VLAN allows guests without 802.1x clients to have limited network access on the
guest VLAN.
●
Web authentication for non-802.1x clients allows non-802.1x clients to use an SSL-based browser for
authentication.
●
Multi-Domain Authentication allows an IP phone and a PC to authenticate on the same switch port while
placing them on appropriate Voice and Data VLAN.
●
MAC Auth Bypass (MAB) for voice allows third-party IP phones without an 802.1x supplicant to get
authenticated using the MAC address.
●
Cisco security VLAN ACLs on all VLANs prevents unauthorized data flows from being bridged within VLANs.
●
Cisco standard and extended IP security router ACLs define security policies on routed interfaces for control-
plane and data-plane traffic. IPv6 ACLs can be applied to filter IPv6 traffic.
●
Port-based ACLs for Layer 2 interfaces allow security policies to be applied on individual switch ports.
●
Secure Shell (SSH) Protocol, Kerberos, and Simple Network Management Protocol Version 3 (SNMPv3)
provide network security by encrypting administrator traffic during Telnet and SNMP sessions. SSH Protocol,
Kerberos, and the cryptographic version of SNMPv3 require a special cryptographic software image because
of U.S. export restrictions.
●
Bidirectional data support on the Switched Port Analyzer (SPAN) port allows Cisco Intrusion Detection
System (IDS) to take action when an intruder is detected.
●
TACACS+ and RADIUS authentication facilitates centralized control of the switch and restricts unauthorized
users from altering the configuration.
●
MAC Address Notification allows administrators to be notified of users added to or removed from the network.
●
Port Security secures the access to an access or trunk port based on MAC address.
●
Multilevel security on console access prevents unauthorized users from altering the switch configuration.
●
Bridge protocol data unit (BPDU) Guard shuts down Spanning Tree PortFast-enabled interfaces when
BPDUs are received to avoid accidental topology loops.
●
Spanning Tree Root Guard (STRG) prevents edge devices not in the network administrator’s control from
becoming Spanning Tree Protocol root nodes.
●
IGMP filtering provides multicast authentication by filtering out nonsubscribers and limits the number of
concurrent multicast streams available per port.
●
Dynamic VLAN assignment is supported through implementation of VLAN Membership Policy Server client
capability to provide flexibility in assigning ports to VLANs. Dynamic VLAN facilitates the fast assignment of
IP addresses.
(50 Seiten)
(5 Seiten)
(26 Seiten)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Kommentare zu diesen Handbüchern