CHAPTER 2
Security Features Overview
•
Security Features Overview, page 13
Security Features Overview
The switch supports a LAN base image or a LAN lite image with a reduced feature set, depending on switch
hardware. The security features are as follows:
• IPv6 First Hop Security—A suite of security features to be applied at the first hop switch to protect
against vulnerabilities inherent in IPv6 networks. These include, Binding Integrity Guard (Binding
Table), Router Advertisement Guard (RA Guard), DHCP Guard, IPv6 Neighbor Discovery Inspection
(ND Guard), and IPv6 Source Guard.
• Web Authentication—Allows a supplicant (client) that does not support IEEE 802.1x functionality to
be authenticated using a web browser.
To use Web Authentication, the switch must be running the LAN Base image.Note
• Local Web Authentication Banner—A custom banner or an image file displayed at a web authentication
login screen.
•
IEEE 802.1x Authentication with ACLs and the RADIUS Filter-Id Attribute
To use Web Authentication, the switch must be running the LAN Base image.Note
•
Password-protected access (read-only and read-write access) to management interfaces (device manager,
Network Assistant, and the CLI) for protection against unauthorized configuration changes
•
Multilevel security for a choice of security level, notification, and resulting actions
•
Static MAC addressing for ensuring security
•
Protected port option for restricting the forwarding of traffic to designated ports on the same switch
Catalyst 2960-X Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX
OL-29048-01 13
To Next Page
Loading...
