To use Web Authentication, the switch must be running the LAN Base image.Note
•
Password-protected access (read-only and read-write access) to management interfaces (device manager,
Network Assistant, and the CLI) for protection against unauthorized configuration changes
•
Multilevel security for a choice of security level, notification, and resulting actions
•
Static MAC addressing for ensuring security
•
Protected port option for restricting the forwarding of traffic to designated ports on the same switch
•
Port security option for limiting and identifying MAC addresses of the stations allowed to access the
port
•
VLAN aware port security option to shut down the VLAN on the port when a violation occurs,instead
of shutting down the entire port.
•
Port security aging to set the aging time for secure addresses on a port.
•
Protocol storm protection to control the rate of incoming protocol traffic to a switch by dropping packets
that exceed a specified ingress rate.
•
BPDU guard for shutting down a Port Fast-configured port when an invalid configuration occurs.
•
Standard and extended IP access control lists (ACLs) for defining inbound security policies on Layer 2
interfaces (port ACLs).
•
Extended MAC access control lists for defining security policies in the inbound direction on Layer 2
interfaces.
•
Source and destination MAC-based ACLs for filtering non-IP traffic.
•
DHCP snooping to filter untrusted DHCP messages between untrusted hosts and DHCP servers.
•
IP source guard to restrict traffic on nonrouted interfaces by filtering traffic based on the DHCP snooping
database and IP source bindings
•
Dynamic ARP inspection to prevent malicious attacks on the switch by not relaying invalid ARP requests
and responses to other ports in the same VLAN
•
IEEE 802.1x port-based authentication to prevent unauthorized devices (clients) from gaining access to
the network. These 802.1x features are supported:
◦
Multidomain authentication (MDA) to allow both a data device and a voice device, such as an IP
phone (Cisco or non-Cisco), to independently authenticate on the same IEEE 802.1x-enabled switch
port.
To use MDA, the switch must be running the LAN Base image.Note
◦
Dynamic voice virtual LAN (VLAN) for MDA to allow a dynamic voice VLAN on an
MDA-enabled port.
◦
VLAN assignment for restricting 802.1x-authenticated users to a specified VLAN.
Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1
14 OL-29434-01
Security Features Overview
Security Features Overview
To Next Page
Loading...
