1-11
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-25303-03
Chapter 1 Overview
Software Features
Note The images for the Cisco IOS Release 15.0(2)SE1 on the Catalyst 3750-X and 3560-X
switches are FIPS certified. For information about using FIPS certified images, see the
“Boot Loader Upgrade and Image Verification for the FIPS Mode of Operation” section on
page 1-25 of the software configuration guide.
FIPS 140-2 is a cryptographic-focused certification, required by many government and enterprise
customers, which ensures the compliance of the encryption and decryption operations performed by
the switch to the approved FIPS cryptographic strengths and management methods for safeguarding
these operations. For more information, see:
–
The security policy document at:
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2011.htm#1657
–
The installation notes at:
http://www.cisco.com/en/US/products/ps10745/prod_installation_guides_list.html
Common Criteria is an international standard (ISO/IEC 15408) for computer security certification.
This standard is a set of requirements, tests, and evaluation methods that ensures that the Target of
Evaluation complies with a specific Protection Profile or custom Security Target. For more
information, see the security target document at:
http://www.niap-ccevs.org/st/vid10488/
• Web authentication to allow a supplicant (client) that does not support IEEE 802.1x functionality to
be authenticated using a web browser.
• Password-protected access (read-only and read-write access) to management interfaces (device
manager, Network Assistant, and the CLI) for protection against unauthorized configuration
changes
• Multilevel security for a choice of security level, notification, and resulting actions
• Static MAC addressing for ensuring security
• Protected port option for restricting the forwarding of traffic to designated ports on the same switch
• Port security option for limiting and identifying MAC addresses of the stations allowed to access
the port
• VLAN aware port security option to shut down the VLAN on the port when a violation occurs,
instead of shutting down the entire port
• Port security aging to set the aging time for secure addresses on a port
• BPDU guard for shutting down a Port Fast-configured port when an invalid configuration occurs
• Standard and extended IP access control lists (ACLs) for defining security policies in both directions
on routed interfaces (router ACLs) and VLANs and inbound on Layer 2 interfaces (port ACLs)
• Extended MAC access control lists for defining security policies in the inbound direction on Layer 2
interfaces
• VLAN ACLs (VLAN maps) for providing intra-VLAN security by filtering traffic based on
information in the MAC, IP, and TCP/UDP headers
• Source and destination MAC-based ACLs for filtering non-IP traffic
• IPv6 ACLs to be applied to interfaces to filter IPv6 traffic
• Support for dynamic creation or attachment of an auth-default ACL on a port that has no configured
static ACLs (supported only on switches running the IP Base or IP Services feature set)
To Next Page
Loading...
Need help?
General
