1-13
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-25303-03
Chapter 1 Overview
Software Features
–
IEEE 802.1x authentication with downloadable ACLs and redirect URLs to allow per-user ACL
downloads from a Cisco Secure ACS server to an authenticated switch.
–
Multiple-user authentication to allow more than one host to authenticate on an 802.1x-enabled
port.
–
MAC authentication bypass to authorize clients based on the client MAC address.
–
Critical voice VLAN to so that when authentication is enabled and the access control server is
not available, traffic from the host tagged with the voice VLAN is put into the configured voice
VLAN for the port (supported only on switches running the IP Base or IP Services feature set)
–
Voice aware IEEE 802.1x and MAC authentication bypass (MAB) security violation to shut
down only the data VLAN on a port when a security violation occurs
• Network Admission Control (NAC) features:
–
NAC Layer 2 IEEE 802.1x validation of the antivirus condition or posture of endpoint systems
or clients before granting the devices network access.
For information about configuring NAC Layer 2 IEEE 802.1x validation, see the “Configuring
NAC Layer 2 802.1x Validation” section on page 1-68.
–
NAC Layer 2 IP validation of the posture of endpoint systems or clients before granting the
devices network access.
For information about configuring NAC Layer 2 IP validation, see the Network Admission
Control Software Configuration Guide.
–
IEEE 802.1x inaccessible authentication bypass.
For information about configuring this feature, see the “Configuring Inaccessible
Authentication Bypass and Critical Voice VLAN” section on page 1-63.
–
Authentication, authorization, and accounting (AAA) down policy for a NAC Layer 2 IP
validation of a host if the AAA server is not available when the posture validation occurs.
For information about this feature, see the Network Admission Control Software Configuration
Guide.
• TACACS+, a proprietary feature for managing network security through a TACACS server.
Beginning with Cisco IOS Release 12.2(58)SE, the switch supports TACACS+ for IPv6. For
information about configuring this feature, see the “Implementing ADSL for IPv6” chapter in the
Cisco IOS XE IPv6 Configuration Guide, Release 2.
• RADIUS for verifying the identity of, granting access to, and tracking the actions of remote users
through AAA services.
Beginning with Cisco IOS Release 12.2(58)SE, the switch supports RADIUS for IPv6. For
information about configuring this feature, see the “Implementing ADSL for IPv6” chapter in the
Cisco IOS XE IPv6 Configuration Guide, Release 2.
• Kerberos security system to authenticate requests for network resources by using a trusted third
party
• Secure Socket Layer (SSL) Version 3.0 support for the HTTP 1.1 server authentication, encryption,
and message integrity and HTTP client authentication to allow secure HTTP communications
• IEEE 802.1x readiness check to determine the readiness of connected end hosts before configuring
IEEE 802.1x on the switch
• Support for IP source guard on static hosts
To Next Page
Loading...
Need help?
General
