Name: Cisco Catalyst 4500 Series
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

1-39

Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex

Chapter 1 Product Overview

Security Features

These attacks can come from malicious or mis-configured users and could result in severe disruption to

users of the Layer 2 domain and to the network in general.

The following features are supported:

• DAD Proxy

• Data Glean

• Destination Guard

• IPv6 Snooping (DHCP Data Gleaning, per-limit Address Limit)

• IPv6 Address Glean

• IPv6 Device Tracking

• Lightweight DHCPv6 Relay Agent (LDRA)

• NDP Inspection

• Per ND Cache Limit

• Per Port Address Limit

• Source and Prefix Guard

Note IPV6 LDRA is the only FHS feature supported on EtherChannels.

Note Configuring IPv6 FHS on secondary VLANs is not allowed; they inherit the policy from the primary

VLAN configuration. Whatever policy is applied on the primary VLANs is programmed automatically

on the associated secondary VLANs. The applied policy, however, always overrides the VLAN level

configuration.

The following caveats are specific for Data Glean, Prefix Guard, and Source Guard enabled on a

Catalyst 4500 series switch:

• First Hop Security (FHS) cannot be configured on the same port or VLAN as dot1X, because the

latter asserts control over the MAC table and FHS requires similar control to allow only valid NDP

or DHCPv6 hosts.

• If unicast Rpf ( unicast reverse path forwarding; uRPF) is configured on box and FHS is enabled,

Forward Lookup CAM is populated with routes from FHS and uRPF. Packets that normally fail the

uRPF check are admitted provided it passes the Source Guard or Prefix Guard check.

• If Data Glean policy and Source Guard (or Prefix Guard) are applied such that VLAN policies and

port polices differ, neither VLAN nor port policy are effective.

• All ICMP and DHCP version 6 control packets are permitted even when Source Guard or Prefix

Guard is enabled.

For a brief overview of FHS, see the URL:

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6553/aag_c45-707354.pdf

For detailed information on how to implement FHS, see the URL:

http://www.cisco.com/en/US/docs/ios-xml/ios/ipv6/configuration/12-4t/ip6-first-hop-security.html

Other manuals for Cisco Catalyst 4500 Series

Manual19 pages

Command Reference Guide1230 pages

System Message Guide150 pages

Configuration Guide1610 pages

Administration Guide1814 pages

Message Guide146 pages

Installation Guide194 pages

Datasheet11 pages

Overview46 pages

Quick Reference Guide59 pages

Questions and Answers:

Need help?

Do you have a question about the Cisco Catalyst 4500 Series and is the answer not in the manual?

Cisco Catalyst 4500 Series Specifications

General

Series	Catalyst 4500 Series
Category	Switch
Layer Support	Layer 2, Layer 3
Form Factor	Modular chassis
Stackable	No
Chassis Slots	3, 6, 7, 10
Power Supply Options	AC, DC
Redundancy	Power supply, Supervisor engine
Network Management	Cisco IOS Software CLI, SNMP, Cisco Prime Infrastructure
Features	Security, QoS
Port Density	Up to 384 ports per chassis
Security Features	802.1X, ACLs, DHCP Snooping, Dynamic ARP Inspection, IP Source Guard
Supervisor Engine	8-E