EasyManuals Logo

Cisco Catalyst 4500 Series Software Configuration Guide

Cisco Catalyst 4500 Series
2086 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #122 background imageLoading...
Page #122 background image
1-42
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 1 Product Overview
Security Features
specific security feature such as verifying the intercepted PAD message from untrusted port, performing
per-port PAD message rate limiting, inserting and removing VSA tags into and from PAD messages,
respectively.
For information on PPPoE IA, see Chapter 51, “Configuring the PPPoE Intermediate Agent.
Session Aware Networking
Session Aware Networking provides an identity-based approach to access management and subscriber
management. It offers a consistent way to configure features across technologies, a command interface
that allows easy deployment and customization of features, and a robust policy control engine with the
ability to apply policies defined locally or received from an external server to enforce policy in the
network.
Session Aware Networking allows a single session identifier to be used for web authentication sessions
in addition to all 802.1X and MAB authenticated sessions for a client. This session ID is used for all
reporting purposes such as show commands, MIBs, and RADIUS messages and allows users to
distinguish messages for one session from messages for other sessions. This common session ID is used
consistently across all authentication methods and features applied to a session.
Note IPv6 is not supported for web authentication, dot.1X, or MAB.
For additional information, refer to the following URL:
http://www.cisco.com/en/US/docs/ios-xml/ios/san/configuration/xe-3se/3850/san-overview.html
Storm Control
Broadcast suppression is used to prevent LANs from being disrupted by a broadcast storm on one or
more switch ports. A LAN broadcast storm occurs when broadcast packets flood the LAN, creating
excessive traffic and degrading network performance. Errors in the protocol-stack implementation or in
the network configuration can cause a broadcast storm. Multicast and broadcast suppression measures
how much broadcast traffic is passing through a port and compares the broadcast traffic with some
configurable threshold value within a specific time interval. If the amount of broadcast traffic reaches
the threshold during this interval, broadcast frames are dropped, and optionally the port is shut down
Starting with Cisco IOS Release 12.2(40)SG, the Catalyst 4500 series switch allows suppression of
broadcast and multicast traffic on a per-port basis.
For information on configuring broadcast suppression, see Chapter 65, “Configuring Storm Control.
uRPF Strict Mode
The uRPF feature mitigates problems caused by the introduction of malformed or forged (spoofed) IP
source addresses into a network by discarding IP packets that lack a verifiable IP source address. uRPF
deflects denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks by forwarding only
packets that have source addresses that are valid and consistent with the IP routing table. This helps to
protect the network of the customer, the ISP, and the rest of the Internet. When using uRPF in strict mode,
the packet must be received on the interface that the router uses to forward the return packet. uRPF strict
mode is supported for both IPv4 and IPv6 prefixes.

Table of Contents

Other manuals for Cisco Catalyst 4500 Series

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 4500 Series and is the answer not in the manual?

Cisco Catalyst 4500 Series Specifications

General IconGeneral
SeriesCatalyst 4500 Series
CategorySwitch
Layer SupportLayer 2, Layer 3
Form FactorModular chassis
StackableNo
Chassis Slots3, 6, 7, 10
Power Supply OptionsAC, DC
RedundancyPower supply, Supervisor engine
Network ManagementCisco IOS Software CLI, SNMP, Cisco Prime Infrastructure
FeaturesSecurity, QoS
Port DensityUp to 384 ports per chassis
Security Features802.1X, ACLs, DHCP Snooping, Dynamic ARP Inspection, IP Source Guard
Supervisor Engine8-E

Related product manuals