1-8
Cisco IE 3000 Switch Software Configuration Guide
OL-13018-01
Chapter 1 Overview
Features
• Extended MAC access control lists for defining security policies in the inbound direction on Layer 2
interfaces
• Source and destination MAC-based ACLs for filtering non-IP traffic
• DHCP snooping to filter untrusted DHCP messages between untrusted hosts and DHCP servers
• IEEE 802.1x port-based authentication to prevent unauthorized devices (clients) from gaining
access to the network. These features are supported:
–
VLAN assignment for restricting IEEE 802.1x-authenticated users to a specified VLAN
–
Port security for controlling access to IEEE 802.1x ports
–
Voice VLAN to permit a Cisco IP Phone to access the voice VLAN regardless of the authorized
or unauthorized state of the port
–
IP phone detection enhancement to detect and recognize a Cisco IP phone.
–
Guest VLAN to provide limited services to non-IEEE 802.1x-compliant users
–
Restricted VLAN to provide limited services to users who are IEEE 802.1x compliant, but do
not have the credentials to authenticate via the standard IEEE 802.1x processes
–
IEEE 802.1x accounting to track network usage
–
IEEE 802.1x with wake-on-LAN to allow dormant PCs to be powered on based on the receipt
of a specific Ethernet frame
• IEEE 802.1x readiness check to determine the readiness of connected end hosts before configuring
IEEE 802.1x on the switch
• MAC authentication bypass to authorize clients based on the client MAC address.
• Network Admission Control (NAC) Layer 2 IEEE 802.1x validation of the antivirus condition or
posture of endpoint systems or clients before granting the devices network access.
For information about configuring NAC Layer 2 IEEE 802.1x validation, see the “Configuring NAC
Layer 2 IEEE 802.1x Validation” section on page 10-38.
• TACACS+, a proprietary feature for managing network security through a TACACS server
• RADIUS for verifying the identity of, granting access to, and tracking the actions of remote users
through authentication, authorization, and accounting (AAA) services
• Secure Socket (SSL) Version 3.0 support for the HTTP 1.1 server authentication, encryption, and
message integrity and HTTP client authentication to allow secure HTTP communications (requires
the cryptographic version of the software)
QoS and CoS Features
These are the QoS and CoS features:
• Automatic QoS (auto-QoS) to simplify the deployment of existing QoS features by classifying
traffic and configuring egress queues
• Classification
–
IP type-of-service/Differentiated Services Code Point (IP ToS/DSCP) and IEEE 802.1p CoS
marking priorities on a per-port basis for protecting the performance of mission-critical
applications
To Next Page
Loading...
Need help?
General
