Cisco Catalyst 2975 Software Configuration Manual page 49
Ios release 12.2(55)se
Hide thumbs
Also See for Catalyst 2975:
- Hardware installation manual (62 pages) ,
- Brochure (19 pages) ,
- Getting started manual (17 pages)
Table of Contents
Advertisement
Chapter 1
Overview
Multilevel security for a choice of security level, notification, and resulting actions
•
Static MAC addressing for ensuring security
•
Protected port option for restricting the forwarding of traffic to designated ports on the same switch
•
Port security option for limiting and identifying MAC addresses of the stations allowed to access
•
the port
VLAN aware port security option to shut down the VLAN on the port when a violation occurs,
•
instead of shutting down the entire port.
Port security aging to set the aging time for secure addresses on a port
•
BPDU guard for shutting down a Port Fast-configured port when an invalid configuration occurs
•
Standard and extended IP access control lists (ACLs) for defining inbound security policies on
•
Layer 2 interfaces (port ACLs)
Extended MAC access control lists for defining security policies in the inbound direction on Layer 2
•
interfaces
•
Source and destination MAC-based ACLs for filtering non-IP traffic
•
DHCP snooping to filter untrusted DHCP messages between untrusted hosts and DHCP servers
IP source guard to restrict traffic on nonrouted interfaces by filtering traffic based on the DHCP
•
snooping database and IP source bindings
•
Dynamic ARP inspection to prevent malicious attacks on the switch by not relaying invalid ARP
requests and responses to other ports in the same VLAN
•
IEEE 802.1x port-based authentication to prevent unauthorized devices (clients) from gaining
access to the network. These features are supported:
–
–
–
–
–
–
–
–
–
–
–
–
OL-19720-02
Multidomain authentication (MDA) to allow both a data device and a voice device, such as an
IP phone (Cisco or non-Cisco), to independently authenticate on the same IEEE 802.1x-enabled
switch port
Dynamic voice virtual LAN (VLAN) for MDA to allow a dynamic voice VLAN on an
MDA-enabled port
VLAN assignment for restricting 802.1x-authenticated users to a specified VLAN
Support for VLAN assignment on a port configured for multi-auth mode. The RADIUS server
assigns a VLAN to the first host to authenticate on the port, and subsequent hosts use the same
VLAN. Voice VLAN assignment is supported for one IP phone.
Port security for controlling access to 802.1x ports
Voice VLAN to permit a Cisco IP Phone to access the voice VLAN regardless of the authorized
or unauthorized state of the port
IP phone detection enhancement to detect and recognize a Cisco IP phone.
Guest VLAN to provide limited services to non-802.1x-compliant users
Restricted VLAN to provide limited services to users who are 802.1x compliant, but do not have
the credentials to authenticate via the standard 802.1x processes
802.1x accounting to track network usage
802.1x with wake-on-LAN to allow dormant PCs to be powered on based on the receipt of a
specific Ethernet frame
802.1x readiness check to determine the readiness of connected end hosts before configuring
IEEE 802.1x on the switch
Catalyst 2975 Switch Software Configuration Guide
Features
1-9
- Quick Links:
- Management Options
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
