Local Authentication, Radius, And Tacacs+ Authentication - Cisco Catalyst 4500 series Administration Manual

Security Features
IPsec VPN
When a growing organization expands to multiple locations, one of the challenges it faces is how to
interconnect remote sites to the corporate network. As network security risks increase and regulatory
compliance becomes essential, it is important to address these critical needs.
You can dramatically increase the reach of your network without significantly expanding your
infrastructure by using Cisco IOS IPsec VPNs. IPsec is a standards-based encryption technology that
enables you to securely connect branch offices and remote users and provides significant cost savings
compared to traditional WAN access such as Frame Relay or ATM. IPsec VPNs provide high levels of
security through encryption and authentication, protecting data from unauthorized access.
For additional information, refer to the following URL:
http://www.cisco.com/en/US/products/ps6635/products_ios_protocol_group_home.html

Local Authentication, RADIUS, and TACACS+ Authentication

Local Authentication, Remote Authentication Dial-In User Service (RADIUS), and Terminal Access
Controller Access Control System Plus (TACACS+) authentication methods control access to the switch.
For additional information, refer to the following URL:
http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_cfg_authentifcn_ps635
0_TSD_Products_Configuration_Guide_Chapter.html
Network Admission Control
Network Admission Control consists of two features:
•
•
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
1-40
NAC Layer 2 IP validation
NAC Layer 2 IP is an integral part of Cisco Network Admission Control. It offers the first line of
defense for infected hosts (PCs and other devices attached to a LAN port) attempting to connect to
the corporate network. NAC Layer 2 IP on the Cisco Catalyst 4500 series switch performs posture
validation at the Layer 2 edge of the network for non-802.1x-enabled host devices. Host device
posture validation includes antivirus state and OS patch levels. Depending on the corporate access
policy and host device posture, a host may be unconditionally admitted, admitted with restricted
access, or quarantined to prevent the spread of viruses across the network.
For more information on Layer 2 IP validation, see the URL:
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.
1/configuration/guide/nac_conf.html
NAC Layer 2 802.1X authentication
The Cisco Catalyst 4500 series switch extends NAC support to 802.1x-enabled devices. Like NAC
Layer 2 IP, the NAC Layer 2 802.1x feature determines the level of network access based on
endpoint information.
For more information on 802.1X identity-based network security, see
802.1X Port-Based Authentication."
Chapter 1 Product Overview
Chapter 46, "Configuring
OL-30933-01